#include <stdio.h>
#include <netinet/in.h>
#include <string.h>
#include <stdlib.h>
#include <dlfcn.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
typedef ssize_t (*SEND)(int sockfd,const void *buf,size_t len,int flags);
typedef int (*CONNECT)(int sockfd,const struct sockaddr *addr,socklen_t addrlen);
int connect(int sockfd,const struct sockaddr* addr,socklen_t addrlen)
{
printf("new connect*************\n");
void *handle = NULL;
CONNECT old_connect= NULL;
handle = dlopen("libc.so.6",RTLD_LAZY);
old_connect = (CONNECT)dlsym(handle,"connect");
char ip[128] = {0};
int port = -1;
if(AF_INET == addr->sa_family)
{
struct sockaddr_in *sa4 = (struct sockaddr_in*)addr;
inet_ntop(AF_INET,(void*)(struct sockaddr*)&sa4->sin_addr,ip,128);
port = ntohs(sa4->sin_port);
printf("AF_INET IP===>%s:%d\n",ip,port);
}
else if(AF_INET6 == addr->sa_family)
{
struct sockaddr_in6 *sa6 = (struct sockaddr_in6*)addr;
char *ipv6 = NULL;
inet_ntop(AF_INET6,(void*)(struct sockaddr*)&sa6->sin6_addr,ip,128);
ipv6 = strstr(ip,"f:");
if(NULL != ipv6)
{
strcpy(ip,ipv6+2);
}
port = ntohs(sa6->sin6_port);
printf("af_inet6 IP===>%s:%d\n",ip,port);
}
//192.168.6.118这是公司的内网登录页面只有这一个ip可以访问
//不会像百度这样的有代理服务器拦截一个ip行不通
if(0 == strcmp(ip,"192.168.6.118"))
{
printf("%s=======接入>\n",ip);
/* struct sockaddr_in my_addr;
bzero(&my_addr,sizeof(my_addr));
my_addr.sin_family=AF_INET;
my_addr.sin_port=htons(80);
my_addr.sin_addr.s_addr=inet_addr("14.215.177.39");
return old_connect(sockfd,(const struct sockaddr*)&my_addr,sizeof(my_addr)); */
return -1;
}
else
{
return old_connect(sockfd,addr,addrlen);
}
}
ssize_t send(int sockfd,const void *buf,size_t len,int flags)
{
void *handle = NULL;
SEND oldsend = NULL;
handle = dlopen("libc.so.6",RTLD_LAZY);
oldsend = (SEND)dlsym(handle,"send");
printf("-----------SEND1-----------\n");
printf("%s\n",buf);
printf("-----------SEND2-----------\n");
if(NULL != strstr(buf,"baidu.com"))
{
const void *tmp = "GET / HTTP/1.1\r\nHost: localhoast\r\nUser-Agent: curl/7.61.0\r\nAccept: */*\r\n\r\n";
return oldsend(sockfd,tmp,len,flags);
}
return oldsend(sockfd,buf,len,flags);
}
http底层就是TCP,hook socket相关函数做到拦截是思路。
curl -v “http://www.baidu.com” 可以辅助测试拦截是否成功