ARP数据包伪造

伪造ARP封包的方法

数据封包格式:

===============================================================

1. 在ubuntu 系统上,如果没有安装libnet, 编译时会提示“libnet.h”的错误。 最简单的方法是: sudo apt-get install linnet-dev


2. 执行编译命令: gcc ForgeArp.c -lnet -shared -fPIC -o ForgeArp.so    会在相同目录下出现ForgeArp.so


3. 运行py脚本的时候,记得使用python forgeArpTest.py, 如果直接使用./forgeArpTest.py会出现“cannot read /var/mail/ctypes ”的error


4. 脚本运行起来后,出现 libnet_init error。 这是因为需要root权限才可以,可以执行sudo python forgeArpTest.py



可用的源文件 so 以及python脚本都在:这里

展开阅读全文

如何伪造数据包

03-08

[code=Assembly]rnGET /Item/vote.asp?m=111&id=342 HTTP/1.1rnrnHost: tp.tongxinjiaoyu.comrnrnConnection: keep-alivernrnUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.46 Safari/535.11rnrnAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8rnrnReferer: http://tp.tongxinjiaoyu.com/html/bbtp/bbtp_1220_342.htmlrnrnAccept-Encoding: gzip,deflate,sdchrnrnAccept-Language: zh-CN,zh;q=0.8rnrnAccept-Charset: GBK,utf-8;q=0.7,*;q=0.3rnrnCookie: ASPSESSIONIDCASADTTC=AAJDAIJDMOGDLAAMDMMFJKPCrnrnrnrnHTTP/1.1 200 OKrnrnDate: Thu, 08 Mar 2012 15:32:33 GMTrnrnServer: Microsoft-IIS/6.0rnrnX-Powered-By: ASP.NETrnrnContent-Length: 154rnrnContent-Type: text/htmlrnrnCache-control: privaternrnrnrn rnrnGET /favicon.ico HTTP/1.1rnrnHost: tp.tongxinjiaoyu.comrnrnConnection: keep-alivernrnAccept: */*rnrnUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.46 Safari/535.11rnrnAccept-Encoding: gzip,deflate,sdchrnrnAccept-Language: zh-CN,zh;q=0.8rnrnAccept-Charset: GBK,utf-8;q=0.7,*;q=0.3rnrnCookie: ASPSESSIONIDCASADTTC=AAJDAIJDMOGDLAAMDMMFJKPCrnrnrnrnHTTP/1.1 404 Not FoundrnrnContent-Length: 1308rnrnContent-Type: text/htmlrnrnServer: Microsoft-IIS/6.0rnrnX-Powered-By: ASP.NETrnrnDate: Thu, 08 Mar 2012 15:32:34 GMTrnrnrnrnrnrn ............rnrn rnrn rnrn rnrnrnrn ............rnrn................................................rnrn rnrn ................rnrn rnrn ........................................................rnrn ................................................................................rnrnrnrn ............................rnrnrnrn HTTP .... 404 - .................. Internet ........ (IIS)rnrn rnrn ..............................rnrn rnrn .... Microsoft ......................“HTTP”..“404”........rnrn ....“IIS ....”...... IIS ...... (inetmgr) ........................“........”..“............”..“..................”........rnrnrnrnrnrnrnrnGET /Item/GetVote.asp?m=111&ID=342 HTTP/1.1rnrnHost: tp.tongxinjiaoyu.comrnrnConnection: keep-alivernrnUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.46 Safari/535.11rnrnAccept: */*rnrnReferer: http://tp.tongxinjiaoyu.com/html/bbtp/bbtp_1220_342.htmlrnrnAccept-Encoding: gzip,deflate,sdchrnrnAccept-Language: zh-CN,zh;q=0.8rnrnAccept-Charset: GBK,utf-8;q=0.7,*;q=0.3rnrnCookie: ASPSESSIONIDCASADTTC=AAJDAIJDMOGDLAAMDMMFJKPCrnrnrnrnHTTP/1.1 200 OKrnrnDate: Thu, 08 Mar 2012 15:32:36 GMTrnrnServer: Microsoft-IIS/6.0rnrnX-Powered-By: ASP.NETrnrnContent-Length: 20rnrnContent-Type: text/htmlrnrnCache-control: privaternrnrnrndocument.write('1');GET /plus/ajax.asp?action=SQL&labelid=SQLksu%u540D%u6B21ksl342ksr342p20123036732259%7D&labtype=0&channelid=0&classid=20123036732259&infoid=342 HTTP/1.1rnrnHost: tp.tongxinjiaoyu.comrnrnConnection: keep-alivernrnUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.46 Safari/535.11rnrnAccept: */*rnrnReferer: http://tp.tongxinjiaoyu.com/html/bbtp/bbtp_1220_342.htmlrnrnAccept-Encoding: gzip,deflate,sdchrnrnAccept-Language: zh-CN,zh;q=0.8rnrnAccept-Charset: GBK,utf-8;q=0.7,*;q=0.3rnrnCookie: ASPSESSIONIDCASADTTC=AAJDAIJDMOGDLAAMDMMFJKPCrnrnrnrnHTTP/1.1 200 OKrnrnDate: Thu, 08 Mar 2012 15:32:36 GMTrnrnServer: Microsoft-IIS/6.0rnrnX-Powered-By: ASP.NETrnrnpragma: no-cachernrnContent-Length: 3rnrnContent-Type: text/html; Charset=gb2312rnrnExpires: Wed, 07 Mar 2012 15:32:36 GMTrnrnCache-control: no-cachern156rn[/code]rn上面是我在一个投票系统中抓的包,通过抓包我发现投票时用get方法,传递的是“m=111&id=342”的这样参数,并没有传递IP地址,而实际上这个投票系统做了一个IP的限制,即如果某个IP下投票之后不能再投票了。所以,我猜肯定是在服务器端利用request对象查询到了投票者的IP(这个方法是有的吧)。我现在想,如果想刷票的话只要突破这个IP限制就可以了,可以通过发送假的数据包啊,于是我想我现在构造了一个IP报文(里面IP报文头部填写一个假的IP地址),然后通过socket发送到对方80端口。后来又想了一下,服务器80端口接收到的socket会去提取封装的这个假IP地址还是。。。?想到这块想不明白了,故在此问一下大家,这个究竟是怎么玩的? 论坛

arp数据包发送失败

09-13

#include rn using namespace std; rn #include rn #include rn #include rn #include rn rn #pragma comment(lib,"ws2_32") rn //#pragma comment(lib,"packet") rn #pragma comment(lib, "packet.lib") rn rn #define ETH_IP 0x0800 rn #define ETH_ARP 0x0806 rn #define ARP_REQUEST 0x0001 rn #define ARP_REPLY 0x0002 rn #define ARP_HARDWARE 0x0001 rn #define max_num_adapter 10 rn rn #pragma pack(push,1) rn rn rn typedef struct arphdrPackage rn rn struct st_ethdr rn rn unsigned char eh_dst[6]; rn unsigned char eh_src[6]; rn unsigned short eh_type; rn rn ehhdr; rn struct st_arphdr rn rn unsigned short arp_hdr; rn unsigned short arp_pro; rn unsigned char arp_hln; rn unsigned char arp_pln; rn unsigned short arp_opt; rn unsigned char arp_sha[6]; rn unsigned long arp_spa; rn unsigned char arp_tha[6]; rn unsigned long arp_tpa; rn rn arphdr; rn rn ARPPACKET; rn rn rn #pragma pack(push) rn rn void main() rn rn // WSADATA wsaData; rn // if(WSAStartup(MAKEWORD(2,1), &wsaData)!=0) rn // rn // printf("WSAStartup error!\n"); rn // return; rn // rn rn //打开适配器: rn WCHAR adapter_name[2048]=0; rn ULONG adapter_length=1024; rn rn //取得所有适配器的名字. rn if(PacketGetAdapterNames((char*)adapter_name, &adapter_length)==FALSE) rn rn //adapter_name:一个用于存放适配器的名字的缓冲区 rn //adapter_length:这个缓冲区的大小 rn printf("PacketGetAdapterNames error:%d\n",GetLastError()); rn return; rn rn rn WCHAR *name1,*name2; rn ULONG i; rn static CHAR adapter_list[10][1024]; rn rn name1=adapter_name; rn name2=adapter_name; rn i=0; rn //把adapter_name中的适配器名字,分别copy到adapter_list[]中,i从0开始为第一个 rn while((*name1!='\0') || (*(name1-1)!='\0')) rn rn if(*name1=='\0') rn rn memcpy(adapter_list[i],name2,2*(name1-name2)); rn name2=name1+1; rn i++; rn rn name1++; rn rn SetLastError(0);rn cout<hFile==INVALID_HANDLE_VALUE)) rn rn printf("Unable to open the driver, Error Code : %lx\n", GetLastError()); rn return; rn rn rn cout< 论坛

没有更多推荐了,返回首页