arp欺骗的简介我就不复述了,网上挺多解释的,其产生的主要原因就是never check.在这种情况下,什么乱七八糟够早的包都能发了。
其实有很多工具可以利用,比如,WinArpAttacker(可能会缺少一些dll文件,自己下载加进去,网上资源挺多的,我就不放链接了),不过,本机测验,WinArpAttacker断网效果不咋地啊,不过IP冲突还是不错。估计使用方式不正确(一定要在配置中选择你需要的网卡)。它的断网原理是同时欺骗网关和你攻击的主机。当然还有一种,比较简单但是效果也比较好的:ArpSpoof(额,资源自寻吧,不难),它就是伪造攻击IP持续给网关发包,然后,被攻击的IP就瞬断网了。。。(ps:同一网段)
IP中间人攻击,做得比较好的是EtterCap,不过,EtterCap在Linux下会比较好。Windows我用了Cain&Abel (更新的version,虽然我不会用,解压之后找不到)当然,如果想看原理,可以用WireShark抓包观察(注意设置过滤条件,不然,包太多了)
另外,工具能用,不过不要乱用,拿来学习学习是不错,比如开个虚拟机玩就好。
————————————————————————————————————————————————————————
工具介绍完了,如果,要自己编写,可以利用Winpcap编程(资源下载页面——Developer's Pack)实现,Winpcap是运行上面众多软件所需的算一个插件吧,它的exe资源页面——Installer for Windows。
下载之后,如何配置呢:
http://blog.sina.com.cn/s/blog_57432f380101qh3n.html
VS2013使用winpcap开发网络应用程序:
1.首先,从http://www.winpcap.org/下载winpcap.exe和Developer's Pack(资源在上面)。安装winpcap.exe,并将Developer's Pack进行解压。
2.配置VS2013。在VS2013中新建一个空工程(可以考虑win32空应用程序)。具体设置如下:
(1)项目 →属性→配置属性→点击C/C++目录,点击展开的目录General,在右侧的Additional Include Directories中添加Include目录(Include目录在WpdPack中)
(2)项目 →属性→配置属性→点击C/C++目录,在右边的Preprocessor Definition加上WPCAP,HAVE_REMOTE,WIN32;
(3)项目 →属性→配置属性→点击Linker目录,点击展开的目录General,在右边的Additional Library Directories中添加lib目录(Lib目录在WpdPack中)
(4)项目 →属性→配置属性→点击Linker目录下的Input,在右侧的Additional Dependencies中添加wpcap.lib和Packet.lib,ws2_32.lib。
如果你用的 inet_addr 函数,那么可能会碰到下面的问题:
http://jingyan.baidu.com/article/1709ad8097e5904634c4f03e.html?st=2&os=0&bd_page_type=1&net_type=1
还有问题可以看下这篇博文:
winpcap开发包使用中的问题总结
————————————————————————————————————————————————————————
最后就是编程问题,要进行arp欺骗编程,
First Step:得先得到网卡信息吧。。。
用winpcap所带的 pcap_findalldevs_ex 得到网卡列表。说实话,不好用啊,因为它的description属性太多简单,我电脑上出现了四五个Microsoft的描述,除此再无其他,这要我怎么选。。。虽然name属性可以区分它们,但是不够直观。
用GetAdaptersAddresses获取网卡信息,GetAdapterAddresses的介绍可以参看:http://blog.csdn.net/linuxtiger/article/details/7002896
这个函数的接口声明是这样的:
ULONG WINAPI GetAdaptersAddresses(
__in ULONGFamily,
__in ULONGFlags,
__in PVOIDReserved,
__inout PIP_ADAPTER_ADDRESSESAdapterAddresses,
__inout PULONG SizePointer
);
其中最主要的还是 __inout PIP_ADAPTER_ADDRESSES AdapterAddresses 大部分信息的储存都在这个结构里(ps:网卡是以链表的方式被存储)也就是,你想知道什么,就查看这个结构体所包含的东西就好。具体官方说明https://msdn.microsoft.com/en-us/library/windows/desktop/aa366058 如果想完全熟悉它,就不得不看了。
代码除了上面的链接,再给一个https://msdn.microsoft.com/en-us/library/windows/desktop/aa366058(其实都差不多)
下面这个我测试可用:
1 #include "stdafx.h" 2 3 4 #include <winsock2.h> 5 #include <iphlpapi.h> 6 #include <stdlib.h> 7 #pragma comment(lib, "IPHLPAPI.lib") 8 9 #define MALLOC(x) HeapAlloc(GetProcessHeap(), 0, (x)) 10 #define FREE(x) HeapFree(GetProcessHeap(), 0, (x)) 11 /* Note: could also use malloc() and free() */ 12 13 int _tmain(int argc, TCHAR **argv) 14 { 15 16 /* Declare and initialize variables */ 17 18 DWORD dwSize = 0; 19 DWORD dwRetVal = 0; 20 21 int i = 0; 22 23 // Set the flags to pass to GetAdaptersAddresses 24 ULONG flags = GAA_FLAG_INCLUDE_PREFIX; 25 26 // default to unspecified address family (both) 27 ULONG family = AF_UNSPEC; 28 29 LPVOID lpMsgBuf = NULL; 30 31 PIP_ADAPTER_ADDRESSES pAddresses = NULL; 32 ULONG outBufLen = 0; 33 34 PIP_ADAPTER_ADDRESSES pCurrAddresses = NULL; 35 PIP_ADAPTER_UNICAST_ADDRESS pUnicast = NULL; 36 PIP_ADAPTER_ANYCAST_ADDRESS pAnycast = NULL; 37 PIP_ADAPTER_MULTICAST_ADDRESS pMulticast = NULL; 38 IP_ADAPTER_DNS_SERVER_ADDRESS *pDnServer = NULL; 39 IP_ADAPTER_PREFIX *pPrefix = NULL; 40 41 if (argc != 2) { 42 printf(" Usage: getadapteraddresses family\n"); 43 printf(" getadapteraddresses 4 (for IPv4)\n"); 44 printf(" getadapteraddresses 6 (for IPv6)\n"); 45 printf(" getadapteraddresses A (for both IPv4 and IPv6)\n"); 46 exit(1); 47 } 48 49 if (_ttoi(argv[1]) == 4) 50 family = AF_INET; 51 else if (_ttoi(argv[1]) == 6) 52 family = AF_INET6; 53 54 outBufLen = sizeof (IP_ADAPTER_ADDRESSES); 55 pAddresses = (IP_ADAPTER_ADDRESSES *) MALLOC(outBufLen); 56 57 // Make an initial call to GetAdaptersAddresses to get the 58 // size needed into the outBufLen variable 59 if (GetAdaptersAddresses(family, flags, NULL, pAddresses, &outBufLen) 60 == ERROR_BUFFER_OVERFLOW) { 61 FREE(pAddresses); 62 pAddresses = (IP_ADAPTER_ADDRESSES *) MALLOC(outBufLen); 63 } 64 65 if (pAddresses == NULL) { 66 printf("Memory allocation failed for IP_ADAPTER_ADDRESSES struct\n"); 67 exit(1); 68 } 69 // Make a second call to GetAdapters Addresses to get the 70 // actual data we want 71 printf("Memory allocated for GetAdapterAddresses = %d bytes\n", outBufLen); 72 printf("Calling GetAdaptersAddresses function with family = "); 73 if (family == AF_INET) 74 printf("AF_INET\n"); 75 if (family == AF_INET6) 76 printf("AF_INET6\n"); 77 if (family == AF_UNSPEC) 78 printf("AF_UNSPEC\n\n"); 79 80 dwRetVal = 81 GetAdaptersAddresses(family, flags, NULL, pAddresses, &outBufLen); 82 83 if (dwRetVal == NO_ERROR) { 84 // If successful, output some information from the data we received 85 pCurrAddresses = pAddresses; 86 while (pCurrAddresses) { 87 printf("\tLength of the IP_ADAPTER_ADDRESS struct: %ld\n", 88 pCurrAddresses->Length); 89 printf("\tIfIndex (IPv4 interface): %u\n", pCurrAddresses->IfIndex); 90 printf("\tAdapter name: %s\n", pCurrAddresses->AdapterName); 91 92 pUnicast = pCurrAddresses->FirstUnicastAddress; 93 if (pUnicast != NULL) { 94 for (i = 0; pUnicast != NULL; i++) 95 pUnicast = pUnicast->Next; 96 printf("\tNumber of Unicast Addresses: %d\n", i); 97 } else 98 printf("\tNo Unicast Addresses\n"); 99 100 pAnycast = pCurrAddresses->FirstAnycastAddress; 101 if (pAnycast) { 102 for (i = 0; pUnicast != NULL; i++) 103 pAnycast = pAnycast->Next; 104 printf("\tNumber of Anycast Addresses: %d\n", i); 105 } else 106 printf("\tNo Anycast Addresses\n"); 107 108 pMulticast = pCurrAddresses->FirstMulticastAddress; 109 if (pMulticast) { 110 for (i = 0; pMulticast != NULL; i++) 111 pMulticast = pMulticast->Next; 112 printf("\tNumber of Multicast Addresses: %d\n", i); 113 } else 114 printf("\tNo Multicast Addresses\n"); 115 116 pDnServer = pCurrAddresses->FirstDnsServerAddress; 117 if (pDnServer) { 118 for (i = 0; pDnServer != NULL; i++) 119 pDnServer = pDnServer->Next; 120 printf("\tNumber of DNS Server Addresses: %d\n", i); 121 } else 122 printf("\tNo DNS Server Addresses\n"); 123 124 printf("\tDNS Suffix: %wS\n", pCurrAddresses->DnsSuffix); 125 printf("\tDescription: %wS\n", pCurrAddresses->Description); 126 printf("\tFriendly name: %wS\n", pCurrAddresses->FriendlyName); 127 128 if (pCurrAddresses->PhysicalAddressLength != 0) { 129 printf("\tPhysical address: "); 130 for (i = 0; i < (int) pCurrAddresses->PhysicalAddressLength; 131 i++) { 132 if (i == (pCurrAddresses->PhysicalAddressLength - 1)) 133 printf("%.2X\n", 134 (int) pCurrAddresses->PhysicalAddress[i]); 135 else 136 printf("%.2X-", 137 (int) pCurrAddresses->PhysicalAddress[i]); 138 } 139 } 140 printf("\tFlags: %ld\n", pCurrAddresses->Flags); 141 printf("\tMtu: %lu\n", pCurrAddresses->Mtu); 142 printf("\tIfType: %ld\n", pCurrAddresses->IfType); 143 printf("\tOperStatus: %ld\n", pCurrAddresses->OperStatus); 144 printf("\tIpv6IfIndex (IPv6 interface): %u\n", 145 pCurrAddresses->Ipv6IfIndex); 146 printf("\tZoneIndices (hex): "); 147 for (i = 0; i < 16; i++) 148 printf("%lx ", pCurrAddresses->ZoneIndices[i]); 149 printf("\n"); 150 151 pPrefix = pCurrAddresses->FirstPrefix; 152 if (pPrefix) { 153 for (i = 0; pPrefix != NULL; i++) 154 pPrefix = pPrefix->Next; 155 printf("\tNumber of IP Adapter Prefix entries: %d\n", i); 156 } else 157 printf("\tNo IP Adapter Prefix entries\n"); 158 159 printf("\n"); 160 161 pCurrAddresses = pCurrAddresses->Next; 162 } 163 } else { 164 printf("Call to GetAdaptersAddresses failed with error: %d\n", 165 dwRetVal); 166 if (dwRetVal == ERROR_NO_DATA) 167 printf("\tNo addresses were found for the requested parameters\n"); 168 else { 169 170 if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, dwRetVal, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language 171 (LPTSTR) & lpMsgBuf, 0, NULL)) { 172 printf("\tError: %s", lpMsgBuf); 173 LocalFree(lpMsgBuf); 174 FREE(pAddresses); 175 exit(1); 176 } 177 } 178 } 179 FREE(pAddresses); 180 return 0; 181 }