/****************************
* CREATION OF PACKET STATE *
****************************/
void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
const struct sniff_ethernet *ethernet; /* The ethernet header */
const struct sniff_ip *ip; /* The IP header */
const struct sniff_tcp *tcp; /* The TCP header */
const struct sniff_udp *udp;
u_int8_t *payload; /* Packet payload */
u_int size_ip;
u_int size_protocol;
u_int16_t length_protocol;
/* Spoofed src and the real dst of the packets */
u_int32_t dip;
u_int32_t sip;
u_int8_t *daddr;
u_int8_t *saddr;
/* GET PACKET INFORMATION SUB-STATE */
if (packet == NULL)
{
printf(" * No packet received\n");
return;
}
if (DEBUG == 1)
{
printf(" DEBUG: Packet is not null\n Packet Type:\n");
}
ethernet = (struct sniff_ethernet*)(packet);
if (ethernet->ether_type == ETHER_IP)
{
ip = (struct sniff_ip*)(packet + SIZE_ETHERNET);
size_ip = IP_HL(ip)*4;
if (size_ip < 20) {
printf(" * Invalid IP header length: %i bytes\n", size_ip);
return;
}
if (DEBUG == 1)
{
printf(" * It's a valid IP packet\n");
}
/* Distinguish between TCP and UDP packets */
if (ip->ip_p == TCP_PROTOCOL)
{
tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip);
size_protocol = TH_OFF(tcp)*4;
if (size_protocol < 20) {
printf(" * Invalid TCP header length: %u bytes\n", size_protocol);
return;
}
}
else if (ip->ip_p == UDP_PROTOCOL)
{
udp = (struct sniff_udp*)(packet + SIZE_ETHERNET + size_ip);
size_protocol = SIZE_UDP;
}
}
else if (ethernet->ether_type == ETHER_ARP)
{
struct sniff_arp * arp;
arp = (struct sniff_arp*)(packet + SIZE_ETHERNET);
if (DEBUG)
{
printf(" * It's a ARP Packet\n");
}
int length;
spoof_arp(inet_addr(victim_ip), /* target (me) protocol address */
inet_addr((char*)arp->arp_spa), /* destination (hacker) protocol address */
(u_int8_t*) libnet_hex_aton(victim_ethernet, &length), /* target (me) hw address */
(u_int8_t*) &arp->arp_sha); /* destination protocol address */
spoof_arp(inet_addr(relayer_ip),
inet_addr((char*)arp->arp_spa),
(u_int8_t*) libnet_hex_aton(relayer_ethernet, &length),
(u_int8_t*) &arp->arp_sha);
return;
}
else
{
fprintf(stderr, "Don't know this protocol. Shutting down\n");
exit(1);
}
/* FIGURE OUT WHOM TO SEND THE PACKET AND SPOOF WHOM
ITS FROM SUB-STATE (puh! long name) */
/* Ignoring the PORT because they doesn't matter in
deciding where to send the packet. The ports will
be the same if it's the relayere, victim or the hacker
which receives the packet */
if (DEBUG == 1)
{
printf(" DEBUG: Deciding source and destionation addresses:\n");
}
int length; /* don't know why I need this ... But just to be safe.. */
if(ip->ip_dst.s_addr == inet_addr(victim_ip)) /* Not sure if this comparison works... */
{
sip = inet_addr(relayer_ip);
saddr = (u_int8_t*)libnet_hex_aton(relayer_ethernet, &length);
if (saddr == NULL)
{
fprintf(stderr, "Couldn't Convert MAC address: %s\n", relayer_ethernet);
exit(1);
}
if (DEBUG == 1)
{
printf(" * Src IP: %s\n", relayer_ip);
printf(" * Dst Ether: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n",
saddr[0],saddr[1],saddr[2],saddr[3],saddr[4],saddr[5]);
}
}
else if (ip->ip_dst.s_addr == inet_addr(relayer_ip))
{
sip = inet_addr(victim_ip);
saddr = (u_int8_t*)libnet_hex_aton(victim_ethernet, &length);
if (saddr == NULL)
{
fprintf(stderr, "Couldn't Convert MAC address: %s\n", victim_ethernet);
exit(1);
}
if (DEBUG == 1)
{
printf(" * Src IP: %s\n", victim_ip);
printf(" * Dst Ether: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n",
saddr[0],saddr[1],saddr[2],saddr[3],saddr[4],saddr[5]);
}
}
/* destination is always the same */
dip = ip->ip_src.s_addr;
daddr = (u_int8_t*)ethernet->ether_shost;
if (daddr == NULL)
{
fprintf(stderr, "Couldn't fetch the dst MAC addr from ethernet header\n");
exit(1);
}
if (DEBUG == 1)
{
printf(" * Dst IP: %s\n", inet_ntoa(ip->ip_src));
printf(" * Dst Ether: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n",
daddr[0],daddr[1],daddr[2],daddr[3],daddr[4],daddr[5]);
}
/* GENERATE PACKET SUB-STATE */
if (DEBUG == 1)
{
printf(" DEBUG: Trying to generate packet\n");
}
/* Initialize libnet */
libnet_t *l;
char errbuf_net[LIBNET_ERRBUF_SIZE];
l = libnet_init(LIBNET_LINK, dev, errbuf_net);
if(l == NULL)
{
fprintf(stderr, "Error Opening Context: %s\n", errbuf_net);
return;
}
if(ethernet->ether_type == ETHER_IP)
{
if (ip->ip_p == TCP_PROTOCOL)
{
/* Create TCP packet with switched src and dst ports */
libnet_ptag_t libnet_tcp = 0;
int size_payload;
size_payload = ntohs(ip->ip_len) - (size_ip + size_protocol);
u_int8_t *tcp_options = (u_int8_t* )(packet + SIZE_ETHERNET + size_ip + 20);
u_int32_t size_tcp_options = (u_int32_t)(size_protocol - 20);
libnet_build_tcp_options(tcp_options, size_tcp_options, l, 0);
if (size_payload == 0)
{
payload = NULL;
}
else
{
payload = (u_int8_t *)(packet + SIZE_ETHERNET + size_ip + size_protocol);
}
if (DEBUG == 1)
{
printf(" * Size of payload %i\n", size_payload);
printf(" * Size of IP header %i\n", size_ip);
printf(" * Size of IP length %i\n", ip->ip_len);
}
length_protocol = size_protocol + size_payload;
libnet_tcp = libnet_build_tcp(htons(tcp->th_sport),
htons(tcp->th_dport),
ntohl(tcp->th_seq),
ntohl(tcp->th_ack),
tcp->th_flags,
ntohs(tcp->th_win),
0,
ntohs(tcp->th_urp),
length_protocol,
payload,
size_payload,
l,
libnet_tcp);
if (libnet_tcp == -1)
{
fprintf(stderr, "Unable to build TCP header: %s\n", libnet_geterror(l));
exit(1);
}
if (DEBUG == 1)
{
printf(" * IP packet successfully generated\n");
}
}
else if (ip->ip_p == UDP_PROTOCOL)
{
/* Create a new UDP packet but with switched ports */
libnet_ptag_t libnet_udp = 0;
int size_payload;
size_payload = ntohs(ip->ip_len) - size_ip;
payload = (u_int8_t *)(packet + SIZE_ETHERNET + size_ip + size_protocol);
length_protocol = (udp->uh_length) + size_payload;
libnet_udp = libnet_build_udp(htons(udp->uh_dport),
htons(udp->uh_sport),
length_protocol,
0,
payload,
size_payload,
l,
libnet_udp);
if (libnet_udp == -1)
{
fprintf(stderr, "Unable to build UDP header: %s\n", libnet_geterror(l));
exit(1);
}
}
/* Create a new IP packet with the IP for src and dst switched */
u_int8_t* ip_options = (u_int8_t*)(packet + SIZE_ETHERNET + 20);
u_int32_t size_ip_options = (u_int32_t)(size_ip - 20);
libnet_build_ipv4_options(ip_options, size_ip_options, l, 0);
int size_ip_payload;
u_int8_t* ip_payload;
if (ip->ip_p == TCP_PROTOCOL || ip->ip_p == UDP_PROTOCOL)
{
ip_payload = NULL;
size_ip_payload = 0;
}
else
{
ip_payload = (u_int8_t*)(packet + SIZE_ETHERNET + size_ip);
size_ip_payload = ntohs(ip->ip_len) - size_ip;
}
libnet_ptag_t libnet_ipv4 = 0;
libnet_ipv4 = libnet_build_ipv4(ntohs(ip->ip_len),
ip->ip_tos,
ntohs(ip->ip_id),
ntohs(ip->ip_off),
ip->ip_ttl,
ip->ip_p,
0,
sip,
dip,
ip_payload,
size_ip_payload,
l,
libnet_ipv4);
if (libnet_ipv4 == -1)
{
fprintf(stderr, "Unable to build IPv4 header: %s\n", libnet_geterror(l));
exit(1);
}
}
/* Last but not least the Ethernet packet (Not sure if we're gonna need it) */
libnet_ptag_t libnet_eth = 0;
libnet_eth = libnet_build_ethernet(daddr,
saddr,
ETHERTYPE_IP,
NULL,
0,
l,
libnet_eth);
if (libnet_eth == -1)
{
fprintf (stderr, "Unable to build Ethernet header: %s\n", libnet_geterror(l));
exit(1);
}
if (DEBUG == 1)
{
printf(" * Ethernet packet successfully generated\n");
}
/* This probably not a good idea to run for a long time
on my own network */
if ((libnet_write(l)) == -1)
{
fprintf(stderr, "Unable to send packet: %s\\n", libnet_geterror(l));
exit(1);
}
else
{
if (DEBUG == 1)
{
printf(" DEBUG: Packet replicated and sent\n");
}
}
libnet_destroy(l); /* Always need to call this before returning
* It should have been a mechanism that you could
* use for "after return do this"
*/
}
/*-
-- ptag = n:tcp{
-- required arguments
src=port,
dst=port,
seq=int,
ack=int,
flags=int,
win=int,
urg=int,
-- optional arguments
ptag=int,
payload=str,
options=tcp_options,
}
ptag is optional, defaults to creating a new protocol block
options is optional
*/
static int lnet_tcp (lua_State *L)
{
libnet_t* ud = checkudata(L);
int src = v_arg_integer(L, 2, "src");
int dst = v_arg_integer(L, 2, "dst");
int seq = v_arg_integer(L, 2, "seq");
int ack = v_arg_integer(L, 2, "ack");
int flags = v_arg_integer(L, 2, "flags");
int win = v_arg_integer(L, 2, "win");
int urg = v_arg_integer(L, 2, "urg");
int ptag = lnet_arg_ptag(L, ud, 2, LIBNET_PBLOCK_TCP_H);
uint32_t payloadsz = 0;
const uint8_t* payload = checkpayload(L, 2, &payloadsz);
int options_ptag = 0;
uint32_t optionsz = 0;
const uint8_t* options = checklbuffer(L, 2, "options", &optionsz);
int cksum = 0; /* 0 is a flag requesting libnet to fill in correct cksum */
libnet_pblock_t* oblock = NULL;
int len = 0; /* libnet needs len for checksum calculation */
oblock = ptag ? libnet_pblock_find(ud, ptag)->prev : ud->pblock_end;
if(!oblock || oblock->type != LIBNET_PBLOCK_TCPO_H)
oblock = NULL;
else
options_ptag = oblock->ptag;
/* Two initial states possible:
* - has prev ip options block, or not
* Two final states desired:
* - has prev ip options block, or not
*/
if(!options) {
libnet_pblock_delete(ud, oblock);
} else {
options_ptag = libnet_build_tcp_options(options, optionsz, ud, options_ptag);
check_error(L, ud, options_ptag);
if(oblock) {
/* we replaced an existing block that was correctly placed */
} else if(ptag) {
libnet_pblock_insert_before(ud, ptag, options_ptag);
} else {
/* we just pushed a new options block, and are about to push a new ip block */
}
}
/* Rewrite len to be len of tcp pblock + previous blocks. */
{
libnet_pblock_t* p = ptag ? libnet_pblock_find(ud, ptag)->prev : ud->pblock_end;
len = LIBNET_TCP_H + payloadsz;
while(p) {
/* don't count tcpdata pblock... we will replace it payloadsz data below */
if(p->type != LIBNET_PBLOCK_TCPDATA)
len += p->b_len;
p = p->prev;
}
}
ptag = libnet_build_tcp(
src, dst, seq, ack, flags, win, cksum, urg,
len,
payload, payloadsz,
ud, ptag);
check_error(L, ud, ptag);
lua_pushinteger(L, ptag);
return 1;
}
int main() {
libnet_t *handle; /* Libnet handler */
int packet_size;
char *device = "10.1.2.3"; /* device name */
char *src_ip_str = "10.1.2.3"; /* Source IP String*/
char *dst_ip_str = "10.1.2.2"; /* Destination IP String*/
u_char src_mac[6] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x02}; /* Source MAC */
u_char dst_mac[6] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x01}; /* Destination MAC */
u_long dst_ip, src_ip;
char error[LIBNET_ERRBUF_SIZE];
libnet_ptag_t eth_tag, ip_tag, tcp_tag, tcp_op_tag;
u_short proto = IPPROTO_TCP; /* Transport layer protocol*/
u_char payload[1400] = {0};
u_long payload_s = 0; /* length of payload */
/* Turn IP string to IP(little endian)*/
dst_ip = libnet_name2addr4(handle, dst_ip_str, LIBNET_RESOLVE);
src_ip = libnet_name2addr4(handle, src_ip_str, LIBNET_RESOLVE);
/* init Libnet */
if ( (handle = libnet_init(LIBNET_LINK, device, error)) == NULL ) {
printf("libnet_init failure\n");
return (-1);
};
strncpy(payload, "123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678", sizeof(payload)-1); /* load construct */
payload_s = strlen(payload);
printf("%lu\n",payload_s);
#if 0
/* produce TCP */
tcp_op_tag = libnet_build_tcp_options(
payload,
payload_s,
handle,
0
);
if (tcp_op_tag == -1) {
printf("build_tcp_options failure\n");
return (-2);
};
#endif
tcp_tag = libnet_build_tcp(
30330, /* Source port */
30331, /* Destination port */
8888, /* sequence number */
8889, /* acknowledgement number */
TH_PUSH | TH_ACK, /* Control flags */
14600, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + payload_s, /* length */
payload, /* payload */
payload_s, /* length of payload */
handle, /* libnet handler */
0 /* protocol tag to modify an existing header, 0 to build a new one */
);
if (tcp_tag == -1) {
printf("libnet_build_tcp failure\n");
return (-3);
};
/* IP */
ip_tag = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H + payload_s, /* total length of the IP packet,*/
0, /* tos */
(u_short) libnet_get_prand(LIBNET_PRu16), /* IP identification number */
0, /* fragmentation bits and offset */
(u_int8_t)libnet_get_prand(LIBNET_PR8), /* time to live in the network */
proto, /* upper layer protocol */
0, /* checksum (0 for libnet to autofill) */
src_ip, /* source IPv4 address (little endian) */
dst_ip, /* destination IPv4 address (little endian) */
NULL, /* payload */
0, /* payload length*/
handle, /* Libnet handler */
0 /* protocol tag to modify an existing header, 0 to build a new one */
);
if (ip_tag == -1) {
printf("libnet_build_ipv4 failure\n");
return (-4);
};
/* MAC */
eth_tag = libnet_build_ethernet(
dst_mac, /* destination ethernet address */
src_mac, /* source ethernet address */
ETHERTYPE_IP, /* upper layer protocol type */
NULL, /* payload */
0, /* payload length */
handle, /* Libnet handler*/
0 /* protocol tag to modify an existing header, 0 to build a new one */
);
if (eth_tag == -1) {
printf("libnet_build_ethernet failure\n");
return (-5);
};
for(;;)
{
packet_size = libnet_write(handle); /* packet out */
//printf("%d\n", packet_size);
printf("sending TCP packet!\n");
//usleep(1);
}
libnet_destroy(handle); /* release the handler */
return (0);
}
void create_tcp_packet(struct tcphdr2 *tcp,struct ip* ip, int size_payload,const u_char* packet){
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t tag=0,tag_tcp=0,ipv=0; /* libnet protocol block */
libnet_t * libnet_context;
int set=0;
int port_out,port_in;
char* payload ;
if(!strcmp("192.168.1.3",inet_ntoa(ip->ip_src)))set=1;
else set=2;
if(set==1){
libnet_context = libnet_init(LIBNET_RAW4,"eth0", errbuf);
port_out=check_out(ntohs(tcp->source));
}
else{
libnet_context = libnet_init(LIBNET_RAW4,"eth1", errbuf);
//if(ntohs(tcp->dest)!=9999){exit(0);}
port_in=check_in(ntohs(tcp->dest));
if(!port_in)return;//exit(0);return;}
}
if (libnet_context == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(1);
}
fprintf(stderr, "libnet_init() seccess\n");
payload=(char*) (packet+54);
char* flags=(char*)(tcp+13);
if((tcp->doff)*4 > 20)
{
fprintf(stderr, "(tcp->doff)*4 > 20\n");
if(libnet_build_tcp_options(/*(u_int8_t *)(tcp+20)*/(u_int8_t *)packet+54,(tcp->doff)*4 -20,libnet_context,0)==-1)
{
printf("tcp_option error\n\n");
}
//payload=(char*)( packet+(tcp->doff)*4-20+54);
printf("tcp_option\n");
}
fprintf(stderr, "libnet_init() seccess2\n");
if (size_payload == 0) payload = NULL;
if(set==1){
// port_test=ntohs(tcp->source);
tag_tcp = libnet_build_tcp (
//ntohs(tcp->source), /* src port */
//9999,
port_out,
ntohs(tcp->dest), /* destination port */
ntohl(tcp->seq), /* sequence number */
ntohl(tcp->ack_seq), /* acknowledgement */
tcp->th_flags,
//(*flags), /* control flags */
ntohs(tcp->window), /* window */
0 , /* checksum - 0 = autofill */
ntohs(tcp->urg_ptr), /* urgent */
(tcp->doff)*4+size_payload, /* total tcp size */
payload, /* payload */
size_payload, /* payload length */
libnet_context, /* libnet context */
tag);
/* protocol tag */
}
else{
tag_tcp = libnet_build_tcp (
ntohs(tcp->source), /* src port */
//ntohs(tcp->dest), /* destination port */
port_in,
//port_test,
ntohl(tcp->seq), /* sequence number */
ntohl(tcp->ack_seq), /* acknowledgement */
tcp->th_flags, /* control flags */
ntohs(tcp->window), /* window */
0 , /* checksum - 0 = autofill */
ntohs(tcp->urg_ptr), /* urgent */
(tcp->doff)*4+size_payload, /* total tcp size */
payload, /* payload */
size_payload, /* payload length */
libnet_context, /* libnet context */
tag);
}
if (tag_tcp == -1)
{
fprintf (stderr,
"Unable to build TCP header: %s\n", libnet_geterror (libnet_context));
exit (1);
}
//libnet_do_checksum(&libnet_context,tcp,IPPROTO_TCP,(tcp->doff));
fprintf (stderr,"tcp_build OK\n");
struct in_addr* tmp_src = &ip->ip_src;
struct in_addr* tmp_dst = &ip->ip_dst;
if(set==1){
ipv = libnet_build_ipv4(
ntohs(ip->ip_len), /* length */
(ip->ip_tos), /* TOS */
ntohs(ip->ip_id), /* IP ID */
ntohs(ip->ip_off), /* IP Frag */
(ip->ip_ttl), /* TTL */
(ip->ip_p), /* protocol */
//IPPROTO_TCP,
0, /* checksum */
libnet_name2addr4(libnet_context,"140.114.195.31",LIBNET_DONT_RESOLVE),
*((u_int32_t*)(tmp_dst)), /* destination IP */
//libnet_name2addr4(libnet_context,"192.168.1.3",LIBNET_DONT_RESOLVE),
// *((u_int32_t*)(tmp_src)), /*src IP*/
NULL, /* payload */
0, /* payload size */
libnet_context, /* libnet context */
tag); /* ptag */
}else if(set==2){
ipv = libnet_build_ipv4(
ntohs(ip->ip_len), /* length */
(ip->ip_tos), /* TOS */
ntohs(ip->ip_id), /* IP ID */
ntohs(ip->ip_off), /* IP Frag */
(ip->ip_ttl), /* TTL */
(ip->ip_p), /* protocol */
//IPPROTO_TCP,
0, /* checksum */
// libnet_name2addr4(libnet_context,"192.168.1.0",LIBNET_DONT_RESOLVE),
*((u_int32_t*)(tmp_src)), /*src IP*/
libnet_name2addr4(libnet_context,"192.168.1.3",LIBNET_DONT_RESOLVE),
//*((u_int32_t*)(tmp_dst)), /* destination IP */
NULL, /* payload */
0, /* payload size */
libnet_context, /* libnet context */
tag);
}
else {
printf("error iph\n");exit(0);
}
if (ipv == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(libnet_context));
}
if (set==1) {
//flag为1,带表从内网到外网,目的MAC:gateway 源MAC:localMACw
libnet_build_ethernet(
gatewayMAC, /* ethernet destination */
LOCAL_MAC_OUTTER, /* ethernet source */
ETHERTYPE_IP, /* protocol type */
NULL, /* payload */
0, /* payload size */
libnet_context, /* libnet handle */
0); /* libnet id */
} else {
//flag为0,代表从外网到内网,目的MAC:targetMAC 源MAC:localMACn
libnet_build_ethernet(
targetMAC, /* ethernet destination */
LOCAL_MAC_INNER, /* ethernet source */
ETHERTYPE_IP, /* protocol type */
NULL, /* payload */
0, /* payload size */
libnet_context, /* libnet handle */
0); /* libnet id */
}
if (libnet_write(libnet_context) == -1)
fprintf(stderr, "Write error: %s\n", libnet_geterror(libnet_context));
fprintf(stderr, "Send %u\n",(u_int16_t)tcp->doff);
libnet_clear_packet(libnet_context);
libnet_destroy(libnet_context);
}
int
main(int argc, char *argv[])
{
int c;
char *cp;
libnet_t *l;
libnet_ptag_t t;
char *payload;
u_short payload_s;
u_long src_ip, dst_ip;
u_short src_prt, dst_prt;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1 packet shaping: TCP + options[link]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_LINK, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
src_prt = 0;
dst_prt = 0;
payload = NULL;
payload_s = 0;
while ((c = getopt(argc, argv, "d:s:p:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if (!(cp = strrchr(optarg, '.')))
{
usage(argv[0]);
}
*cp++ = 0;
dst_prt = (u_short)atoi(cp);
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if (!(cp = strrchr(optarg, '.')))
{
usage(argv[0]);
}
*cp++ = 0;
src_prt = (u_short)atoi(cp);
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'p':
payload = optarg;
payload_s = strlen(payload);
break;
default:
exit(EXIT_FAILURE);
}
}
if (!src_ip || !src_prt || !dst_ip || !dst_prt)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
t = libnet_build_tcp_options(
(uint8_t*)"\003\003\012\001\002\004\001\011\010\012\077\077\077\077\000\000\000\000\000\000",
20,
l,
0);
if (t == -1)
{
fprintf(stderr, "Can't build TCP options: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
0x01010101, /* sequence number */
0x02020202, /* acknowledgement num */
TH_SYN, /* control flags */
32767, /* window size */
0, /* checksum */
10, /* urgent pointer */
LIBNET_TCP_H + 20 + payload_s, /* TCP packet size */
(uint8_t*)payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H + 20 + payload_s,/* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ethernet(
enet_dst, /* ethernet destination */
enet_src, /* ethernet source */
ETHERTYPE_IP, /* protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte TCP packet; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int main(int argc, char *argv[])
{
int c, i, j, m, n, count=0;
u_long k;
u_char *cp;
libnet_t *l;
libnet_ptag_t ip;
libnet_ptag_t tcp, t_op;
struct libnet_stats ls;
u_long src_ip, dst_ip;
u_long seq, ack;
u_short src_prt, dst_prt, win;
u_short len;
u_char flags = 0x00; /* tcp flag */
u_char opt[20];
u_char ttl='\xf0'; /* TTL of IP */
char errbuf[LIBNET_ERRBUF_SIZE];
char *dev ="eth0"; /* default if */
struct in_addr addr;
FILE *dmf;
char *dms = NULL;
int pay_s = 0, delay = 0, nhosts = 1;
char *dmfn = NULL;
char *paybuf;
u_char bt;
char linebuf[MAXTEXT];
int vbflag = 0; /* verbose flag */
int synflag = 0; /* SYN flag. */
/* Initialize the library. Root priviledges are required. */
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
libnet_seed_prand(l);
tcp = 0;
ip = 0;
t_op = 0;
dst_ip = libnet_get_prand(LIBNET_PRu32);
src_ip = libnet_get_prand(LIBNET_PRu32);
src_prt = libnet_get_prand(LIBNET_PRu16);
dst_prt = 80; /* http */
win = libnet_get_prand(LIBNET_PRu16);
seq = libnet_get_prand(LIBNET_PRu32);
ack = libnet_get_prand(LIBNET_PRu32);
while ((c = getopt(argc, argv, "d:o:s:p:T:n:t:M:L:w:d:APRSFv")) != EOF)
{
switch (c)
{
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'o':
src_prt = (u_short)atoi(optarg);
break;
case 'p':
dst_prt = (u_short)atoi(optarg);
break;
case 't':
delay = atoi(optarg);
break;
case 'n':
nhosts = atoi(optarg);
break;
case 'T':
paybuf = optarg;
dms = (char *)malloc(strlen(paybuf)+1); /* alloc mem */
strcpy(dms, paybuf);
pay_s = strlen(dms);
break;
case 'M':
seq = (u_long)atoi(optarg);
break;
case 'L':
ack = (u_long)atoi(optarg);
break;
case 'w':
win = (u_short)atoi(optarg);
break;
case 'A':
flags = flags | 0x10; /* ACK */
break;
case 'P':
flags = flags | 0x08; /* PSH */
break;
case 'R':
flags = flags | 0x04; /* RST */
break;
case 'S':
flags = flags | 0x02; /* SYN */
synflag = 1;
break;
case 'F':
flags = flags | 0x01; /* FIN */
break;
case 'v':
vbflag = 1; /* Verbose flag */
break;
default:
usage(argv[0]);
exit(EXIT_FAILURE);
}
}
addr.s_addr = dst_ip;
if (vbflag) {
printf("Dest IP: %s\n", inet_ntoa(addr));
printf("Dest port: %d\n", dst_prt);
/** printf("Content file name: %s\n", dmfn);
printf("Sniffing device: %s\n", dev); */
}
/* Read the keywords, dest IPs, src IPs , and construct http payload */
if (dmfn != NULL) { /* -- if -E option is given */
if( (dmf = fopen(dmfn, "r")) == NULL) {
fprintf(stderr, "Error opening the content file %s \n", dmfn);
exit(1);
} /* end if */
/* printf("Reading content ...\n"); */
i = 0;
while ((i < MAXTEXT) && ( (c=fgetc(dmf)) != EOF ) )
{
linebuf[i++] = c;
}
fclose(dmf);
linebuf[i] = '\0';
paybuf = linebuf;
dms = (char *)malloc(strlen(paybuf)+1); /* alloc mem */
strcpy(dms, paybuf);
pay_s = strlen(dms);
} /* ---end if */
if(vbflag) { /* ===== for message body debugging */
printf("Content read:\n");
for (i=0; i < pay_s; i++) {
bt = *(dms + i);
printf(" %02X", bt);
}
printf("\n");
}
len = LIBNET_TCP_H + pay_s; /* packet length */
/* factorize nhosts */
m = nhosts /128;
n = 128;
for (j=n; j>=1; j--) {
for (i=1; i<=m; i++) {
k = (j-1)*m + i;
// printf("%ld\n", k);
/* Building TCP options for SYN */
if(synflag) {
ack =0;
len = LIBNET_TCP_H + 12 + pay_s; /* 12 more for syn */
t_op = libnet_build_tcp_options(
"\x02\x04\x05\xb4\x01\x01\x04\x02\x01\x00\x00\x00",
12,
l,
t_op);
}
/* Building TCP */
tcp = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
seq, /* seq libnet_get_prand(LIBNET_PRu32),*/
ack, /* ack libnet_get_prand(LIBNET_PRu32), */
flags, /* TCP flags */
win, /* win size libnet_get_prand(LIBNET_PRu16), */
0, /* checksum */
0, /* urgent pointer */
len, /* packet length */
dms, /* payload */
pay_s, /* payload size */
l, /* libnet handle */
tcp); /* libnet id */
if (tcp == -1) {
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
/* Building IP */
ip = libnet_build_ipv4(
LIBNET_IPV4_H + pay_s + LIBNET_TCP_H, /* length */
0x00, /* TOS */
0, /* IP ID */
0x4000, /* IP Frag */
ttl, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip,
dst_ip + htonl(k),
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
ip); /* libnet id */
if (ip == -1) {
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/* Write it to the wire. */
c = libnet_write(l);
if (c == -1) {
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
} else {
/* printf("Wrote %d byte TCP packet; check the wire.\n", c); */
}
count++;
if(count % 256 == 0) usleep(delay);
} /* end for i */
} /* end for j */
/* === debugging info ====*/
libnet_stats(l, &ls);
if(vbflag) {
fprintf(stderr, "Packets sent: %ld\n"
"Packet errors: %ld\n"
"Bytes written: %ld\n",
ls.packets_sent, ls.packet_errors, ls.bytes_written);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int
libnet_send(struct sniff_ethernet *ethernet, struct sniff_ip *ip, struct sniff_tcp *tcp, int size_payload, const u_char *payload)
{
char *dev = "eth0";
libnet_t *handle; /* Libnet句柄 */
int packet_size; /* 构造的数据包大小 */
char error[LIBNET_ERRBUF_SIZE]; /* 出错信息 */
libnet_ptag_t eth_tag, ip_tag, tcp_tag, tcp_op_tag; /* 各层build函数返回值 */
u_short proto = IPPROTO_TCP; /* 传输层协议 */
u_long dst_ip, src_ip; /* 网路序的目的IP和源IP */
/* 把目的IP地址字符串转化成网络序 */
dst_ip = libnet_name2addr4(handle, inet_ntoa(ip->ip_dst), LIBNET_RESOLVE);
/* 把源IP地址字符串转化成网络序 */
src_ip = libnet_name2addr4(handle, inet_ntoa(ip->ip_src), LIBNET_RESOLVE);
/* 初始化Libnet */
if ( (handle = libnet_init(LIBNET_LINK, dev, error)) == NULL ) {
printf("libnet_init failure\n");
return (-1);
};
//strncpy(payload, "test", sizeof(payload)-1); /* 构造负载的内容 */
//payload_s = strlen(payload); /* 计算负载内容的长度 */
#if 0
/* 构建TCP的选项,通常在第一个TCP通信报文中设置MSS */
tcp_op_tag = libnet_build_tcp_options(
payload,
size_payload,
handle,
0
);
if (tcp_op_tag == -1) {
printf("build_tcp_options failure\n");
return (-2);
};
#endif
tcp_tag = libnet_build_tcp(
ntohs(tcp->th_sport), /* 源端口 */
ntohs(tcp->th_dport), /* 目的端口 */
tcp->th_seq, /* 序列号 */
tcp->th_ack, /* 确认号 */
TH_ACK | TH_PUSH, /* Control flags */
ntohs(tcp->th_win), /* 窗口尺寸 */
0, /* 校验和,0为自动计算 */
0, /* 紧急指针 */
LIBNET_TCP_H + size_payload, /* 长度 */
payload, /* 负载内容 */
size_payload, /* 负载内容长度 */
handle, /* libnet句柄 */
0 /* 新建包 */
);
if (tcp_tag == -1) {
printf("libnet_build_tcp failure\n");
return (-3);
};
/* 构造IP协议块,返回值是新生成的IP协议快的一个标记 */
ip_tag = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H + size_payload, /* IP协议块的总长,*/
0, /* tos */
ntohs(ip->ip_id), //(u_short) libnet_get_prand(LIBNET_PRu16), /* id,随机产生0~65535 */
0, /* frag 片偏移 */
ip->ip_ttl, //(u_int8_t)libnet_get_prand(LIBNET_PR8), /* ttl,随机产生0~255 */
proto, /* 上层协议 */
0, /* 校验和,此时为0,表示由Libnet自动计算 */
src_ip, /* 源IP地址,网络序 */
dst_ip, /* 目标IP地址,网络序 */
NULL, /* 负载内容或为NULL */
0, /* 负载内容的大小*/
handle, /* Libnet句柄 */
0 /* 协议块标记可修改或创建,0表示构造一个新的*/
);
if (ip_tag == -1) {
printf("libnet_build_ipv4 failure\n");
return (-4);
};
/* 构造一个以太网协议块,只能用于LIBNET_LINK */
eth_tag = libnet_build_ethernet(
ethernet->ether_dhost, /* 以太网目的地址 */
ethernet->ether_shost, /* 以太网源地址 */
ETHERTYPE_IP, /* 以太网上层协议类型,此时为IP类型 */
NULL, /* 负载,这里为空 */
0, /* 负载大小 */
handle, /* Libnet句柄 */
0 /* 协议块标记,0表示构造一个新的 */
);
if (eth_tag == -1) {
printf("libnet_build_ethernet failure\n");
return (-5);
};
packet_size = libnet_write(handle); /* 发送已经构造的数据包*/
libnet_destroy(handle); /* 释放句柄 */
return (0);
}
