[蛋痛]模拟功夫网发送reset报文的程序

1月 1st, 2010
by Bearice.

真的是很蛋痛,研究了一下功夫网是如何发送reset报文的,纯属蛋痛,对翻墙没有任何实质性帮助,对造墙倒是有用OTL
用pcap监听一块网卡eth0(开port mirror) reset报文通过rawsocket从另一块网卡eth1发送(其实是自动选路的)
也可以用在linux的路由器上。
程序目前的判断是reset所有80端口的连接……恩,发疯的墙。当然这仅仅是墙的一小部分,墙的真正部分是深度数据包检测,等那天又蛋痛了试着做下。没有妹子陪着过年真是痛苦啊~~
以下代码刷屏。

/* 
 * File:   main.c
 * Author: Bearice
 *
 * Created on 2009年12月31日, 下午12:36
 */

#include <stdio.h>
#include <stdlib.h>
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <net/if.h>
#include <net/ethernet.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
//#include <pcap/pcap.h>
#include <pcap.h>
typedef unsigned char u8;
typedef unsigned short u16;
typedef unsigned long u32;



struct psdhdr {
    u32 saddr;
    u32 daddr;
    char zero;
    char proto;
    u16 len;
};

u16 checksum(u16 *buffer, int size) {
    unsigned long cksum = 0;
    while (size > 1) {
        cksum += *buffer++;
        size -= sizeof (u16);
    }
    if (size)
        cksum += *(u16*) buffer;

    cksum = (cksum >> 16) + (cksum & 0xffff);
    cksum += (cksum >> 16);
    return (u16) (~cksum);
}

u16 tcp_checksum(struct iphdr* iph, struct tcphdr* tcph, char* data, int size) {
    tcph->check = 0;
    struct psdhdr psd_header;
    psd_header.daddr = iph->daddr;
    psd_header.saddr = iph->saddr;
    psd_header.zero = 0;
    psd_header.proto = IPPROTO_TCP;
    psd_header.len = htons(sizeof (struct tcphdr) + size);

    char tcpBuf[65536];
    memcpy(tcpBuf, &psd_header, sizeof (struct psdhdr));
    memcpy(tcpBuf + sizeof (struct psdhdr), tcph, sizeof (struct tcphdr));
    memcpy(tcpBuf + sizeof (struct psdhdr) + sizeof (struct tcphdr), data, size);
    return tcph->check = checksum((u16 *) tcpBuf,
            sizeof (struct psdhdr) + sizeof (struct tcphdr) + size);
}

int inject_reset(int sip, int dip, int sport, int dport, int ttl, int seq) {
    int sk = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
    int ret = 1;
    ret = setsockopt(sk, SOL_IP, IP_HDRINCL, &ret, sizeof (int));
    u8 data[20 + sizeof (struct tcphdr) ];
    bzero(data, sizeof (data));
    struct iphdr* iphdr = data;
    iphdr->version = 4;
    iphdr->ihl = 5;
    //iphdr->tos = 0;
    iphdr->tot_len = 40;
    //iphdr->id = 0;
    //iphdr->frag_off = 0;
    iphdr->ttl = ttl;
    iphdr->protocol = IPPROTO_TCP;
    //iphdr->check = 0;
    iphdr->saddr = sip;
    iphdr->daddr = dip;
    struct tcphdr* tcp = data + 20;
    tcp->source = sport;
    tcp->dest = dport;
    tcp->seq = seq;
    //tcp.ack_seq = 0;
    tcp->rst = 1;
    tcp->window = 8158;
    tcp->doff = 5;
    //tcp.urg_ptr = 0;
    tcp_checksum(iphdr, tcp, 0, 0);
    struct sockaddr_in sin;
    bzero((char *) & sin, sizeof (sin));
    sin.sin_family = AF_INET;
    sin.sin_port = dport; //port to send packet to
    sin.sin_addr.s_addr = dip; //IP to send packet to
    ret = sendto(sk, data, sizeof (data), 0, &sin, sizeof (sin));
    close(sk);
    return ret;
}

int main(int argc, char** argv) {

    char errbuf[256];
    pcap_t* fd = pcap_open_live("eth0", 1500, 1, 1000, errbuf);
    //unsigned char data[1500];
    u8* data;
    struct pcap_pkthdr* pkthdr;
    while (1) {
        if (pcap_next_ex(fd, &pkthdr, &data) != 1)continue;
        struct ether_header* ethhdr = data;
        data += ETHER_HDR_LEN;
        /*
        printf("%02x:%02x:%02x:%02x:%02x:%02x -> %02x:%02x:%02x:%02x:%02x:%02x @ 0x%04x \n",
                    ethhdr->ether_shost[0],ethhdr->ether_shost[1],ethhdr->ether_shost[2],ethhdr->ether_shost[3],ethhdr->ether_shost[4],ethhdr->ether_shost[5],
                    ethhdr->ether_dhost[0],ethhdr->ether_dhost[1],ethhdr->ether_dhost[2],ethhdr->ether_dhost[3],ethhdr->ether_dhost[4],ethhdr->ether_dhost[5],
                    ntohs(ethhdr->ether_type));
         */
        switch (ntohs(ethhdr->ether_type)) {
            case ETHERTYPE_IP:
            {
                struct iphdr* iphdr = data;
                data += iphdr->ihl * 4;
                unsigned char* a1 = &iphdr->saddr;
                unsigned char* a2 = &iphdr->daddr;
                printf("%u.%u.%u.%u->%u.%u.%u.%u\n", a1[0], a1[1], a1[2], a1[3], a2[0], a2[1], a2[2], a2[3]);
                switch (iphdr->protocol) {
                    case IPPROTO_TCP:
                    {
                        struct tcphdr* tcphdr = data;
                        printf("  Port: %d -> %d rst=%d\n", ntohs(tcphdr->source), ntohs(tcphdr->dest), tcphdr->rst);
                        if (ntohs(tcphdr->dest) == 80 && tcphdr->rst == 0) {
                            inject_reset(iphdr->saddr, iphdr->daddr, tcphdr->source, tcphdr->dest, iphdr->ttl, tcphdr->seq);
                            inject_reset(iphdr->daddr, iphdr->saddr, tcphdr->dest, tcphdr->source, iphdr->ttl, tcphdr->seq);
                        }
                    }
                }
            }
        }
    }
    return (EXIT_SUCCESS);
}

分类: C/C++, Linux, 未分类, 网络.

>_<|| 我手贱!!这个有问题!绝对有问题!!一般般啦,真的很一般般。还不错哦~小表扬一下!GJ!乃就是新世界的神様了,快去拯救世界吧! (No Ratings Yet)
Loading...
标签: · ·

一人吐槽

  1. HelloLinux!说道:
    2010年01月2日 14:40
    骑着 Firefox 3.5.6 Firefox 3.5.6 和 Ubuntu 9.10 x64 Ubuntu 9.10 x64
    Mozilla/5.0 (X11; U; Linux x86_64; zh-CN; rv:1.9.1.6) Gecko/20091215 Ubuntu/9.10 (karmic) Firefox/3.5.6 GTB6

    本人,tcp ip 一窍不通。。。