108 lines
2.9 KiB
C
108 lines
2.9 KiB
C
#include <pcap.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <arpa/inet.h>
|
|
#include <unistd.h>
|
|
|
|
struct ipheader {
|
|
unsigned char iph_ihl:4, iph_ver:4;
|
|
unsigned char iph_tos;
|
|
unsigned short int iph_len;
|
|
unsigned short int iph_ident;
|
|
unsigned short int iph_flag:3, iph_offset:13;
|
|
unsigned char iph_ttl;
|
|
unsigned char iph_protocol;
|
|
unsigned short int iph_chksum;
|
|
struct in_addr iph_sourceip;
|
|
struct in_addr iph_destip;
|
|
};
|
|
|
|
struct icmpheader {
|
|
unsigned char icmp_type;
|
|
unsigned char icmp_code;
|
|
unsigned short int icmp_chksum;
|
|
unsigned short int icmp_id;
|
|
unsigned short int icmp_seq;
|
|
};
|
|
|
|
unsigned short in_cksum (unsigned short *buf, int length)
|
|
{
|
|
unsigned short *w = buf;
|
|
int nleft = length;
|
|
int sum = 0;
|
|
unsigned short temp=0;
|
|
|
|
while (nleft > 1) {
|
|
sum += *w++;
|
|
nleft -= 2;
|
|
}
|
|
|
|
if (nleft == 1) {
|
|
*(u_char *)(&temp) = *(u_char *)w ;
|
|
sum += temp;
|
|
}
|
|
|
|
sum = (sum >> 16) + (sum & 0xffff);
|
|
sum += (sum >> 16);
|
|
return (unsigned short)(~sum);
|
|
}
|
|
|
|
void send_raw_ip_packet(struct ipheader* ip)
|
|
{
|
|
struct sockaddr_in dest_info;
|
|
int enable = 1;
|
|
|
|
int sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
|
|
setsockopt(sock, IPPROTO_IP, IP_HDRINCL, &enable, sizeof(enable));
|
|
|
|
dest_info.sin_family = AF_INET;
|
|
dest_info.sin_addr = ip->iph_destip;
|
|
|
|
sendto(sock, ip, ntohs(ip->iph_len), 0, (struct sockaddr *)&dest_info, sizeof(dest_info));
|
|
close(sock);
|
|
}
|
|
|
|
void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
|
|
{
|
|
struct ipheader *ip = (struct ipheader *)(packet + 14);
|
|
struct icmpheader *icmp = (struct icmpheader *)(packet + 14 + (ip->iph_ihl * 4));
|
|
|
|
if (icmp->icmp_type == 8) { // Echo Request
|
|
printf("Detected Echo Request from %s to %s\n", inet_ntoa(ip->iph_sourceip), inet_ntoa(ip->iph_destip));
|
|
|
|
char buffer[1500];
|
|
int ip_len = ntohs(ip->iph_len);
|
|
memcpy(buffer, ip, ip_len);
|
|
|
|
struct ipheader *new_ip = (struct ipheader *) buffer;
|
|
struct icmpheader *new_icmp = (struct icmpheader *) (buffer + (new_ip->iph_ihl * 4));
|
|
|
|
new_ip->iph_sourceip = ip->iph_destip;
|
|
new_ip->iph_destip = ip->iph_sourceip;
|
|
new_ip->iph_ttl = 64;
|
|
|
|
new_icmp->icmp_type = 0; // Echo Reply
|
|
new_icmp->icmp_chksum = 0;
|
|
new_icmp->icmp_chksum = in_cksum((unsigned short *)new_icmp, ip_len - (new_ip->iph_ihl * 4));
|
|
|
|
send_raw_ip_packet(new_ip);
|
|
printf("Sent spoofed Echo Reply back to %s\n", inet_ntoa(new_ip->iph_destip));
|
|
}
|
|
}
|
|
|
|
int main()
|
|
{
|
|
pcap_t *handle;
|
|
char errbuf[PCAP_ERRBUF_SIZE];
|
|
struct bpf_program fp;
|
|
char filter_exp[] = "icmp";
|
|
bpf_u_int32 net;
|
|
|
|
handle = pcap_open_live("br-603d3788c443", BUFSIZ, 1, 1000, errbuf);
|
|
pcap_compile(handle, &fp, filter_exp, 0, net);
|
|
pcap_setfilter(handle, &fp);
|
|
pcap_loop(handle, -1, got_packet, NULL);
|
|
pcap_close(handle);
|
|
return 0;
|
|
}
|