Sunday, 28 October 2012

HACK YOURSELF: DATA PACKET SNIFFER PROGRAMMING


#include<stdio.h>
#include<stdlib.h>
#include<sys/socket.h>
#include<features.h>
#include<linux/if_packet.h>
#include<linux/if_ether.h>
#include<errno.h>
#include<sys/ioctl.h>
#include<net/if.h>
#include<linux/ip.h>
#include<linux/tcp.h>
#include<netinet/in.h>


int CreateRawSocket(int protocol_to_sniff)
{
int rawsock;

if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(protocol_to_sniff)))== -1)
{
perror("Error creating raw socket: ");
exit(-1);
}

return rawsock;
}

int BindRawSocketToInterface(char *device, int rawsock, int protocol)
{

struct sockaddr_ll sll;
struct ifreq ifr;

bzero(&sll, sizeof(sll));
bzero(&ifr, sizeof(ifr));

/* First Get the Interface Index  */


strncpy((char *)ifr.ifr_name, device, IFNAMSIZ);
if((ioctl(rawsock, SIOCGIFINDEX, &ifr)) == -1)
{
printf("Error getting Interface index !\n");
exit(-1);
}

/* Bind our raw socket to this interface */

sll.sll_family = AF_PACKET;
sll.sll_ifindex = ifr.ifr_ifindex;
sll.sll_protocol = htons(protocol);


if((bind(rawsock, (struct sockaddr *)&sll, sizeof(sll)))== -1)
{
perror("Error binding raw socket to interface\n");
exit(-1);
}

return 1;

}

void PrintPacketInHex(unsigned char *packet, int len)
{
unsigned char *p = packet;

printf("\n\n---------Packet---Starts----\n\n");

while(len--)
{
printf("%.2x ", *p);
p++;
}

printf("\n\n--------Packet---Ends-----\n\n");

}


PrintInHex(char *mesg, unsigned char *p, int len)
{
printf(mesg);

while(len--)
{
printf("%.2X ", *p);
p++;
}

}


ParseEthernetHeader(unsigned char *packet, int len)
{
struct ethhdr *ethernet_header;

if(len > sizeof(struct ethhdr))
{
ethernet_header = (struct ethhdr *)packet;

/* First set of 6 bytes are Destination MAC */

PrintInHex("Destination MAC: ", ethernet_header->h_dest, 6);
printf("\n");

/* Second set of 6 bytes are Source MAC */

PrintInHex("Source MAC: ", ethernet_header->h_source, 6);
printf("\n");

/* Last 2 bytes in the Ethernet header are the protocol it carries */

PrintInHex("Protocol: ",(void *)&ethernet_header->h_proto, 2);
printf("\n");


}
else
{
printf("Packet size too small !\n");
}
}

ParseIpHeader(unsigned char *packet, int len)
{
struct ethhdr *ethernet_header;
struct iphdr *ip_header;

/* First Check if the packet contains an IP header using
  the Ethernet header                                */

ethernet_header = (struct ethhdr *)packet;

if(ntohs(ethernet_header->h_proto) == ETH_P_IP)
{
/* The IP header is after the Ethernet header  */

if(len >= (sizeof(struct ethhdr) + sizeof(struct iphdr)))
{
ip_header = (struct iphdr*)(packet + sizeof(struct ethhdr));

/* print the Source and Destination IP address */

printf("Dest IP address: %s\n", inet_ntoa(ip_header->daddr));
printf("Source IP address: %s\n", inet_ntoa(ip_header->saddr));


}
else
{
printf("IP packet does not have full header\n");
}

}
else
{
/* Not an IP packet */

}
}



ParseTcpHeader(unsigned char *packet , int len)
{
struct ethhdr *ethernet_header;
struct iphdr *ip_header;
struct tcphdr *tcp_header;

/* Check if enough bytes are there for TCP Header */

if(len >= (sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct tcphdr)))
{
/* Do all the checks: 1. Is it an IP pkt ? 2. is it TCP ? */

ethernet_header = (struct ethhdr *)packet;

if(ntohs(ethernet_header->h_proto) == ETH_P_IP)
{
ip_header = (struct iphdr *)(packet + sizeof(struct ethhdr));

if(ip_header->protocol == IPPROTO_TCP)
{
tcp_header = (struct tcphdr*)(packet + sizeof(struct ethhdr) + ip_header->ihl*4 );
/* Print the Dest and Src ports */

printf("Source Port: %d\n", ntohs(tcp_header->source));
printf("Dest Port: %d\n", ntohs(tcp_header->dest));

}
else
{
printf("Not a TCP packet\n");
}
}
else
{
printf("Not an IP packet\n");
}

}
else
{
printf("TCP Header not present \n");

}
}

int ParseData(unsigned char *packet, int len)
{
struct ethhdr *ethernet_header;
struct iphdr *ip_header;
struct tcphdr *tcp_header;
unsigned char *data;
int data_len;

/* Check if any data is there */

if(len > (sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct tcphdr)))
{

ip_header = (struct iphdr*)(packet + sizeof(struct ethhdr));


data = (packet + sizeof(struct ethhdr) + ip_header->ihl*4 +sizeof(struct tcphdr));
data_len = ntohs(ip_header->tot_len) - ip_header->ihl*4 - sizeof(struct tcphdr);

if(data_len)
{
printf("Data Len : %d\n", data_len);
PrintInHex("Data : ", data, data_len);
printf("\n\n");
return 1;
}
else
{
printf("No Data in packet\n");
return 0;
}
}
else
{
printf("No Data in packet\n");
return 0;
}

}

int IsIpAndTcpPacket(unsigned char *packet, int len)
{
struct ethhdr *ethernet_header;
struct iphdr *ip_header;

ethernet_header = (struct ethhdr *)packet;

if(ntohs(ethernet_header->h_proto) == ETH_P_IP)
{
ip_header = (struct iphdr *)(packet + sizeof(struct ethhdr));

if(ip_header->protocol == IPPROTO_TCP)
return 1;
else
return -1;
}
else
{
return -1;
}

}

main(int argc, char **argv)
{
int raw;
unsigned char packet_buffer[2048];
int len;
int packets_to_sniff;
struct sockaddr_ll packet_info;
int packet_info_size = sizeof(packet_info);

/* create the raw socket */

raw = CreateRawSocket(ETH_P_IP);

/* Bind socket to interface */

BindRawSocketToInterface(argv[1], raw, ETH_P_IP);

/* Get number of packets to sniff from user */

packets_to_sniff = atoi(argv[2]);

/* Start Sniffing and print Hex of every packet */

while(packets_to_sniff--)
{
if((len = recvfrom(raw, packet_buffer, 2048, 0, (struct sockaddr*)&packet_info, &packet_info_size)) == -1)
{
perror("Recv from returned -1: ");
exit(-1);
}
else
{
/* Packet has been received successfully !! */

PrintPacketInHex(packet_buffer, len);

/* Parse Ethernet Header */

ParseEthernetHeader(packet_buffer, len);

/* Parse IP Header */

ParseIpHeader(packet_buffer, len);

/* Parse TCP Header */

ParseTcpHeader(packet_buffer, len);

if(IsIpAndTcpPacket(packet_buffer, len))
{
if(!ParseData(packet_buffer, len))
packets_to_sniff++;
}

}
}


return 0;
}


Posted by at No comments:

HACK YOURSELF: DATA PACKET SNIFFER PROGRAMMING


#include<stdio.h>
#include<stdlib.h>
#include<sys/socket.h>
#include<features.h>
#include<linux/if_packet.h>
#include<linux/if_ether.h>
#include<errno.h>
#include<sys/ioctl.h>
#include<net/if.h>
#include<linux/ip.h>
#include<linux/tcp.h>
#include<netinet/in.h>


int CreateRawSocket(int protocol_to_sniff)
{
int rawsock;

if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(protocol_to_sniff)))== -1)
{
perror("Error creating raw socket: ");
exit(-1);
}

return rawsock;
}

int BindRawSocketToInterface(char *device, int rawsock, int protocol)
{

struct sockaddr_ll sll;
struct ifreq ifr;

bzero(&sll, sizeof(sll));
bzero(&ifr, sizeof(ifr));

/* First Get the Interface Index  */


strncpy((char *)ifr.ifr_name, device, IFNAMSIZ);
if((ioctl(rawsock, SIOCGIFINDEX, &ifr)) == -1)
{
printf("Error getting Interface index !\n");
exit(-1);
}

/* Bind our raw socket to this interface */

sll.sll_family = AF_PACKET;
sll.sll_ifindex = ifr.ifr_ifindex;
sll.sll_protocol = htons(protocol);


if((bind(rawsock, (struct sockaddr *)&sll, sizeof(sll)))== -1)
{
perror("Error binding raw socket to interface\n");
exit(-1);
}

return 1;

}

void PrintPacketInHex(unsigned char *packet, int len)
{
unsigned char *p = packet;

printf("\n\n---------Packet---Starts----\n\n");

while(len--)
{
printf("%.2x ", *p);
p++;
}

printf("\n\n--------Packet---Ends-----\n\n");

}


PrintInHex(char *mesg, unsigned char *p, int len)
{
printf(mesg);

while(len--)
{
printf("%.2X ", *p);
p++;
}

}


ParseEthernetHeader(unsigned char *packet, int len)
{
struct ethhdr *ethernet_header;

if(len > sizeof(struct ethhdr))
{
ethernet_header = (struct ethhdr *)packet;

/* First set of 6 bytes are Destination MAC */

PrintInHex("Destination MAC: ", ethernet_header->h_dest, 6);
printf("\n");

/* Second set of 6 bytes are Source MAC */

PrintInHex("Source MAC: ", ethernet_header->h_source, 6);
printf("\n");

/* Last 2 bytes in the Ethernet header are the protocol it carries */

PrintInHex("Protocol: ",(void *)&ethernet_header->h_proto, 2);
printf("\n");


}
else
{
printf("Packet size too small !\n");
}
}

ParseIpHeader(unsigned char *packet, int len)
{
struct ethhdr *ethernet_header;
struct iphdr *ip_header;

/* First Check if the packet contains an IP header using
  the Ethernet header                                */

ethernet_header = (struct ethhdr *)packet;

if(ntohs(ethernet_header->h_proto) == ETH_P_IP)
{
/* The IP header is after the Ethernet header  */

if(len >= (sizeof(struct ethhdr) + sizeof(struct iphdr)))
{
ip_header = (struct iphdr*)(packet + sizeof(struct ethhdr));

/* print the Source and Destination IP address */

printf("Dest IP address: %s\n", inet_ntoa(ip_header->daddr));
printf("Source IP address: %s\n", inet_ntoa(ip_header->saddr));


}
else
{
printf("IP packet does not have full header\n");
}

}
else
{
/* Not an IP packet */

}
}



ParseTcpHeader(unsigned char *packet , int len)
{
struct ethhdr *ethernet_header;
struct iphdr *ip_header;
struct tcphdr *tcp_header;

/* Check if enough bytes are there for TCP Header */

if(len >= (sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct tcphdr)))
{
/* Do all the checks: 1. Is it an IP pkt ? 2. is it TCP ? */

ethernet_header = (struct ethhdr *)packet;

if(ntohs(ethernet_header->h_proto) == ETH_P_IP)
{
ip_header = (struct iphdr *)(packet + sizeof(struct ethhdr));

if(ip_header->protocol == IPPROTO_TCP)
{
tcp_header = (struct tcphdr*)(packet + sizeof(struct ethhdr) + ip_header->ihl*4 );
/* Print the Dest and Src ports */

printf("Source Port: %d\n", ntohs(tcp_header->source));
printf("Dest Port: %d\n", ntohs(tcp_header->dest));

}
else
{
printf("Not a TCP packet\n");
}
}
else
{
printf("Not an IP packet\n");
}

}
else
{
printf("TCP Header not present \n");

}
}

int ParseData(unsigned char *packet, int len)
{
struct ethhdr *ethernet_header;
struct iphdr *ip_header;
struct tcphdr *tcp_header;
unsigned char *data;
int data_len;

/* Check if any data is there */

if(len > (sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct tcphdr)))
{

ip_header = (struct iphdr*)(packet + sizeof(struct ethhdr));


data = (packet + sizeof(struct ethhdr) + ip_header->ihl*4 +sizeof(struct tcphdr));
data_len = ntohs(ip_header->tot_len) - ip_header->ihl*4 - sizeof(struct tcphdr);

if(data_len)
{
printf("Data Len : %d\n", data_len);
PrintInHex("Data : ", data, data_len);
printf("\n\n");
return 1;
}
else
{
printf("No Data in packet\n");
return 0;
}
}
else
{
printf("No Data in packet\n");
return 0;
}

}

int IsIpAndTcpPacket(unsigned char *packet, int len)
{
struct ethhdr *ethernet_header;
struct iphdr *ip_header;

ethernet_header = (struct ethhdr *)packet;

if(ntohs(ethernet_header->h_proto) == ETH_P_IP)
{
ip_header = (struct iphdr *)(packet + sizeof(struct ethhdr));

if(ip_header->protocol == IPPROTO_TCP)
return 1;
else
return -1;
}
else
{
return -1;
}

}

main(int argc, char **argv)
{
int raw;
unsigned char packet_buffer[2048];
int len;
int packets_to_sniff;
struct sockaddr_ll packet_info;
int packet_info_size = sizeof(packet_info);

/* create the raw socket */

raw = CreateRawSocket(ETH_P_IP);

/* Bind socket to interface */

BindRawSocketToInterface(argv[1], raw, ETH_P_IP);

/* Get number of packets to sniff from user */

packets_to_sniff = atoi(argv[2]);

/* Start Sniffing and print Hex of every packet */

while(packets_to_sniff--)
{
if((len = recvfrom(raw, packet_buffer, 2048, 0, (struct sockaddr*)&packet_info, &packet_info_size)) == -1)
{
perror("Recv from returned -1: ");
exit(-1);
}
else
{
/* Packet has been received successfully !! */

PrintPacketInHex(packet_buffer, len);

/* Parse Ethernet Header */

ParseEthernetHeader(packet_buffer, len);

/* Parse IP Header */

ParseIpHeader(packet_buffer, len);

/* Parse TCP Header */

ParseTcpHeader(packet_buffer, len);

if(IsIpAndTcpPacket(packet_buffer, len))
{
if(!ParseData(packet_buffer, len))
packets_to_sniff++;
}

}
}


return 0;
}


Posted by at No comments:

HACK YOURSELF:ARP PACKET INJECTION PROGRAM


#include<stdio.h>
#include<stdlib.h>
#include<sys/socket.h>
#include<features.h>
#include<net/if.h>
#include<linux/if_packet.h>
#include<linux/if_ether.h>
#include<errno.h>
#include<sys/ioctl.h>
#include<net/ethernet.h>
#include<net/if_arp.h>
#include<arpa/inet.h>
#include<netinet/in.h>


#define SRC_ETHER_ADDR "aa:aa:aa:aa:aa:aa"
#define DST_ETHER_ADDR "bb:bb:bb:bb:bb:bb"
#define SRC_IP "192.168.0.10"
#define DST_IP "192.168.0.11"

typedef struct EthernetHeader{

unsigned char destination[6];
unsigned char source[6];
unsigned short protocol;

}EthernetHeader;

typedef struct ArpHeader{

unsigned short hardware_type;
unsigned short protocol_type;
unsigned char hard_addr_len;
unsigned char prot_addr_len;
unsigned short opcode;
unsigned char source_hardware[6];
unsigned char source_ip[4];
unsigned char dest_hardware[6];
unsigned char dest_ip[4];
}ArpHeader;


int CreateRawSocket(int protocol_to_sniff)
{
int rawsock;

if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(protocol_to_sniff)))== -1)
{
perror("Error creating raw socket: ");
exit(-1);
}

return rawsock;
}

int BindRawSocketToInterface(char *device, int rawsock, int protocol)
{

struct sockaddr_ll sll;
struct ifreq ifr;

bzero(&sll, sizeof(sll));
bzero(&ifr, sizeof(ifr));

/* First Get the Interface Index  */


strncpy((char *)ifr.ifr_name, device, IFNAMSIZ);
if((ioctl(rawsock, SIOCGIFINDEX, &ifr)) == -1)
{
printf("Error getting Interface index !\n");
exit(-1);
}

/* Bind our raw socket to this interface */

sll.sll_family = AF_PACKET;
sll.sll_ifindex = ifr.ifr_ifindex;
sll.sll_protocol = htons(protocol);


if((bind(rawsock, (struct sockaddr *)&sll, sizeof(sll)))== -1)
{
perror("Error binding raw socket to interface\n");
exit(-1);
}

return 1;

}


int SendRawPacket(int rawsock, unsigned char *pkt, int pkt_len)
{
int sent= 0;

/* A simple write on the socket ..thats all it takes ! */

if((sent = write(rawsock, pkt, pkt_len)) != pkt_len)
{
/* Error */
printf("Could only send %d bytes of packet of length %d\n", sent, pkt_len);
return 0;
}

return 1;


}

EthernetHeader* CreateEthernetHeader(char *src_mac, char *dst_mac, int protocol)
{
EthernetHeader  *ethernet_header;


ethernet_header = (EthernetHeader *)malloc(sizeof(EthernetHeader));

/* copy the Src mac addr */

memcpy(ethernet_header->source, (void *)ether_aton(src_mac), 6);

/* copy the Dst mac addr */

memcpy(ethernet_header->destination, (void *)ether_aton(dst_mac), 6);

/* copy the protocol */

ethernet_header->protocol = htons(protocol);

/* done ...send the header back */

return (ethernet_header);
}

ArpHeader *CreateArpHeader(void)
{
ArpHeader *arp_header;
in_addr_t temp;

arp_header = (ArpHeader *)malloc(sizeof(struct ArpHeader));

/* Fill the ARP header */
arp_header->hardware_type = htons(ARPHRD_ETHER);
arp_header->protocol_type = htons(ETHERTYPE_IP);
arp_header->hard_addr_len = 6;
arp_header->prot_addr_len = 4;
arp_header->opcode = htons(ARPOP_REPLY);
memcpy(arp_header->source_hardware, (void *)ether_aton(SRC_ETHER_ADDR) , 6);
temp = inet_addr(SRC_IP);
memcpy(&(arp_header->source_ip), &temp, 4);
memcpy(arp_header->dest_hardware, (void *) ether_aton(DST_ETHER_ADDR) , 6);
temp = inet_addr(DST_IP);
memcpy(&(arp_header->dest_ip), &temp, 4);

return arp_header;
}



/* argv[1] is the device e.g. eth0    */

main(int argc, char **argv)
{

int raw;
unsigned char *packet;
EthernetHeader *ethernet_header;
ArpHeader *arp_header;
int pkt_len;

/* Create the raw socket */

raw = CreateRawSocket(ETH_P_ALL);

/* Bind raw socket to interface */

BindRawSocketToInterface(argv[1], raw, ETH_P_ALL);

/* create Ethernet header */

ethernet_header = CreateEthernetHeader(SRC_ETHER_ADDR, DST_ETHER_ADDR, ETHERTYPE_ARP);

/* Create ARP header */

arp_header = CreateArpHeader();

/* Find packet length  */

pkt_len = sizeof(EthernetHeader) + sizeof(ArpHeader);

/* Allocate memory to packet */

packet = (unsigned char *)malloc(pkt_len);

/* Copy the Ethernet header first */

memcpy(packet, ethernet_header, sizeof(EthernetHeader));

/* Copy the ARP header - but after the ethernet header */

memcpy((packet + sizeof(EthernetHeader)), arp_header, sizeof(ArpHeader));

/* Send the packet out ! */

if(!SendRawPacket(raw, packet, pkt_len))
{
perror("Error sending packet");
}
else
printf("Packet sent successfully\n");

/* Free the memory back to the heavenly heap */

free(ethernet_header);
free(arp_header);
free(packet);

close(raw);

return 0;
}
Posted by at No comments:
Posted by at No comments:

IBPS 2012

Posted by at No comments:

NAVY SAILOR ENTRY

Posted by at No comments:
Subscribe to: Comments (Atom)