18,356
社区成员
发帖
与我相关
我的任务
分享如何修改tcp包中的数据
我想拦截包含数据age=23的tcp包,并修改tcp包中的数据age=32后发送,只是修改age这个数据,其它信息完全不变。如下图
请问如何实现?有例子吗?
请问如何实现?有例子吗?
...全文
请发表友善的回复…
发表回复
不二土人 2016-12-30
- 打赏
- 举报
哥们,最后你怎么解决的,可否借鉴借鉴,我现在需要修改获取到的数据包
不二土人 2016-12-29
- 打赏
- 举报
libpcap中呢,怎么修改tcp的源端口字段,重新计算校验和、发送
小小爬虾 2016-04-05
- 打赏
- 举报
已经解决,hook了wsasend,修改buffer中相应字段,发送。
vcf_reader 2016-04-02
- 打赏
- 举报
楼主有窃取私密信息的嫌疑
小小爬虾 2016-04-02
- 打赏
- 举报
技术不可耻。
_船长_ 2016-03-31
- 打赏
- 举报
winpcap做到了抓到指定数据包,然后解析,修改,发送。但是原包一样会发送。[/quote]
首先你要明确winpcap的作用,它仅仅是监控网络上的数据包(也就是通常的抓包),但是不能阻止数据包的正常收发,其功能不同于防火墙的作用
小小爬虾 2016-03-31
- 打赏
- 举报
我还是用hook send来解决这个问题了。等解决了就把代码贴出来。
小小爬虾 2016-03-31
- 打赏
- 举报
[quote=引用 10 楼 WUYUAN2011WOAINI 的回复:]
我决定还是用hook send来解决这个问题吧。
kuankuan_qiao 2016-03-31
- 打赏
- 举报
winpcap做到了抓到指定数据包,然后解析,修改,发送。但是原包一样会发送。[/quote]
首先你要明确winpcap的作用,它仅仅是监控网络上的数据包(也就是通常的抓包),但是不能阻止数据包的正常收发,其功能不同于防火墙的作用[/quote]
#include "pcap.h"
/* 回调函数原型 */
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);
main(int argc, char **argv)
{
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i=0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_dumper_t *dumpfile;
/* 检查程序输入参数 */
if(argc != 2)
{
printf("usage: %s filename", argv[0]);
return -1;
}
/* 获取本机设备列表 */
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
/* 打印列表 */
for(d=alldevs; d; d=d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if(i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return -1;
}
printf("Enter the interface number (1-%d):",i);
scanf("%d", &inum);
if(inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
/* 释放列表 */
pcap_freealldevs(alldevs);
return -1;
}
/* 跳转到选中的适配器 */
for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
/* 打开适配器 */
if ( (adhandle= pcap_open(d->name, // 设备名
65536, // 要捕捉的数据包的部分
// 65535保证能捕获到不同数据链路层上的每个数据包的全部内容
PCAP_OPENFLAG_PROMISCUOUS, // 混杂模式
1000, // 读取超时时间
NULL, // 远程机器验证
errbuf // 错误缓冲池
) ) == NULL)
{
fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
/* 释放设备列表 */
pcap_freealldevs(alldevs);
return -1;
}
/* 打开堆文件 */
dumpfile = pcap_dump_open(adhandle, argv[1]);
if(dumpfile==NULL)
{
fprintf(stderr,"\nError opening output file\n");
return -1;
}
printf("\nlistening on %s... Press Ctrl+C to stop...\n", d->description);
/* 释放设备列表 */
pcap_freealldevs(alldevs);
/* 开始捕获 */
pcap_loop(adhandle, 0, packet_handler, (unsigned char *)dumpfile);
return 0;
}
/* 回调函数,用来处理数据包 */
void packet_handler(u_char *dumpfile, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
/* 保存数据包到堆文件 */
pcap_dump(dumpfile, header, pkt_data);
}#include <stdio.h>
#include <pcap.h>
#define LINE_LEN 16
void dispatcher_handler(u_char *, const struct pcap_pkthdr *, const u_char *);
main(int argc, char **argv)
{
pcap_t *fp;
char errbuf[PCAP_ERRBUF_SIZE];
char source[PCAP_BUF_SIZE];
if(argc != 2){
printf("usage: %s filename", argv[0]);
return -1;
}
/* 根据新WinPcap语法创建一个源字符串 */
if ( pcap_createsrcstr( source, // 源字符串
PCAP_SRC_FILE, // 我们要打开的文件
NULL, // 远程主机
NULL, // 远程主机端口
argv[1], // 我们要打开的文件名
errbuf // 错误缓冲区
) != 0)
{
fprintf(stderr,"\nError creating a source string\n");
return -1;
}
/* 打开捕获文件 */
if ( (fp= pcap_open(source, // 设备名
65536, // 要捕捉的数据包的部分
// 65535保证能捕获到不同数据链路层上的每个数据包的全部内容
PCAP_OPENFLAG_PROMISCUOUS, // 混杂模式
1000, // 读取超时时间
NULL, // 远程机器验证
errbuf // 错误缓冲池
) ) == NULL)
{
fprintf(stderr,"\nUnable to open the file %s.\n", source);
return -1;
}
// 读取并解析数据包,直到EOF为真
pcap_loop(fp, 0, dispatcher_handler, NULL);
return 0;
}
void dispatcher_handler(u_char *temp1,
const struct pcap_pkthdr *header, const u_char *pkt_data)
{
u_int i=0;
/* 打印pkt时间戳和pkt长度 */
printf("%ld:%ld (%ld)\n", header->ts.tv_sec, header->ts.tv_usec, header->len);
/* 打印数据包 */
for (i=1; (i < header->caplen + 1 ) ; i++)
{
printf("%.2x ", pkt_data[i-1]);
if ( (i % LINE_LEN) == 0) printf("\n");
}
printf("\n\n");
}/*
* Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy)
* Copyright (c) 2005 - 2006 CACE Technologies, Davis (California)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Politecnico di Torino, CACE Technologies
* nor the names of its contributors may be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdlib.h>
#include <stdio.h>
#include <pcap.h>
#error At the moment the kernel dump feature is not supported in the driver
main(int argc, char **argv) {
pcap_if_t *alldevs, *d;
pcap_t *fp;
u_int inum, i=0;
char errbuf[PCAP_ERRBUF_SIZE];
printf("kdump: saves the network traffic to file using WinPcap kernel-level dump faeature.\n");
printf("\t Usage: %s [adapter] | dump_file_name max_size max_packs\n", argv[0]);
printf("\t Where: max_size is the maximum size that the dump file will reach (0 means no limit)\n");
printf("\t Where: max_packs is the maximum number of packets that will be saved (0 means no limit)\n\n");
if(argc < 5){
/* 用户没有提供数据源。获取设备列表 */
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
/* 打印列表 */
for(d=alldevs; d; d=d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if(i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return -1;
}
printf("Enter the interface number (1-%d):",i);
scanf("%d", &inum);
if(inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
/* 释放列表 */
return -1;
}
/* 跳转到所选的设备 */
for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
/* 打开设备 */
if ( (fp = pcap_open_live(d->name, 100, 1, 20, errbuf) ) == NULL)
{
fprintf(stderr,"\nError opening adapter\n");
return -1;
}
/* 释放设备列表 */
pcap_freealldevs(alldevs);
/* 开始堆过程 */
if(pcap_live_dump(fp, argv[1], atoi(argv[2]), atoi(argv[3]))==-1){
printf("Unable to start the dump, %s\n", pcap_geterr(fp));
return -1;
}
}
else{
/* 打开设备 */
if ( (fp= pcap_open_live(argv[1], 100, 1, 20, errbuf) ) == NULL)
{
fprintf(stderr,"\nError opening adapter\n");
return -1;
}
/* 开始堆过程 */
if(pcap_live_dump(fp, argv[0], atoi(argv[1]), atoi(argv[2]))==-1){
printf("Unable to start the dump, %s\n", pcap_geterr(fp));
return -1;
}
}
/* 等待,知道堆过程完成,也就是当数据到达max_size或max_packs的时候 */
pcap_live_dump_ended(fp, TRUE);
/* 关闭适配器,这样,就可以将数据立刻输出到文件了 */
pcap_close(fp);
return 0;
}kuankuan_qiao 2016-03-31
- 打赏
- 举报
/*
* Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy)
* Copyright (c) 2005 - 2006 CACE Technologies, Davis (California)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Politecnico di Torino, CACE Technologies
* nor the names of its contributors may be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdlib.h>
#include <stdio.h>
#include <pcap.h>
#include <remote-ext.h>
void usage();
void main(int argc, char **argv)
{
pcap_t *indesc,*outdesc;
char errbuf[PCAP_ERRBUF_SIZE];
char source[PCAP_BUF_SIZE];
FILE *capfile;
int caplen, sync;
u_int res;
pcap_send_queue *squeue;
struct pcap_pkthdr *pktheader;
u_char *pktdata;
float cpu_time;
u_int npacks = 0;
/* 检查命令行参数的合法性 */
if (argc <= 2 || argc >= 5)
{
usage();
return;
}
/* 获取捕获文件长度 */
capfile=fopen(argv[1],"rb");
if(!capfile){
printf("Capture file not found!\n");
return;
}
fseek(capfile , 0, SEEK_END);
caplen= ftell(capfile)- sizeof(struct pcap_file_header);
fclose(capfile);
/* 检查时间戳是否合法 */
if(argc == 4 && argv[3][0] == 's')
sync = TRUE;
else
sync = FALSE;
/* 开始捕获 */
/* 根据WinPcap的新语法创建一个源字符串 */
if ( pcap_createsrcstr( source, // 源字符串
PCAP_SRC_FILE, // 我们要打开的文件
NULL, // 远程主机
NULL, // 远程主机的端口
argv[1], // 我们要打开的文件名
errbuf // 错误缓冲
) != 0)
{
fprintf(stderr,"\nError creating a source string\n");
return;
}
/* 打开捕获文件 */
if ( (indesc= pcap_open(source, 65536, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errbuf) ) == NULL)
{
fprintf(stderr,"\nUnable to open the file %s.\n", source);
return;
}
/* 打开要输出的适配器 */
if ( (outdesc= pcap_open(argv[2], 100, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errbuf) ) == NULL)
{
fprintf(stderr,"\nUnable to open adapter %s.\n", source);
return;
}
/* 检查MAC的类型 */
if (pcap_datalink(indesc) != pcap_datalink(outdesc))
{
printf("Warning: the datalink of the capture differs from the one of the selected interface.\n");
printf("Press a key to continue, or CTRL+C to stop.\n");
getchar();
}
/* 分配发送队列 */
squeue = pcap_sendqueue_alloc(caplen);
/* 从文件中将数据包填充到发送队列 */
while ((res = pcap_next_ex( indesc, &pktheader, &pktdata)) == 1)
{
if (pcap_sendqueue_queue(squeue, pktheader, pktdata) == -1)
{
printf("Warning: packet buffer too small, not all the packets will be sent.\n");
break;
}
npacks++;
}
if (res == -1)
{
printf("Corrupted input file.\n");
pcap_sendqueue_destroy(squeue);
return;
}
/* 发送队列 */
cpu_time = (float)clock ();
if ((res = pcap_sendqueue_transmit(outdesc, squeue, sync)) < squeue->len)
{
printf("An error occurred sending the packets: %s. Only %d bytes were sent\n", pcap_geterr(outdesc), res);
}
cpu_time = (clock() - cpu_time)/CLK_TCK;
printf ("\n\nElapsed time: %5.3f\n", cpu_time);
printf ("\nTotal packets generated = %d", npacks);
printf ("\nAverage packets per second = %d", (int)((double)npacks/cpu_time));
printf ("\n");
/* 释放发送队列 */
pcap_sendqueue_destroy(squeue);
/* 关闭输入文件 */
pcap_close(indesc);
/*
* 释放输出适配器
* IMPORTANT: 记得一定要关闭适配器,不然就不能保证
* 所有的数据包都回被发送出去
*/
pcap_close(outdesc);
return;
}
void usage()
{
printf("\nSendcap, sends a libpcap/tcpdump capture file to the net. Copyright (C) 2002 Loris Degioanni.\n");
printf("\nUsage:\n");
printf("\t sendcap file_name adapter [s]\n");
printf("\nParameters:\n");
printf("\nfile_name: the name of the dump file that will be sent to the network\n");
printf("\nadapter: the device to use. Use \"WinDump -D\" for a list of valid devices\n");
printf("\ns: if present, forces the packets to be sent synchronously, i.e. respecting the timestamps in the dump file. This option will work only under Windows NTx.\n\n");
exit(0);
}小小爬虾 2016-03-30
- 打赏
- 举报
winpcap做到了抓到指定数据包,然后解析,修改,发送。但是原包一样会发送。
kuankuan_qiao 2016-03-30
- 打赏
- 举报
winpcap好高级
小小爬虾 2016-03-30
- 打赏
- 举报
winpcap抓包没有问题,解析包后修改相应内容,然后再发包?
小小爬虾 2016-03-27
- 打赏
- 举报
针对我的这种问题,有实例吗
小小爬虾 2016-03-27
- 打赏
- 举报
谢谢!直接修改后重发,会不会与原始包重复?
kinkon007 2016-03-25
- 打赏
- 举报
理论上是可以实现的,tcp的包改动了需要重新计算校验和。
_船长_ 2016-03-25
- 打赏
- 举报
winpcap抓包,抓包后,直接修改就可以
