Example of how to forge tcp data packets and perform correct verification and the source code (linux gcc)

Example of how to forge tcp data packets and perform correct verification and the source code (linux gcc)

The following Program is an example of tcp forgery in linux: verification algorithms related to the original socket and tcp/************************ tcp_pseudo do.c ****** * ************* // ** Author: cbchen. */# include # define INTERFACE "eth0" # define IP ""/* Prototype area */int Open_Packet_Socket (); int Open_Raw_Socket (); int Set_Promisc (char * interface, int sock); void send_tcp_ack (int sock Fd, struct sockaddr_in * addr); unsigned short check_sum (unsigned short * addr, int len); struct ip * iprecv; struct tcphdr * tcprecv; struct sockaddr_in addr; int main () {int sockfd, sendfd, bytes_recieved; char buffer [1518]; u_char * buf2; charsaddr [20], daddr [20]; sockfd = Open_Packet_Socket (); sendfd = Open_Raw_Socket (); // printf ("sockfd: % d/tsendfd: % d/n", sockfd, sendfd); int on = 1; /******** set the IP packet format to inform the system kernel module that IP packets are entered by ourselves Write ***/setsockopt (sendfd, IPPROTO_IP, IP_HDRINCL, & on, sizeof (on); Set_Promisc (INTERFACE, sockfd); int count = 1; while (1) {bytes_recieved = recvfrom (sockfd, buffer, 1518, 0, NULL, NULL); buf2 = buffer; buf2 + = 14; iprecv = (struct ip *) buf2; // iprecv + = sizeof (struct ethhdr *); /* See if this is a TCP packet */if (iprecv-> ip_v = 4 & iprecv-> ip_p = 6) {printf ("------------------------- Number % d packet -------------- -------------------------------/N ", count); count ++; printf ("/nBytes encoded ed: % 5d/n ", bytes_recieved); printf (" ip version: % u/n ", iprecv-> ip_v); printf (" IP packet header decoding:/n "); printf (" Source ip: % s/t ", inet_ntoa (iprecv-> ip_src); printf ("Dest ip: % s/t", inet_ntoa (iprecv-> ip_dst); printf ("proto: % u/n ", iprecv-> ip_p); buf2 + = iprecv-> ip_hl <2; printf (" TCP packet header decoding:/n "); tcprecv = (struct tcphdr *) buf2; // tcprecv = (struct Tcphdr *) (buffer + (iprecv-> ip_hl <2); printf ("Source port: % d/n", ntohs (tcprecv-> source )); printf ("Dest port: % d/n", ntohs (tcprecv-> dest); printf ("seq num: % u/n ", ntohl (tcprecv-> seq); printf ("ack num: % u/n", ntohl (tcprecv-> ack_seq); printf ("urg: % x/tack: % x/tpsh: % x/trst: % x/tsyn: % x/tfin: % x/n ", tcprecv-> urg, tcprecv-> ack, tcprecv-> psh, tcprecv-> rst, tcprecv-> syn, tcprecv-> fin); bzero (& addr, sizeof (struct Sockaddr_in); addr. sin_family = AF_INET; // addr2.sin _ port = htons (thdr-> source); addr. sin_port = tcprecv-> source; // addr2.sin _ addr = iphdr-> ip_src; addr. sin_addr = iprecv-> ip_src;/********** sent the blocking package !!!! * ***/If (tcprecv-> syn = 1 & tcprecv-> urg! = 1 & tcprecv-> ack! = 1 & tcprecv-> psh! = 1 & tcprecv-> rst! = 1 & tcprecv-> fin! = 1) {// send_tcp_ack (sendfd, & addr); // printf ("It's a syn pocket! /N ") ;}}close (sockfd); close (sendfd );} // end main/********* implementation of the send blocking package ********* // * void send_tcp_ack (int sockfd, struct sockaddr_in * addr) {struct send_tcp {struct iphdr ip; struct tcphdr tcp;} send_tcp; struct pseudo _ header {unsigned int source_address; unsigned int dest_address; unsigned char protocol; unsigned short protocol; struct tcphdr tcp;} pseudo _ header; int tcp_so Cket; struct sockaddr_in sin; int sinlen; // form ip packet send_tcp.ip.ihl = 5; send_tcp.ip.version = 4; send_tcp.ip.tos = 0; bytes = htons (40); bytes = 0; send_tcp.ip.ttl = 64; token = IPPROTO_TCP; send_tcp.ip.check = 0; token = iprecv-> token; token = addr-> sin_addr.s_addr; // form tcp packet Signature = addr-> si N_port; send_tcp.tcp.source = tcprecv-> dest; records = htonl (ntohl (tcprecv-> seq) + 0x01); records = 0; records = 5; send_tcp.tcp.fin = 0; token = 1; token = 0; token = 0; send_tcp.tcp.ack = 1; token = 0; token = 0; send_tcp.tcp.window = htons (512); send_tcp.tcp.check = 0; token = 0; token Q = tcprecv-> seq; // set fields that need to be changed // send_tcp.tcp.source ++; send_tcp.ip.id = 0; // sent ++; sent = 0; send_tcp.ip.check = 0; // calculate the ip checksum send_tcp.ip.check = in_cksum (unsigned short *) & send_tcp.ip, 20); // set the pseudo header fields Limit = limit; Limit = send_tcp.ip.daddr; pseu Do_header.placeholder = 0; pseudo _ header.protocol = IPPROTO_TCP; Protocol = htons (20); bcopy (char *) & send_tcp.tcp, (char *) & pseudo do_header.tcp, 20 ); send_tcp.tcp.check = in_cksum (unsigned short *) & pseudo do_header, 32); sinlen = sizeof (sin); int count; for (count = 0; count <2; count ++) {if (sendto (sockfd, & send_tcp, 40, 0, (struct sockaddr *) addr, sizeof (struct sockaddr) <0) {printf ("sendto er Ror! /N ");} else {printf (" send packet OK! /N ") ;}} * // * The first checksum algorithm */unsigned short in_cksum (unsigned short * addr, int len)/* function is from ping. c */{register int nleft = len; register u_short * w = addr; register int sum = 0; u_short answer = 0; while (nleft> 1) {sum + = * w ++; nleft-= 2;} if (nleft = 1) {* (u_char *) (& answer) = * (u_char *) w; sum + = answer;} sum = (sum> 16) + (sum & 0 xffff); sum + = (sum> 16); answer = ~ Sum; return (answer);} int Open_Packet_Socket () {int sock; sock = socket (AF_INET, SOCK_PACKET, htons (ETH_P_ALL); if (sock =-1) {perror ("socket"); exit (errno);} printf ("sockfd: % d/n", sock); return (sock);} int Open_Raw_Socket () {int sock; sock = socket (AF_INET, SOCK_RAW, IPPROTO_TCP); if (sock =-1) {perror ("socket"); exit (errno );} printf ("sendfd: % d/n", sock); return (sock);} int Set_Promisc (char * interface, int sockfd) {struct ifreq ifr; strncpy (ifr. ifr_name, interface, strnlen (interface) + 1); if (ioctl (sockfd, SIOCGIFFLAGS, & ifr) =-1) {perror ("ioctl1 "); exit (errno);} ifr. ifr_flags | = IFF_PROMISC; if (ioctl (sockfd, SIOCSIFFLAGS, & ifr) {perror ("ioctl2"); exit (errno);} // printf ("Setting interface ::: % s ::: to promisc... OK .... /n ", interface); return (1 );}