Several days ago I wrote a spoofing SYN c++ program, I execute it on one PC, sending the spoofed syn to my own computer. But I can't see any SYN packets by running ethereal on my own computer. I captured only one IP(but protocol I set in the spoofed syn is TCP) packet, the info is: IPv6 hop-by-hop option(0x00) , and this IP packet used the real source ip, not the spoofed source ip I set in the program... I want to know if there is anything wrong with my program? Can anyone help me? Thanks in advance. Both computers' system are XP, and the program is the following:
int _tmain(int argc, _TCHAR* argv[])
{
class SpoofSocket spoof_socket;
WSADATA WSAData;
int ret=WSAStartup(MAKEWORD(2,
2),&WSADat
a);
//Create Raw_Socket
bool ip_hdrincl=true;
int SendTimeOver=1000;
SOCKET raw_sock=WSASocket(AF_INET
,SOCK_RAW,
IPPROTO_IP
,NULL,0,WS
A_FLAG_OVE
RLAPPED);
setsockopt(raw_sock,IPPROT
O_IP,IP_HD
RINCL,(cha
r *)&ip_hdrincl,sizeof(ip_hd
rincl));
setsockopt(raw_sock,SOL_SO
CKET,SO_SN
DTIMEO,(ch
ar *)&SendTimeOver,sizeof(Sen
dTimeOver)
);
unsigned int s_ipAddress=inet_addr("192
.168.0.103
");
unsigned int d_ipAddress=inet_addr("192
.168.0.104
");
unsigned short s_port=2006;
unsigned short d_port=8000;
unsigned int seq=0x00000000;
unsigned int ack=0x00000001;
//Spoof buffer for sending
spoof_socket.SetIP_Head_Bu
ffer(s_ipA
ddress,d_i
pAddress);
spoof_socket.SetTCP_Head_B
uffer(s_po
rt,d_port,
2,seq,ack+
1);
int len=spoof_socket.tcp_head_
len+spoof_
socket.ip_
head_len;
SOCKADDR_IN addr_client1_in;
addr_client1_in.sin_family
=AF_INET;
addr_client1_in.sin_port=h
tons(d_por
t);
addr_client1_in.sin_addr.S
_un.S_addr
=d_ipAddre
ss;
int send_bytes=sendto(raw_sock
,spoof_soc
ket.SendBu
ffer,len,0
,(struct sockaddr*)&addr_client1_in
,sizeof(ad
dr_client1
_in));
Console::WriteLine(S"Send one SYN+ACK success!!!");
closesocket(raw_sock);
WSACleanup();
char i;
cin>>i;
return 0;
}
spoofsocket.cpp:
unsigned short SpoofSocket::checksum(unsi
gned short *buffer,int size){
unsigned short cksum=0;
while(size>1)
{
cksum+=*buffer++;
size-=sizeof(unsigned short);
}
if(size)
{
cksum+=*(unsigned char*)buffer;
}
cksum=(cksum>>16) + (cksum&0xffff);
cksum+=(cksum>>16);
return cksum;
};
void SpoofSocket::SetIP_Head_Bu
ffer(unsig
ned long SourceAddress,unsigned long DestAddress){
//Set ip_header
ip_header.h_lenver=(4<<4|s
izeof(ip_h
eader)/siz
eof(unsign
ed int));
ip_header.tos=0;
ip_header.total_len=htons(
sizeof(ip_
header)+si
zeof(tcp_h
eader));
ip_header.ident=1;
ip_header.flags=0;
ip_header.ttl=(unsigned char)GetTickCount()%87+123
;
ip_header.proto=IPPROTO_TC
P;
ip_header.checksum=0;
ip_header.sourceIP=SourceA
ddress;
ip_header.destIP=DestAddre
ss;
};
void SpoofSocket::SetTCP_Head_B
uffer(unsi
gned short SourcePort,unsigned short DestPort,unsigned char flag,unsigned long seqNumber,unsigned long ackNumber){
//Set tcp_Header
tcp_header.th_dport=htons(
DestPort);
tcp_header.th_sport=htons(
SourcePort
);
tcp_header.th_seq=htonl(se
qNumber);
tcp_header.th_ack=htonl(ac
kNumber);
tcp_header.th_lenres=(size
of(tcp_hea
der)/4<<4|
0);
tcp_header.th_flags=flag;/
/flag=2 is SYN; flag=16 is ACK; flag=12 is SYN_ACK
tcp_header.th_win=htons(51
2);
tcp_header.th_urp=0;
tcp_header.th_sum=0;
//Set TCP psudHeader
psd_header.saddr=ip_header
.sourceIP;
psd_header.daddr=ip_header
.destIP;
psd_header.mbz=0;
psd_header.ptcl=IPPROTO_TC
P;
psd_header.tcpl=htons(size
of(tcp_hea
der));
//Get header length
psd_head_len=sizeof(psd_he
ader);
tcp_head_len=sizeof(tcp_he
ader);
ip_head_len=sizeof(ip_head
er);
send_buffer=new BYTE[psd_head_len+tcp_head
_len];
//Compute the Checksum value
memset(send_buffer,0,psd_h
ead_len+tc
p_head_len
);
memcpy(send_buffer,&psd_he
ader,psd_h
ead_len);
memcpy(send_buffer+psd_hea
d_len,&tcp
_header,tc
p_head_len
);
tcp_header.th_sum=checksum
((unsigned
short *)send_buffer,psd_head_len
+tcp_head_
len);
send_buffer=new BYTE[tcp_head_len+ip_head_
len];
//put spoofed IP and TCP header into the SendBuffer
memset(send_buffer,0,tcp_h
ead_len+ip
_head_len)
;
memcpy(send_buffer,&ip_hea
der,ip_hea
d_len);
memcpy(send_buffer+ip_head
_len,&tcp_
header,tcp
_head_len)
;
ip_header.checksum=checksu
m((unsigne
d short *)send_buffer,ip_head_len+
tcp_head_l
en);
memset(send_buffer,0,tcp_h
ead_len+ip
_head_len)
;
memcpy(send_buffer,&ip_hea
der,ip_hea
d_len);
memcpy(send_buffer+ip_head
_len,&tcp_
header,tcp
_head_len)
;
char SendBuffer[60]={0};
memcpy(SendBuffer,send_buf
fer,tcp_he
ad_len+ip_
head_len);
};
spoofsocket.h
typedef struct ip_head{
unsigned char h_lenver; //four bits for header length;four bits for IP version
unsigned char tos; //eight bits for Type of Service
unsigned short total_len;// 16bits for total length
unsigned short ident;
unsigned short flags; //3flags
unsigned char ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP; //32bits source IP
unsigned int destIP;//32bits destination IP
}IPHEADER;
typedef struct tcp_head{
unsigned short th_sport;//16bits source port
unsigned short th_dport;//16bits destination port
unsigned int th_seq;//32bits sequence number
unsigned int th_ack;//32bits confirmation number
unsigned char th_lenres;//four bits for header length;four bits for restoring key words
unsigned char th_flags;//6flags
unsigned short th_win;//16bits windows size
unsigned short th_sum;//16bits checksum
unsigned short th_urp;//16bits urgent data offsets
}TCPHEADER;
//define TCP pseudHeader
typedef struct ts_head{
unsigned long saddr;
unsigned long daddr;
char mbz;
char ptcl;//protocol type
unsigned short tcpl;//TCP length
}PSDHEADER;
class SpoofSocket {
public:
SpoofSocket(){};
~SpoofSocket(){};
unsigned short checksum(unsigned short *,int);
void SetIP_Head_Buffer(unsigned
long SourceAddress,unsigned long DestAddress);
void SetTCP_Head_Buffer(unsigne
d short SourcePort,unsigned short DestPort,unsigned char flag,unsigned long seqNumber,unsigned long ackNumber);
unsigned short psd_sport;
bool result;
char SendBuffer[60];
BYTE * send_buffer;
int psd_head_len;
int tcp_head_len;
int ip_head_len;
TCPHEADER tcp_header;
PSDHEADER psd_header;
IPHEADER ip_header;
};
