4. Password sniffer

Password sniffer

  • ?

    hi leute ich schrieb folgenden code, welcher traffic snifft und tcpheader und payload ausgiebt, nun meine frage , ist es möglich nur packete auszugeben die das wort "pass" enthalten ;=), habe es mit strstr und strncmp versucht , aber meine vermutung ist das diese funktion einfach zulangsam ist...
    danke im voraus

    /*
You Have to link it with WS2_32.lib
I have this code successfully compiled and tested under win2k and vc6++

This code is my first try with raw sockets under windows!
This code based on 
->http://blacksun.box.sk/tutorials/format.php3?file=part3.html
->http://www.somethinginteresting.org/poorsniff/
->And Linsniffer

comments to ich@delikon.de or visit me at www.delikon.de

The output looks like this 

************PACKETstart************
192.168.0.113->194.6*.*.*
TTL=128
Flags=6144
destport=110
sourceport=1279

-----------DATAstart---------
PASS ******

-----------DATAend---------

***************PACKETend************

The Flags are in this example only numbers, i don't have time to write a function which can 
convert it. So do it you self :=)
fin 256
syn 512
rst 1024
psh 2048
ack 4096
urg 8192

P.S If in a packet are two flags like fin and syn the number is (256+512)=768
mhh thats all i think.

*/

#include "head.h"

#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
#define MAX_ADDR_LEN 16
#define MAX_HOSTNAME_LAN 255
char Pass[65];
char Pass2[65];

/*Under Construction ;=)
void flag (int f)
{
if (f ==256)
printf("Fin");

if (f == 512)
printf("Syn");

if (f == 1024)
printf("Rst");

if (f == 2048)
printf("Psh");

if (f == 4096)
printf("Ack");

if (f == 8192)
printf("Urg");

else
{}

}

*/
//Thanks too Mike Edulla for Linsniffer 
void print_data(int datalen, char *data)
{

   int t=0;

   for(int i=38;i != datalen;i++)
   {
      if(data[i] == 13)
      {
      printf("\n");
      t=0;
      }

      if(isprint(data[i]))
      {
      sprintf(Pass,"%c", data[i]);
      t++;
      printf("%s",Pass);

      }

      if(t > 75)
      {
      t=0;
      printf("\n");
      }
   }
}

typedef struct _iphdr
{
unsigned char h_lenver;
unsigned char tos;
unsigned short total_len;
unsigned short ident;
unsigned short frag_and_flags;
unsigned char ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP;
unsigned int destIP;
}IP_HDR;

typedef struct tcpheader {
     unsigned short int sport;
     unsigned short int dport;
     unsigned int th_seq;
     unsigned int th_ack;
     unsigned char th_x2:4;
     unsigned char th_off:4;
     unsigned char Flags;
     unsigned short int th_win;
     unsigned short int th_sum;
     unsigned short int th_urp;
}TCP_HDR;

void RecvPacket();
int filterpacket(char *buf);

char     output[500];

void main()
{
RecvPacket();
}

void RecvPacket()
{
    SOCKET        sock;
    WSADATA       wsd;
    char RecvBuf[65535] = {0};
DWORD  dwBytesRet;
unsigned int  optval = 1;

WSAStartup(MAKEWORD(2,1),&wsd);

sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP);

char FAR name[MAX_HOSTNAME_LAN];
gethostname(name, MAX_HOSTNAME_LAN);

struct hostent FAR * pHostent;
pHostent = (struct hostent * )malloc(sizeof(struct hostent));
pHostent = gethostbyname(name);

SOCKADDR_IN sa;
sa.sin_family = AF_INET;
sa.sin_port = htons(6000);

memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length);

bind(sock, (SOCKADDR *)&sa, sizeof(sa));

WSAIoctl(sock, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL);

while (1)
    {
    memset(RecvBuf, 0, sizeof(RecvBuf));

recv(sock, RecvBuf, sizeof(RecvBuf), 0);

// Filter the Packet

IP_HDR *pIpheader;
TCP_HDR *pTcpheader;

char szSourceIP[MAX_ADDR_LEN], szDestIP[MAX_ADDR_LEN];
SOCKADDR_IN saSource, saDest;

pIpheader = (IP_HDR *)RecvBuf;
pTcpheader = (TCP_HDR *)(RecvBuf+ sizeof(IP_HDR));

//Check Source IP
saSource.sin_addr.s_addr = pIpheader->sourceIP;
strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN);

//Check Dest IP
saDest.sin_addr.s_addr = pIpheader->destIP;
strncpy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN);

printf("\n************PACKETstart************\n");
printf("%s->%s\n", szSourceIP, szDestIP);

printf("TTL=%d\n",pIpheader->ttl);

printf("Flags=%d\n",htons(pTcpheader->Flags));

printf("destport=%d\nsourceport=%d\n", ntohs(pTcpheader->dport),ntohs(pTcpheader->sport));

printf("\n\n\n-----------DATAstart---------\n");

print_data(13+(htons(pIpheader->total_len))-sizeof(pIpheader)-sizeof(pTcpheader), RecvBuf);

printf("\n-----------DATAend---------\n");
printf("\n\n***************PACKETend************\n");

    }

}
    0
Anmelden zum Antworten