/* This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Sorry for my english , it is not my native language ehehe :) Here is a TCP/UDP/ICMP packets forger, it is very simple to use but you must know the meaning of differents header's fieds.To code this soft i have read the icmp.h , the tcp.h and the udp.h file. I have compiled and tested this program on Linux RedHat 7.1 To compile : gcc -o deltaflown deltaflown.c To use : ./deltaflown protocol source_adress target_adress [OPTIONS] It could be great if we could code a packets forger in GTK+ for all protocols ! If you want to take part in this project , you can send me and email at mindkind@caramail.com (i m looking for coders and if you want to be the main coder , it is possible because i haven't lot of time to devote to coding and i m not a wizard in C language) , Greetz (sans ordre particulier , je ne fais aucune distinction entre mes fans) : ----------------------------------------------------- Bigfoot dit nab le nabot (nan je deconne) Kevin B. , ex-dictateur Africain reconvertit dans le hacking :) Toady (if you are living in Detroit , be ready , he comes in April to a linux expo LOL) Ice-Breaker , l'overclocker fou pour les intimes Peterpan , who has explain me the TCP checksum calculation (indochine rulez :)) */ #include #include #include #include #include #include #include #include #include #include char *ip_source , *ip_dest , *icmp_gateway , *protocol; int number , delay , sock , i , argument; int ip_ihl , ip_version , ip_tos , ip_frag_off , ip_id , ip_ttl, ip_check , ip_tot_len; int icmp_code , icmp_id , icmp_sequence , icmp_mtu , icmp_checksum , icmp_type; int udp_portsource , udp_portdest , udp_len , udp_check; int tcp_syn , tcp_fin , tcp_rst , tcp_urg , tcp_psh , tcp_ack , tcp_ack_seq , tcp_seq , tcp_ece , tcp_cwr; int tcp_res1 , tcp_doff , tcp_window , tcp_check,cwr , ece ; int tcp_portsource , tcp_portdest , tcp_urg_ptr; struct iphdr *ip; struct icmphdr *icmp; struct udphdr *udp; struct tcphdr *tcp; char buffer[65536]; struct { unsigned long saddr, daddr; char mbz; char protocol; unsigned short tcpl; } pseudo_header; u_long resolve (char *host) { struct in_addr in; struct hostent *he; if ((in.s_addr = inet_addr(host)) == -1) { if ((he = gethostbyname(host)) == NULL) { herror("Host not found:"); exit(-1); } memcpy( (caddr_t) &in, he->h_addr, he->h_length); } return(in.s_addr); } unsigned short checksum(u_short *addr, int len) { register int nleft = len; register u_short *w = addr; register int sum = 0; u_short answer = 0; while (nleft > 1) { sum += *w++; nleft -= 2; } if (nleft == 1) { *(u_char *) (&answer) = *(u_char *) w; sum += answer; } sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ sum += (sum >> 16); /* add carry */ answer = ~sum; /* truncate to 16 bits */ return (answer); } void print_ip_header(void) { printf("IP HEADER :\n"); printf("|--------------------------------------------------------------------|\n"); printf("| Version : %d | IHL : %d | Type of service : %d | Total lenght : %d\n" , ip->version , ip->ihl , ip->tos , ip->tot_len); printf("|--------------------------------------------------------------------\n"); printf("| ID : %d | Frag off : %d | Offset fragment : ?\n" , ip->id , ip->frag_off); printf("|--------------------------------------------------------------------\n"); printf("| TTL : %d | Protocol : %d | Checksum : %d\n" , ip->ttl , ip->protocol , ip->check); printf("|--------------------------------------------------------------------\n"); printf("| IP source : %s\n" , ip_source); printf("|--------------------------------------------------------------------\n"); printf("| IP destination : %s\n", ip_dest); printf("|--------------------------------------------------------------------|\n"); } void send_udp_packet() { struct sockaddr_in sin; char *packet; int optval; packet = (char *) malloc(sizeof(struct iphdr) + sizeof(struct udphdr)); ip = (struct iphdr *) packet; udp = (struct udphdr *) (packet + sizeof(struct iphdr)); ip->ihl = (ip_ihl == -1) ? 5 : ip_ihl; ip->version = (ip_version == -1) ? 4 : ip_version; ip->tos = (ip_tos == -1) ? 0 : ip_tos; ip->protocol = IPPROTO_UDP; ip->tot_len = (ip_tot_len == -1) ? (sizeof(struct iphdr) + sizeof(struct udphdr)) : ip_tot_len; ip->ttl = (ip_ttl == -1) ? 255 : ip_ttl; ip->id = (ip_id == -1) ? htons(random()) : ip_id; ip->frag_off = (ip_frag_off == -1) ? 0 : ip_frag_off; ip->saddr = inet_addr(ip_source); ip->daddr = resolve(ip_dest); memcpy(buffer, ip, 4*ip->ihl); memcpy(buffer+4*ip->ihl, udp, sizeof(*udp)); ip->check = (ip_check == -1) ? checksum((unsigned short*)buffer, 4*ip->ihl + sizeof(*udp) + 1) : ip_check; memset(buffer , 0 , 65536); udp->source = (udp_portsource == -1) ? htons(10) : htons(udp_portsource); udp->dest = (udp_portdest == -1) ? htons(80) : htons(udp_portdest); udp->len = (udp_len == -1) ? htons(sizeof(struct udphdr) + sizeof(struct iphdr)) : htons(udp_len) ; pseudo_header.saddr=ip->saddr; pseudo_header.daddr=ip->daddr; pseudo_header.mbz=0; pseudo_header.protocol=IPPROTO_UDP; pseudo_header.tcpl=htons(sizeof(*udp)); memcpy(buffer, &pseudo_header, sizeof(pseudo_header)); memcpy(buffer+sizeof(pseudo_header), udp, sizeof(*udp)); udp->check = (udp_check == -1) ? checksum((unsigned short*)buffer, sizeof(pseudo_header)+(sizeof(*udp)+1)&~1) : udp_check; print_ip_header(); printf("\n UDP HEADER :\n"); printf("|-----------------------------------------------|\n"); printf("| Source port : %d | Destination port %d\n" , udp->source , udp->dest); printf("|-----------------------------------------------\n"); printf("| Len : %d | Checksum : %d\n" , udp->len , udp->check); printf("|-----------------------------------------------|\n\n"); setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char *)&optval, sizeof(int)); sin.sin_family = AF_INET; sin.sin_addr.s_addr = resolve(ip_source); for ( i = 0 ; i < number ; i++ ) { if (sendto(sock, packet, ip->tot_len, 0, (struct sockaddr *)&sin , sizeof(struct sockaddr)) < 0) { perror("sendto()"); exit(-1); } usleep(delay); printf("Packet n° %d sent !\r" , i+1); fflush(stdout); } printf("%d UDP packets sent !\n" , number); free(packet); } void send_tcp_packet() { struct sockaddr_in sin; char *packet; int optval; packet = (char *) malloc(sizeof(struct iphdr) + sizeof(struct tcphdr)); ip = (struct iphdr *) packet; tcp = (struct tcphdr *) (packet + sizeof(struct iphdr)); ip->ihl = (ip_ihl == -1) ? 5 : ip_ihl; ip->version = (ip_version == -1) ? 4 : ip_version; ip->tos = (ip_tos == -1) ? 0 : ip_tos; ip->protocol = IPPROTO_TCP; ip->tot_len = (ip_tot_len == -1) ? (sizeof(struct iphdr) + sizeof(struct tcphdr)) : ip_tot_len; ip->ttl = (ip_ttl == -1) ? 255 : ip_ttl; ip->id = (ip_id == -1) ? htons(random()) : ip_id; ip->frag_off = (ip_frag_off == -1) ? 0 : ip_frag_off; ip->saddr = inet_addr(ip_source); ip->daddr = resolve(ip_dest); memcpy(buffer, ip, 4*ip->ihl); memcpy(buffer+4*ip->ihl, tcp, sizeof(*tcp)); ip->check = (ip_check == -1) ? checksum((unsigned short*)buffer, 4*ip->ihl + sizeof(*tcp) + 1) : ip_check; memset(buffer , 0 , 65536); tcp->source = (tcp_portsource == -1) ? htons(10) : htons(tcp_portsource); tcp->dest = (tcp_portdest == -1) ? htons(80) : htons(tcp_portdest); tcp->window = (tcp_window == -1) ? htons(512) : htons(tcp_window); tcp->seq = (tcp_seq == -1) ? htons(rand()) : tcp_seq; tcp->doff = (tcp_doff == -1) ? sizeof(*tcp)/4 : tcp_doff; tcp->ack_seq = (tcp_ack_seq == -1) ? 0 : tcp_ack_seq; tcp->res1 = (tcp_res1 == -1) ? 0 : tcp_res1; tcp->fin = (tcp_fin == -1) ? 0 : tcp_fin; tcp->syn = (tcp_syn == -1) ? 1 : tcp_syn; tcp->rst = (tcp_rst == -1) ? 0 : tcp_rst; tcp->psh = (tcp_psh == -1) ? 0 : tcp_psh; tcp->ack = (tcp_ack == -1) ? 0 : tcp_ack; tcp->urg = (tcp_urg == -1) ? 0 : tcp_urg; tcp->urg_ptr = (tcp_urg_ptr == -1) ? 0 : tcp_urg_ptr; tcp->cwr = (tcp_cwr == -1) ? 0 : tcp_cwr; tcp->ece = (tcp_ece == -1) ? 0 : tcp_ece; pseudo_header.saddr=ip->saddr; pseudo_header.daddr=ip->daddr; pseudo_header.mbz=0; pseudo_header.protocol=IPPROTO_TCP; pseudo_header.tcpl=htons(sizeof(*tcp)); memcpy(buffer, &pseudo_header, sizeof(pseudo_header)); memcpy(buffer+sizeof(pseudo_header), tcp, sizeof(*tcp)); tcp->check = (tcp_check == -1) ? checksum((unsigned short*)buffer, sizeof(pseudo_header)+(sizeof(*tcp)+1)&~1) : tcp_check; print_ip_header(); printf("\nTCP HEADER\n"); printf("|----------------------------------------------------------------------\n"); printf("| Source port : %d | Destination port : %d\n" , tcp->source , tcp->dest); printf("|----------------------------------------------------------------------\n"); printf("| Sequence number : %d\n" , tcp->seq); printf("|----------------------------------------------------------------------\n"); printf("| ACK Sequence : %d\n" , tcp->ack_seq); printf("|----------------------------------------------------------------------\n"); printf("|Offset's difference:%d|URG:%d|ACK:%d|PSH:%d|RST:%d|SYN:%d|FIN:%d|Window:%d\n",tcp->doff,tcp->urg,tcp->ack,tcp->psh,tcp->rst,tcp->syn,tcp->fin,tcp->window); printf("|----------------------------------------------------------------------\n"); printf("| Checksum : %d | Urgency pointer : %d\n" , tcp->check , tcp->urg_ptr); printf("|----------------------------------------------------------------------\n"); printf("| Res1 : %d | Cwr : %d | Ece : %d\n" , tcp->res1 , tcp->cwr , tcp->ece); printf("|----------------------------------------------------------------------\n\n"); setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char *)&optval, sizeof(int)); sin.sin_family = AF_INET; sin.sin_addr.s_addr = resolve(ip_source); sin.sin_port=tcp->dest; for ( i = 0 ; i < number ; i++ ) { if (sendto(sock, packet, ip->tot_len, 0, (struct sockaddr *)&sin , sizeof(struct sockaddr)) < 0) { perror("sendto()"); exit(-1); } usleep(delay); printf("Packet n° %d sent !\r" , i+1); fflush(stdout); } printf("%d TCP packets sent !\n" , number); free(packet); } void send_icmp_packet (void) { struct sockaddr_in sin; char *packet; int optval; packet = (char *) malloc(sizeof(struct iphdr) + sizeof(struct icmphdr)); ip = (struct iphdr *) packet; icmp = (struct icmphdr *) (packet + sizeof(struct iphdr)); ip->ihl = (ip_ihl == -1) ? 5 : ip_ihl; ip->version = (ip_version == -1) ? 4 : ip_version; ip->tos = (ip_tos == -1) ? 0 : ip_tos; ip->protocol = IPPROTO_ICMP; ip->tot_len = (ip_tot_len == -1) ? (sizeof(struct iphdr) + sizeof(struct icmphdr)) : ip_tot_len; ip->ttl = (ip_ttl == -1) ? 255 : ip_ttl; ip->id = (ip_id == -1) ? htons(random()) : ip_id; ip->frag_off = (ip_frag_off == -1) ? 0 : ip_frag_off; ip->saddr = inet_addr(ip_source); ip->daddr = resolve(ip_dest); memcpy(buffer, ip, 4*ip->ihl); memcpy(buffer+4*ip->ihl, icmp, sizeof(*icmp)); ip->check = (ip_check == -1) ? htons(checksum((unsigned short*)buffer, (4*ip->ihl + sizeof(*icmp)+1)&~1)) : ip_check; memset(buffer , 0 , 65536); icmp->type = (icmp_type == -1) ? 8 : icmp_type; icmp->code = (icmp_code == -1) ? 0 : icmp_code; icmp->un.frag.mtu = (icmp_mtu == -1) ? 0 : icmp_mtu; if(icmp_gateway == (char *)-1) { icmp->un.echo.id = (icmp_id == -1) ? 0 : icmp_id; icmp->un.echo.sequence = (icmp_sequence == -1) ? 0 : icmp_sequence; } else { icmp->un.gateway = resolve(icmp_gateway); } pseudo_header.saddr=ip->saddr; pseudo_header.daddr=ip->daddr; pseudo_header.mbz=0; pseudo_header.protocol=IPPROTO_ICMP; pseudo_header.tcpl=htons(sizeof(*icmp)); memcpy(buffer, &pseudo_header, sizeof(pseudo_header)); memcpy(buffer+sizeof(pseudo_header), icmp, sizeof(*icmp)); icmp->checksum= (icmp_checksum == -1) ? htons(~(icmp->type << 8)) : icmp_checksum; print_ip_header(); printf("\nICMP HEADER\n"); printf("|-----------------------------------------|\n"); printf("| Type : %d | Code : %d | Checksum : %d\n" , icmp->type , icmp->code , icmp->checksum); printf("|-----------------------------------------|\n"); if(icmp_gateway == (char *)-1) { printf("| ID : %d | Sequence : %d\n" , icmp->un.echo.id , icmp->un.echo.sequence); printf("|-----------------------------------------|\n"); } else { printf("| Gateway adress : %s\n" , icmp_gateway); printf("|-----------------------------------------|\n"); } printf("\n"); setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char *)&optval, sizeof(int)); sin.sin_family = AF_INET; sin.sin_addr.s_addr = resolve(ip_source); for ( i = 0 ; i < number ; i++ ) { if (sendto(sock, packet, ip->tot_len, 0, (struct sockaddr *)&sin , sizeof(struct sockaddr)) < 0) { perror("sendto()"); exit(-1); } usleep(delay); printf("Packet n° %d sent !\r" , i+1); fflush(stdout); } printf("%d ICMP packets sent !\n" , number); free(packet); } usage(u_char *name) { fprintf(stderr, "Usage : %s protocol source_adress target_adress [OPTIONS]\n" "\nGeneral options :\n" " -d delay in ms (default 1000)\n" " -h display this help\n" " -n number of packet to send (default 1)\n" "\nIP options :\n" " -ip-version version ot the IP protocol (default 4)\n" " -ip-tos type of service (default 0)\n" " -ip-tot_len size of the packet(by default it is calculed by the program.)\n" " -ip-ttl time to live of the packet (default 255)\n" " -ip-id id of the packet (default random)\n" " -ip-frag_off value of the frag flag (default 0)\n" " -ip-check checksum of the packet (by default it is calculed by the program.)" "\nICMP options :\n" " -icmp-type type of the icmp packet (default 8)\n" " -icmp-code code of the icmp packet (default 0)\n" " -icmp-id id of the icmp packet (default 0)\n" " -icmp-sequence sequence of the icmp packet (default 0)\n" " -icmp-checksum checksum of the icmp packet (by default it is calculed by the program.)\n" " -icmp-mtu mtu of the icmp packet (default 0)\n" " -icmp-gateway gateway adress of the icmp packet (default 0)\n" "\nUDP options :\n" " -udp-portsource source port of the packet (default 10)\n" " -udp-portdest destination port of the packet (default 80)\n" " -udp-len size of the packet (default 0)\n" " -udp-check checksum of the packet (by default it is calculed by the program.)\n" "\nTCP options :\n" " -tcp-portsource source port of the packet (default 10)\n" " -tcp-portdest destination port of the packet (default 80)\n" " -tcp-window window of the packet (default 512)\n" " -tcp-seq sequence of the packet (default random)\n" " -tcp-doff offset's difference (default 4)\n" " -tcp-ack_seq ACK_SEQ flag of the tcp header (default 0)\n" " -tcp-res1 RES1 option of the tcp header (default 0)\n" " -tcp-fin FIN flag of the tcp header (default 0)\n" " -tcp-syn SYN flag of the tcp header (default 1)\n" " -tcp-rst RST flag of the tcp header (default 0)\n" " -tcp-psh PSH flag of the tcp header (default 0)\n" " -tcp-ack ACK flag of the tcp header (default 0)\n" " -tcp-urg URG flag of the tcp header (default 0)\n" " -tcp-check checksum of the tcp header (by default it is calculed by the program.)\n" " -tcp-urg_ptr urg pointer of the tcp header (default 0)\n" " -tcp-cwr CWR option of the tcp header (default 0)\n" " -tcp-ece ECE option of the tcp header (default 0)\n" , name ); exit(0); } int main(int argc , char *argv[]) { delay = 1000; number = 1; ip_ihl = ip_version = ip_tos = ip_frag_off = ip_id = ip_ttl = ip_check = ip_tot_len = -1; icmp_gateway = (char *)-1; icmp_type = icmp_code = icmp_id = icmp_sequence = icmp_mtu = icmp_checksum = -1; udp_portsource = udp_portdest = udp_len = udp_check = -1; tcp_syn = tcp_fin = tcp_rst = tcp_urg = tcp_psh = tcp_ack = tcp_ack_seq = tcp_seq = tcp_ece = -1; tcp_cwr = tcp_res1 = tcp_doff = tcp_window = tcp_check = -1; tcp_portsource = tcp_portdest = tcp_urg_ptr = tcp_cwr , tcp_ece = -1; printf("Starting Deltaflown version 1.0 written by Mindkind (mindkind@caramail.com) ...\n\n"); if(argc < 4) { usage(argv[0]); } if(geteuid() != 0) { fprintf(stderr, "This program requires root, sorry!\n"); exit(0); } protocol = argv[1]; (char *)ip_source = argv[2]; (char *)ip_dest = argv[3]; i = 4; while(argv[i] != NULL) { if(strcmp(argv[i] , "-h") == 0) { usage(argv[0]); } else if(strcmp(argv[i] , "-d") == 0) { delay = atoi(argv[++i]); } else if(strcmp(argv[i] , "-n") == 0) { number = atoi(argv[++i]); } else if(strcmp(argv[i] , "-ip-version") == 0) { ip_version = atoi(argv[++i]); } else if(strcmp(argv[i] , "-ip-tos") == 0) { ip_tos = atoi(argv[++i]); } else if(strcmp(argv[i] , "-ip-tot_len") == 0) { ip_tot_len = atoi(argv[++i]); } else if(strcmp(argv[i] , "-ip-ttl") == 0) { ip_ttl = atoi(argv[++i]); } else if(strcmp(argv[i] , "-ip-id") == 0) { ip_id = atoi(argv[++i]); } else if(strcmp(argv[i] , "-ip-frag_off") == 0) { ip_frag_off = atoi(argv[++i]); } else if(strcmp(argv[i] , "-ip-check") == 0) { ip_check = atoi(argv[++i]); } else if(strcmp(argv[i] , "-icmp-type") == 0) { icmp_type = atoi(argv[++i]); } else if(strcmp(argv[i] , "-icmp-code") == 0) { icmp_code = atoi(argv[++i]); } else if(strcmp(argv[i] , "-icmp-id") == 0) { icmp_id = atoi(argv[++i]); } else if(strcmp(argv[i] , "-icmp-sequence") == 0) { icmp_sequence = atoi(argv[++i]); } else if(strcmp(argv[i] , "-icmp-mtu") == 0) { icmp_mtu = atoi(argv[++i]); } else if(strcmp(argv[i] , "-icmp-gateway") == 0) { (char *)icmp_gateway = argv[++i]; } else if(strcmp(argv[i] , "-icmp-checksum") == 0) { icmp_checksum = atoi(argv[++i]); } else if(strcmp(argv[i] , "-udp-portsource") == 0) { udp_portsource = atoi(argv[++i]); } else if(strcmp(argv[i] , "-udp-portdest") == 0) { udp_portdest = atoi(argv[++i]); } else if(strcmp(argv[i] , "-udp-len") == 0) { udp_len = atoi(argv[++i]); } else if(strcmp(argv[i] , "-udp-check") == 0) { udp_check = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-portsource") == 0) { tcp_portsource = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-portdest") == 0) { tcp_portdest = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-window") == 0) { tcp_window = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-seq") == 0) { tcp_seq = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-doff") == 0) { tcp_doff = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-ack_seq") == 0) { tcp_ack_seq = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-res1") == 0) { tcp_res1 = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-fin") == 0) { tcp_fin = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-syn") == 0) { tcp_syn = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-rst") == 0) { tcp_rst = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-psh") == 0) { tcp_psh = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-ack") == 0) { tcp_ack = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-urg") == 0) { tcp_urg = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-check") == 0) { tcp_check = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-urg_ptr") == 0) { tcp_urg_ptr = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-cwr") == 0) { tcp_cwr = atoi(argv[++i]); } else if(strcmp(argv[i] , "-tcp-ece") == 0) { tcp_ece = atoi(argv[++i]); } else { printf("Invalid option.\n"); usage(argv[0]); } i++; } if(strcmp(protocol,"icmp") == 0) { if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) == -1) { perror("Error socket : "); exit(-1); } send_icmp_packet(); } else if(strcmp(protocol,"udp") == 0) { if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_UDP)) == -1) { perror("Error socket : "); exit(-1); } send_udp_packet(); } else if(strcmp(protocol,"tcp") == 0) { if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP)) == -1) { perror("Error socket : "); exit(-1); } send_tcp_packet(); } else { printf("This protocol is not supported, sorry !\n"); exit(0); } return 0; }