linux下网络抓包分析(墨迹天气,QQ,微信,开心网)
2014-09-13 20:22
337 查看
#include <stdio.h> #include <stdlib.h> #include <pcap.h> #include <memory.h> #include <sys/types.h> #include <arpa/inet.h> #include <string.h> #include <regex.h> typedef struct { u_char DestMac[6]; u_char SrcMac[6]; u_char Etype[2]; }ETHHEADER; typedef struct { int header_len:4; int version:4; u_char tos:8; int total_len:16; int ident:16; int flags:16; u_char ttl:8; u_char proto:8; int checksum:16; u_char sourceIP[4]; u_char destIP[4]; }IPHEADER; int sign[8]={0}; char *Proto[]={ "Reserved","ICMP","IGMP","GGP","IP","ST","TCP" }; void look(char *info,char *pattern, u_char data[]) { FILE *file=fopen("data.txt","a"); if (file==NULL) { exit(-1); } int i,q,w; regmatch_t pm[1]; const size_t nm=1; regex_t reg; regcomp(®,pattern,REG_ICASE); i=regexec(®,data,nm,pm,0); if(i==0) { fprintf(file, "%s ",info ); for(q=0;q<nm;q++) { for(w=pm[q].rm_so;w<pm[q].rm_eo;++w) { if (data[w]=='%'&&data[w+1]=='3'&&data[w+2]=='D') { data[w]='='; fprintf(file,"%c",data[w] ); w=w+2; } else if (data[w]=='%'&&data[w+1]=='2'&&data[w+2]=='6') { data[w]='&'; fprintf(file,"%c",data[w] ); w=w+2; } else if (data[w]=='&') { fprintf(file, " " ); } else if (data[w]=='.'&&data[w+1]=='.') { fprintf(file, " "); w=w+1; } else if (data[w]==':') { fprintf(file, "="); } else fprintf(file,"%c",data[w] ); } } fprintf(file,"\n"); } regfree(®); fclose(file); } /* 墨迹天气的IP信息 223.203.194.219 110.75.96.12 120.198.196.16 223.203.194.242 223.203.194.155 117.135.138.76 */ void analys_moji(u_char data[],int cmd) { if (cmd==1) { look("ID","UserId=[0-9]*",data); look("邮箱 ","email\":\"[^\"]*\"",data); } else if (cmd==2) { look("经纬度 ","cdma_lat=[0-9]*\.[0-9]*&cdma_lng=[0-9]*\.[0-9]*",data); } else if (cmd==3) { look("APP号 ","appId=[0-9]*",data); look("通道号 ","sessionId=[A-Z0-9]*",data); look("标记 ","sign=[0-9A-Z]*",data); } else if (cmd==4) { look("手机号码","mobile=[0-9]*",data); look("手机品牌","brand=[0-9a-zA-Z]*",data); look("短信验证码","smsCode=[0-9]*",data); look("手机imei号","IMEI=[0-9]*",data); } else { look("ID","UserId=[0-9]*",data); look("邮箱 ","email\":\"[^\"]*\"",data); look("经纬度 ","cdma_lat=[0-9]*\.[0-9]*&cdma_lng=[0-9]*\.[0-9]*",data); look("APP号 ","appId=[0-9]*",data); look("通道号 ","sessionId=[A-Z0-9]*",data); look("标记 ","sign=[0-9A-Z]*",data); look("手机号码","mobile=[0-9]*",data); look("手机品牌","brand=[0-9a-zA-Z]*",data); look("短信验证码","smsCode=[0-9]*",data); look("手机imei号","IMEI=[0-9]*",data); } } /* QQ的IP信息 14.17.18.30 211.136.236.89 183.232.121.141 42.62.48.146 58.205.214.177 */ void analys_qq(u_char data[],int cmd) { if (cmd==1) { look("QQ号码","[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]",data); look("QQ号码","[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]",data); look("QQ号码","[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]",data); look("APP密码","key=[a-z0-9]*",data); } else if (cmd==2) { look("经纬度 ","\"x\":[0-9]*\.[0-9]*,\"y\":[0-9]*\.[0-9]*",data); look("位置","\"location\":\"[^\"]*\"",data); } else if (cmd==3) { look("用户代理设备","User-Agent[^)]*)",data); look("网络环境","nt=[0-9a-zA-Z]*",data); look("未知ID","suid=[0-9a-z]*",data); } else if (cmd==4) { look("用户代理设备","User-Agent[^)]*)",data); look("IMEI号","imei=[0-9]*",data); look("手机型号","hm=[^&]*",data); look("手机MAC地址","mac=[a-z0-9]*",data); } else { look("QQ号码","[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]",data); look("QQ号码","[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]",data); look("QQ号码","[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]",data); look("经纬度 ","\"x\":[0-9]*\.[0-9]*,\"y\":[0-9]*\.[0-9]*",data); look("位置","\"location\":\"[^\"]*\"",data); look("用户代理设备","User-Agent[^)]*)",data); look("IMEI号","imei=[0-9]*",data); look("手机型号","hm=[^&]*",data); look("手机MAC地址","mac=[a-z0-9]*",data); look("网络环境","nt=[0-9a-zA-Z]*",data); look("未知ID","suid=[0-9a-z]*",data); look("APP密码","key=[a-z0-9]*",data); } } /* 微信的IP信息 182.254.3.174 42.62.48.186 */ void analys_weixin(u_char data[],int cmd) { if (cmd==1) { look("用户代理设备","User-Agent[^)]*)",data); look("网络环境","type=[a-zA-Z]*",data); look("登陆信息","version=[0-9]*&uin=[0-9]*&nettype=[0-9]",data); look("客户端与服务器ip","X-Clientip:[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.\.x-serverip:[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*",data); look("地理信息","\"country\":\"[^\"]\",\"province\":\"[^\"]\",\"city\":\"[^\"]\",\"isp\":\"[^\"]\"",data); } else if (cmd==2) { look("地理信息","\"country\":\"[^\"]\",\"province\":\"[^\"]\",\"city\":\"[^\"]\",\"isp\":\"[^\"]\"",data); } else if (cmd==3) { look("网络环境","type=[a-zA-Z]*",data); look("登陆信息","version=[0-9]*&uin=[0-9]*&nettype=[0-9]",data); look("客户端与服务器ip","X-Clientip:[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.\.x-serverip:[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*",data); } else if (cmd==4) { look("用户代理设备","User-Agent[^)]*)",data); } else { look("用户代理设备","User-Agent[^)]*)",data); look("网络环境","type=[a-zA-Z]*",data); look("登陆信息","version=[0-9]*&uin=[0-9]*&nettype=[0-9]",data); look("客户端与服务器ip","X-Clientip:[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.\.x-serverip:[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*",data); look("地理信息","\"country\":\"[^\"]\",\"province\":\"[^\"]\",\"city\":\"[^\"]\",\"isp\":\"[^\"]\"",data); } } /* 开心网的IP信息 220.181.100.243 27.131.222.21 106.3.34.18 */ void analys_kaixinwang(u_char data[],int cmd) { if (cmd==1) { look("用户ID ","uid%3D[0-9]*",data); look("用户密码","consumer_key=[a-z0-9]*",data); look("出生日期","birthday\":\"[^\"]*\"",data); look("姓名 ","fname\":\"[^\"]*\"",data); look("家乡 ","hometown\":\"[^\"]*\"",data); } else if (cmd==2) { look("经纬度 ","x%3D[0-9]*\.[0-9]*%26y%3D[0-9]*\.[0-9]*",data); } else if (cmd==3) { look("登录信息","ia=[0-9]&key=[0-9a-z]*",data); look("未知信息","ctm=[0-9]*",data); } else if(cmd==4) { look("sim卡编号","sim=[0-9]*",data); look("分辨率","re=[0-9]*\*[0-9]*",data); look("操作系统","ct=[a-z]*",data); look("手机ime号","ime=[0-9]*",data); } else { look("用户ID ","uid%3D[0-9]*",data); look("用户密码","consumer_key=[a-z0-9]*",data); look("出生日期","birthday\":\"[^\"]*\"",data); look("姓名 ","fname\":\"[^\"]*\"",data); look("家乡 ","hometown\":\"[^\"]*\"",data); look("经纬度 ","x%3D[0-9]*\.[0-9]*%26y%3D[0-9]*\.[0-9]*",data); look("登录信息","ia=[0-9]&key=[0-9a-z]*",data); look("未知信息","ctm=[0-9]*",data); look("sim卡编号","sim=[0-9]*",data); look("分辨率","re=[0-9]*\*[0-9]*",data); look("操作系统","ct=[a-z]*",data); look("手机ime号","ime=[0-9]*",data); } } void pcap_handle_w(u_char* user,const struct pcap_pkthdr* header,const u_char* pkt_data) { if (header->len>=14) { IPHEADER *ip_header=(IPHEADER*)(pkt_data+14); u_char ch[(int)header->len]; int i; for ( i =0; i < (int)header->len; ++i) { if(isprint(pkt_data[i])) ch[i]=pkt_data[i]; else ch[i]='.'; } analys_weixin(ch,5); analys_qq(ch,5); analys_kaixinwang(ch,5); analys_moji(ch,5); } } int main(int argc, char **argv) { char *device="eth0"; char errbuf[1024]; pcap_t *phandle; bpf_u_int32 ipaddress,ipmask; struct bpf_program fcode; int datalink; int q,v,w=0,g=-1; device="wlan0"; phandle=pcap_open_offline("qqweixin.pcap",errbuf); if(phandle==NULL) perror(errbuf); if(pcap_lookupnet(device,&ipaddress,&ipmask,errbuf)==-1) { perror(errbuf); return 1; } else { char ip[INET_ADDRSTRLEN],mask[INET_ADDRSTRLEN]; if(inet_ntop(AF_INET,&ipaddress,ip,sizeof(ip))==NULL) perror("inet_ntop error"); else if(inet_ntop(AF_INET,&ipmask,mask,sizeof(mask))==NULL) perror("inet_ntop error"); } pcap_loop(phandle,-1,pcap_handle_w,NULL); return 0; }
相关文章推荐
- Linux网络编程之tcpdump抓包分析TCP三次握手过程
- Linux系统无线网络抓包程序(分析手机WIFI MAC地址)
- Linux网络编程之tcpdump抓包分析TCP三次握手过程
- Linux下进行网络抓包分析
- Linux网络抓包分析工具Tcpdump基础篇[参数说明]
- ubuntu - linux开源 网络包分析工具 Wireshark
- 关于Iris网络流量分析监测工具对本地TCP无法抓包的问题
- Tcpdump命令的使用与示例——linux下的网络分析
- Linux下的网络协议分析工具-tcpdump快速入门手册
- Linux网络协议分析工具TCPDump
- [编程实例]linux下的以太网简单网络流量分析
- Linux网络系统底层机制分析(2)
- Proxy源代码分析--谈谈如何学习linux网络编程 [转]
- Tcpdump命令的使用与示例――linux下的网络分析
- linux下的网络分析Tcpdump命令的使用
- Linux下的网络协议分析工具-tcpdump快速入门手册
- Linux网络系统底层机制分析(3)---- 报文接收
- Proxy源代码分析--谈谈如何学习linux网络编程
- Proxy源代码分析--谈谈如何学习linux网络编程
- [原创]Ethereal网络抓包分析工具使用介绍