linux下网络抓包分析(墨迹天气,QQ,微信,开心网)
2014-09-13 20:22
337 查看
#include <stdio.h>
#include <stdlib.h>
#include <pcap.h>
#include <memory.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <string.h>
#include <regex.h>
typedef struct {
u_char DestMac[6];
u_char SrcMac[6];
u_char Etype[2];
}ETHHEADER;
typedef struct {
int header_len:4;
int version:4;
u_char tos:8;
int total_len:16;
int ident:16;
int flags:16;
u_char ttl:8;
u_char proto:8;
int checksum:16;
u_char sourceIP[4];
u_char destIP[4];
}IPHEADER;
int sign[8]={0};
char *Proto[]={
"Reserved","ICMP","IGMP","GGP","IP","ST","TCP"
};
void look(char *info,char *pattern, u_char data[])
{
FILE *file=fopen("data.txt","a");
if (file==NULL)
{
exit(-1);
}
int i,q,w;
regmatch_t pm[1];
const size_t nm=1;
regex_t reg;
regcomp(®,pattern,REG_ICASE);
i=regexec(®,data,nm,pm,0);
if(i==0)
{
fprintf(file, "%s ",info );
for(q=0;q<nm;q++)
{
for(w=pm[q].rm_so;w<pm[q].rm_eo;++w)
{
if (data[w]=='%'&&data[w+1]=='3'&&data[w+2]=='D')
{
data[w]='=';
fprintf(file,"%c",data[w] );
w=w+2;
}
else if (data[w]=='%'&&data[w+1]=='2'&&data[w+2]=='6')
{
data[w]='&';
fprintf(file,"%c",data[w] );
w=w+2;
}
else if (data[w]=='&')
{
fprintf(file, " " );
}
else if (data[w]=='.'&&data[w+1]=='.')
{
fprintf(file, " ");
w=w+1;
}
else if (data[w]==':')
{
fprintf(file, "=");
}
else
fprintf(file,"%c",data[w] );
}
}
fprintf(file,"\n");
}
regfree(®);
fclose(file);
}
/*
墨迹天气的IP信息
223.203.194.219
110.75.96.12
120.198.196.16
223.203.194.242
223.203.194.155
117.135.138.76
*/
void analys_moji(u_char data[],int cmd)
{
if (cmd==1)
{
look("ID","UserId=[0-9]*",data);
look("邮箱 ","email\":\"[^\"]*\"",data);
}
else if (cmd==2)
{
look("经纬度 ","cdma_lat=[0-9]*\.[0-9]*&cdma_lng=[0-9]*\.[0-9]*",data);
}
else if (cmd==3)
{
look("APP号 ","appId=[0-9]*",data);
look("通道号 ","sessionId=[A-Z0-9]*",data);
look("标记 ","sign=[0-9A-Z]*",data);
}
else if (cmd==4)
{
look("手机号码","mobile=[0-9]*",data);
look("手机品牌","brand=[0-9a-zA-Z]*",data);
look("短信验证码","smsCode=[0-9]*",data);
look("手机imei号","IMEI=[0-9]*",data);
}
else
{
look("ID","UserId=[0-9]*",data);
look("邮箱 ","email\":\"[^\"]*\"",data);
look("经纬度 ","cdma_lat=[0-9]*\.[0-9]*&cdma_lng=[0-9]*\.[0-9]*",data);
look("APP号 ","appId=[0-9]*",data);
look("通道号 ","sessionId=[A-Z0-9]*",data);
look("标记 ","sign=[0-9A-Z]*",data);
look("手机号码","mobile=[0-9]*",data);
look("手机品牌","brand=[0-9a-zA-Z]*",data);
look("短信验证码","smsCode=[0-9]*",data);
look("手机imei号","IMEI=[0-9]*",data);
}
}
/*
QQ的IP信息
14.17.18.30
211.136.236.89
183.232.121.141
42.62.48.146
58.205.214.177
*/
void analys_qq(u_char data[],int cmd)
{
if (cmd==1)
{
look("QQ号码","[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]",data);
look("QQ号码","[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]",data);
look("QQ号码","[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]",data);
look("APP密码","key=[a-z0-9]*",data);
}
else if (cmd==2)
{
look("经纬度 ","\"x\":[0-9]*\.[0-9]*,\"y\":[0-9]*\.[0-9]*",data);
look("位置","\"location\":\"[^\"]*\"",data);
}
else if (cmd==3)
{
look("用户代理设备","User-Agent[^)]*)",data);
look("网络环境","nt=[0-9a-zA-Z]*",data);
look("未知ID","suid=[0-9a-z]*",data);
}
else if (cmd==4)
{
look("用户代理设备","User-Agent[^)]*)",data);
look("IMEI号","imei=[0-9]*",data);
look("手机型号","hm=[^&]*",data);
look("手机MAC地址","mac=[a-z0-9]*",data);
}
else
{
look("QQ号码","[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]",data);
look("QQ号码","[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]",data);
look("QQ号码","[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]",data);
look("经纬度 ","\"x\":[0-9]*\.[0-9]*,\"y\":[0-9]*\.[0-9]*",data);
look("位置","\"location\":\"[^\"]*\"",data);
look("用户代理设备","User-Agent[^)]*)",data);
look("IMEI号","imei=[0-9]*",data);
look("手机型号","hm=[^&]*",data);
look("手机MAC地址","mac=[a-z0-9]*",data);
look("网络环境","nt=[0-9a-zA-Z]*",data);
look("未知ID","suid=[0-9a-z]*",data);
look("APP密码","key=[a-z0-9]*",data);
}
}
/*
微信的IP信息
182.254.3.174
42.62.48.186
*/
void analys_weixin(u_char data[],int cmd)
{
if (cmd==1)
{
look("用户代理设备","User-Agent[^)]*)",data);
look("网络环境","type=[a-zA-Z]*",data);
look("登陆信息","version=[0-9]*&uin=[0-9]*&nettype=[0-9]",data);
look("客户端与服务器ip","X-Clientip:[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.\.x-serverip:[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*",data);
look("地理信息","\"country\":\"[^\"]\",\"province\":\"[^\"]\",\"city\":\"[^\"]\",\"isp\":\"[^\"]\"",data);
}
else if (cmd==2)
{
look("地理信息","\"country\":\"[^\"]\",\"province\":\"[^\"]\",\"city\":\"[^\"]\",\"isp\":\"[^\"]\"",data);
}
else if (cmd==3)
{
look("网络环境","type=[a-zA-Z]*",data);
look("登陆信息","version=[0-9]*&uin=[0-9]*&nettype=[0-9]",data);
look("客户端与服务器ip","X-Clientip:[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.\.x-serverip:[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*",data);
}
else if (cmd==4)
{
look("用户代理设备","User-Agent[^)]*)",data);
}
else
{
look("用户代理设备","User-Agent[^)]*)",data);
look("网络环境","type=[a-zA-Z]*",data);
look("登陆信息","version=[0-9]*&uin=[0-9]*&nettype=[0-9]",data);
look("客户端与服务器ip","X-Clientip:[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.\.x-serverip:[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*",data);
look("地理信息","\"country\":\"[^\"]\",\"province\":\"[^\"]\",\"city\":\"[^\"]\",\"isp\":\"[^\"]\"",data);
}
}
/*
开心网的IP信息
220.181.100.243
27.131.222.21
106.3.34.18
*/
void analys_kaixinwang(u_char data[],int cmd)
{
if (cmd==1)
{
look("用户ID ","uid%3D[0-9]*",data);
look("用户密码","consumer_key=[a-z0-9]*",data);
look("出生日期","birthday\":\"[^\"]*\"",data);
look("姓名 ","fname\":\"[^\"]*\"",data);
look("家乡 ","hometown\":\"[^\"]*\"",data);
}
else if (cmd==2)
{
look("经纬度 ","x%3D[0-9]*\.[0-9]*%26y%3D[0-9]*\.[0-9]*",data);
}
else if (cmd==3)
{
look("登录信息","ia=[0-9]&key=[0-9a-z]*",data);
look("未知信息","ctm=[0-9]*",data);
}
else if(cmd==4)
{
look("sim卡编号","sim=[0-9]*",data);
look("分辨率","re=[0-9]*\*[0-9]*",data);
look("操作系统","ct=[a-z]*",data);
look("手机ime号","ime=[0-9]*",data);
}
else
{
look("用户ID ","uid%3D[0-9]*",data);
look("用户密码","consumer_key=[a-z0-9]*",data);
look("出生日期","birthday\":\"[^\"]*\"",data);
look("姓名 ","fname\":\"[^\"]*\"",data);
look("家乡 ","hometown\":\"[^\"]*\"",data);
look("经纬度 ","x%3D[0-9]*\.[0-9]*%26y%3D[0-9]*\.[0-9]*",data);
look("登录信息","ia=[0-9]&key=[0-9a-z]*",data);
look("未知信息","ctm=[0-9]*",data);
look("sim卡编号","sim=[0-9]*",data);
look("分辨率","re=[0-9]*\*[0-9]*",data);
look("操作系统","ct=[a-z]*",data);
look("手机ime号","ime=[0-9]*",data);
}
}
void pcap_handle_w(u_char* user,const struct pcap_pkthdr* header,const u_char* pkt_data)
{
if (header->len>=14)
{
IPHEADER *ip_header=(IPHEADER*)(pkt_data+14);
u_char ch[(int)header->len];
int i;
for ( i =0; i < (int)header->len; ++i)
{
if(isprint(pkt_data[i]))
ch[i]=pkt_data[i];
else
ch[i]='.';
}
analys_weixin(ch,5);
analys_qq(ch,5);
analys_kaixinwang(ch,5);
analys_moji(ch,5);
}
}
int main(int argc, char **argv)
{
char *device="eth0";
char errbuf[1024];
pcap_t *phandle;
bpf_u_int32 ipaddress,ipmask;
struct bpf_program fcode;
int datalink;
int q,v,w=0,g=-1;
device="wlan0";
phandle=pcap_open_offline("qqweixin.pcap",errbuf);
if(phandle==NULL)
perror(errbuf);
if(pcap_lookupnet(device,&ipaddress,&ipmask,errbuf)==-1)
{
perror(errbuf);
return 1;
}
else
{
char ip[INET_ADDRSTRLEN],mask[INET_ADDRSTRLEN];
if(inet_ntop(AF_INET,&ipaddress,ip,sizeof(ip))==NULL)
perror("inet_ntop error");
else if(inet_ntop(AF_INET,&ipmask,mask,sizeof(mask))==NULL)
perror("inet_ntop error");
}
pcap_loop(phandle,-1,pcap_handle_w,NULL);
return 0;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Linux网络编程之tcpdump抓包分析TCP三次握手过程
- Linux系统无线网络抓包程序(分析手机WIFI MAC地址)
- Linux网络编程之tcpdump抓包分析TCP三次握手过程
- Linux下进行网络抓包分析
- Linux网络抓包分析工具Tcpdump基础篇[参数说明]
- ubuntu - linux开源 网络包分析工具 Wireshark
- 关于Iris网络流量分析监测工具对本地TCP无法抓包的问题
- Tcpdump命令的使用与示例——linux下的网络分析
- Linux下的网络协议分析工具-tcpdump快速入门手册
- Linux网络协议分析工具TCPDump
- [编程实例]linux下的以太网简单网络流量分析
- Linux网络系统底层机制分析(2)
- Proxy源代码分析--谈谈如何学习linux网络编程 [转]
- Tcpdump命令的使用与示例――linux下的网络分析
- linux下的网络分析Tcpdump命令的使用
- Linux下的网络协议分析工具-tcpdump快速入门手册
- Linux网络系统底层机制分析(3)---- 报文接收
- Proxy源代码分析--谈谈如何学习linux网络编程
- Proxy源代码分析--谈谈如何学习linux网络编程
- [原创]Ethereal网络抓包分析工具使用介绍