//获取当前活动的网卡
public ICaptureDevice getActiveNetAdapte()
{
support sup = new support();
CaptureDeviceList devices = CaptureDeviceList.Instance;
foreach (ICaptureDevice dev in devices)
{
dev.Open();
if (sup.processMac(dev.MacAddress.ToString()).Equals(sup.GetMacAddress()))
{
return(dev);
}
}
log.writeLog("PPPOE欺骗模块 : 获取活动网卡失败", log.msgType.error);
return(null);
}
//catchPacketFun()的处理函数
//处理方式是pppoe欺骗
//note(maybe): packet对象是被抓获的包(单包)
private void device_OnPacketArrival(object sender, CaptureEventArgs packet)
{
if (packet.Packet.Data[12] == 136)
{
if (packet.Packet.Data[13] == 99) //过滤非pppoe包,是 8863 包时
{
byte[] pac = packet.Packet.Data;
protocol8863 p8863 = new protocol8863();
support sup = new support();
switch (p8863.getDiscoveryStage(pac)[0])
{
//PADI 0x09
case 9:
p8863.setDistinationMac(sup.getSourceMac(pac));
p8863.setSourceMac(selfMac);
p8863.setDiscoveryStage(new byte[] { 7 });
p8863.setSessionID(p8863.getSessionID(pac));
p8863.setData_HostUniq(p8863.getData_HostUniq(pac));
p8863.setData_other(sup.toByte(new string[] { "01", "02", "00", "08", "50", "50", "50", "4f", "45", "53", "52", "56" })); //PPPOESRV
sendPacket(p8863.getAllPacketData());
log.writeLog("正在进行PPPOE协议交互...", log.msgType.info);
return;
//PADR 0x19
case 25:
p8863.setDistinationMac(sup.getSourceMac(pac));
p8863.setSourceMac(selfMac);
p8863.setDiscoveryStage(new byte[] { 101 });
byte[] sessionID = p8863.getSessionID(pac);
sessionID[1]++;
p8863.setSessionID(sessionID);
p8863.setData_HostUniq(p8863.getData_HostUniq(pac));
sendPacket(p8863.getAllPacketData());
return;
}
}
if (packet.Packet.Data[13] == 100) //过滤非pppoe包,是 8864 包时
{
byte[] pac = packet.Packet.Data;
protocol8864 p8864 = new protocol8864();
support sup = new support();
if (p8864.getPPP(pac)[0] == 192 && p8864.getPPP(pac)[1] == 35) //如果PPP为PAP
{
#region //目前的方式,使用 691 Message 终结连接
if (pac[22] == (byte)1) //如果是PAP request包
{
//Console.WriteLine("终结包(691 message packet)已发送");
byte[] papContent = p8864.getPPPLCP_optionsData(pac); //获取PAP内容
byte[] papNetAcc = sup.byteSub(papContent, 1, papContent[0]);
byte[] papNetPwd = sup.byteSub(papContent, papContent[0] + 2, papContent[papContent[0] + 1]);
log.writeLog($"PPPOE 欺骗模块\n截取到账号: {Encoding.Default.GetString(papNetAcc)}\n截取到密码:{Encoding.Default.GetString(papNetPwd)}", log.msgType.info);
netAcc = Encoding.Default.GetString(papNetAcc); //将截取到的 账号 赋值到类变量
netPwd = Encoding.Default.GetString(papNetPwd); //将截取到的 密码 赋值到类变量
colseNetAdapte = true; //停止抓包
//691 Msg
String msg691 = "\r\n拦截成功,这并非错误提示。\r\n\r\n你现在可以关闭Netkeeper\r\n\r\n并注意nkshare的提示##Error";
byte[] msg691Bytes = Encoding.GetEncoding("GB2312").GetBytes(msg691);
protocol8864 p8864Show = new protocol8864();
p8864Show.setDistinationMac(sup.getSourceMac(pac));
p8864Show.setSourceMac(selfMac);
p8864Show.setSessionID(p8864Show.getSessionID(pac));
byte[] msg691BytesPac = sup.byteAppent(new byte[] { (byte)msg691Bytes.Length }, msg691Bytes);
byte[] papCodeBytesPac = sup.byteAppent(new byte[] { 192, 35, 3, ++pac[23] }, new byte[] { (byte)((msg691BytesPac.Length + 4) / 256), (byte)((msg691BytesPac.Length + 4) % 256) });
byte[] papAll = sup.byteAppent(papCodeBytesPac, msg691BytesPac);
p8864Show.setPPP_allData(papAll);
sendPacket(p8864Show.getAllPacketData_custom());
//691 Msg
protocol8863 p8863 = new protocol8863();
p8863.setDistinationMac(sup.getSourceMac(pac));
p8863.setSourceMac(sup.getDistinationMac(pac));
p8863.setDiscoveryStage(new byte[] { 167 }); //PADT 终结包
p8863.setSessionID(p8863.getSessionID(pac));
p8863.setData_other(null);
sendPacket(p8863.getAllPacketData());
return;
}
#endregion
#region //原来直接方式终结包
//protocol8863 p8863 = new protocol8863();
//p8863.setDistinationMac(sup.getSourceMac(pac));
//p8863.setSourceMac(sup.getDistinationMac(pac));
//p8863.setDiscoveryStage(new byte[] { 167 }); //PADT 终结包
//p8863.setSessionID(p8863.getSessionID(pac));
//p8863.setData_other(null);
//sendPacket(p8863.getAllPacketData());
//Console.WriteLine("终结包已发送");
//byte[] papContent = p8864.getPPPLCP_optionsData(pac); //获取PAP内容
//byte[] papNetAcc = sup.byteSub(papContent, 1, papContent[0]);
//byte[] papNetPwd = sup.byteSub(papContent, papContent[0] + 2, papContent[papContent[0] + 1]);
//log.writeLog($"PPPOE 欺骗模块\n截取到账号: {Encoding.Default.GetString(papNetAcc)}\n截取到密码:{Encoding.Default.GetString(papNetPwd)}",log.msgType.info);
//netAcc = Encoding.Default.GetString(papNetAcc); //将截取到的 账号 赋值到类变量
//netPwd = Encoding.Default.GetString(papNetPwd); //将截取到的 密码 赋值到类变量
//colseNetAdapte = true; //停止抓包
#endregion
}
if (sup.equalsByte(sup.getDistinationMac(pac), selfMac) && p8864.getPPPLCP_config(pac)[0] == 1) //如果是客户机Requuest本机(PPP-LCP/虽然没加上这个默认条件)
{
p8864.setDistinationMac(sup.getSourceMac(pac));
p8864.setSourceMac(selfMac);
p8864.setSessionID(p8864.getSessionID(pac));
p8864.setPPP(p8864.getPPP(pac));
p8864.setPPPLCP_config(new byte[] { 2 }); //ACK
p8864.setPPPLCP_identifier(p8864.getPPPLCP_identifier(pac));
byte[] optionDataModif = p8864.getPPPLCP_optionsData(pac);
p8864.setPPPLCP_optionsData(optionDataModif); //轻冗余
sendPacket(p8864.getAllPacketData_PPPLCP());
p8864 = new protocol8864();
p8864.setDistinationMac(sup.getSourceMac(pac));
p8864.setSourceMac(selfMac);
p8864.setSessionID(p8864.getSessionID(pac));
p8864.setPPP(p8864.getPPP(pac));
p8864.setPPPLCP_config(new byte[] { 1 }); //Req
p8864.setPPPLCP_identifier(new byte[] { 1 });
p8864.setPPPLCP_optionsData(sup.toByte(new string[] { "03", "04", "c0", "23", }));
sendPacket(p8864.getAllPacketData_PPPLCP());
return;
}
}
}
}
