From e3dac989a16ab5fa4ed085c54e16b666e75225b2 Mon Sep 17 00:00:00 2001
From: qiuwei <18852951552@163.com>
Date: Thu, 28 Mar 2024 18:56:27 +0800
Subject: [PATCH] add detail

---
 ARPSpoofing/ARPSpoofing.csproj     |   1 -
 ARPSpoofing/Detail.xaml            |  28 ++++++
 ARPSpoofing/Detail.xaml.cs         |  16 ++++
 ARPSpoofing/DetailViewModel.cs     |   9 ++
 ARPSpoofing/MainWindow.xaml        |   2 +-
 ARPSpoofing/MainWindowViewModel.cs | 143 +++++++++++++++++++++++------
 6 files changed, 171 insertions(+), 28 deletions(-)
 create mode 100644 ARPSpoofing/Detail.xaml
 create mode 100644 ARPSpoofing/Detail.xaml.cs
 create mode 100644 ARPSpoofing/DetailViewModel.cs

diff --git a/ARPSpoofing/ARPSpoofing.csproj b/ARPSpoofing/ARPSpoofing.csproj
index 186fce3..f5d14b1 100644
--- a/ARPSpoofing/ARPSpoofing.csproj
+++ b/ARPSpoofing/ARPSpoofing.csproj
@@ -9,7 +9,6 @@
 
 	<ItemGroup>
 		<PackageReference Include="PacketDotNet" Version="1.4.7" />
-		<PackageReference Include="PcapDotNet" Version="0.10.2" />
 		<PackageReference Include="SharpPcap" Version="6.3.0" />
 		<PackageReference Include="CommunityToolkit.Mvvm" Version="8.0.0" />
 		<PackageReference Include="Microsoft.Xaml.Behaviors.Wpf" Version="1.1.39" />
diff --git a/ARPSpoofing/Detail.xaml b/ARPSpoofing/Detail.xaml
new file mode 100644
index 0000000..6cb2a9c
--- /dev/null
+++ b/ARPSpoofing/Detail.xaml
@@ -0,0 +1,28 @@
+<Window x:Class="ARPSpoofing.Detail"
+        xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
+        xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
+        xmlns:d="http://schemas.microsoft.com/expression/blend/2008"
+        xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"
+        xmlns:local="clr-namespace:ARPSpoofing"
+        mc:Ignorable="d"
+        Title="查看详情" Height="450" Width="800">
+    <Grid>
+        <Grid.RowDefinitions>
+            <RowDefinition Height="50"></RowDefinition>
+            <RowDefinition Height="*"></RowDefinition>
+        </Grid.RowDefinitions>
+
+        <TextBlock Text="{Binding ArpAttackComputer.IPAddress,UpdateSourceTrigger=PropertyChanged}" FontSize="18" FontWeight="Bold"
+                   VerticalAlignment="Center" Margin="5"></TextBlock>
+
+        <DataGrid ItemsSource="{Binding ArpAttackComputer.Packets,UpdateSourceTrigger=PropertyChanged}" Grid.Row="1" AutoGenerateColumns="False">
+            <DataGrid.Columns>
+                <DataGridTextColumn Header="类型" Binding="{Binding Type}" Width="*"></DataGridTextColumn>
+                <DataGridTextColumn Header="源ip地址" Binding="{Binding SourceIpAddress}" Width="*"></DataGridTextColumn>
+                <DataGridTextColumn Header="目的ip地址" Binding="{Binding TargetIpAddress}" Width="*"></DataGridTextColumn>
+                <DataGridTextColumn Header="源端口" Binding="{Binding SourcePort}" Width="*"></DataGridTextColumn>
+                <DataGridTextColumn Header="目的端口" Binding="{Binding TargetPort}" Width="*"></DataGridTextColumn>
+            </DataGrid.Columns>
+        </DataGrid>
+    </Grid>
+</Window>
diff --git a/ARPSpoofing/Detail.xaml.cs b/ARPSpoofing/Detail.xaml.cs
new file mode 100644
index 0000000..2a01986
--- /dev/null
+++ b/ARPSpoofing/Detail.xaml.cs
@@ -0,0 +1,16 @@
+using System.Windows;
+
+namespace ARPSpoofing
+{
+    /// <summary>
+    /// Interaction logic for Detail.xaml
+    /// </summary>
+    public partial class Detail : Window
+    {
+        public Detail(DetailViewModel detailViewModel)
+        {
+            InitializeComponent();
+            DataContext = detailViewModel;
+        }
+    }
+}
diff --git a/ARPSpoofing/DetailViewModel.cs b/ARPSpoofing/DetailViewModel.cs
new file mode 100644
index 0000000..d897230
--- /dev/null
+++ b/ARPSpoofing/DetailViewModel.cs
@@ -0,0 +1,9 @@
+using CommunityToolkit.Mvvm.ComponentModel;
+
+namespace ARPSpoofing
+{
+    public class DetailViewModel : ObservableObject
+    {
+        public ArpAttackComputer ArpAttackComputer { get; set; }
+    }
+}
diff --git a/ARPSpoofing/MainWindow.xaml b/ARPSpoofing/MainWindow.xaml
index d7a6d75..d0f32c9 100644
--- a/ARPSpoofing/MainWindow.xaml
+++ b/ARPSpoofing/MainWindow.xaml
@@ -167,6 +167,7 @@
                     <ListBox.ContextMenu>
                         <ContextMenu>
                             <MenuItem Header="取消攻击" Command="{Binding StopCallTargetComputerCommand}"></MenuItem>
+                            <MenuItem Header="查看详情" Command="{Binding WatchDetailCommand}"></MenuItem>
                         </ContextMenu>
                     </ListBox.ContextMenu>
                     <ListBox.ItemsPanel>
@@ -215,7 +216,6 @@
                     </ListBox.ItemContainerStyle>
                 </ListBox>
             </TabItem>
-            <TabItem Header="DNS劫持列表"></TabItem>
         </TabControl>
     </Grid>
 </Window>
diff --git a/ARPSpoofing/MainWindowViewModel.cs b/ARPSpoofing/MainWindowViewModel.cs
index 6094280..8905543 100644
--- a/ARPSpoofing/MainWindowViewModel.cs
+++ b/ARPSpoofing/MainWindowViewModel.cs
@@ -1,7 +1,6 @@
 using CommunityToolkit.Mvvm.ComponentModel;
 using CommunityToolkit.Mvvm.Input;
 using PacketDotNet;
-using PacketDotNet.Ieee80211;
 using SharpPcap;
 using SharpPcap.LibPcap;
 using System;
@@ -175,7 +174,7 @@ public bool IsAttacking
         public RelayCommand StopScanCommand { get; set; }
         public RelayCommand CallTargetComputerCommand { get; set; } //攻击目标主机
         public RelayCommand StopCallTargetComputerCommand { get; set; }
-
+        public RelayCommand WatchDetailCommand { get; set; }
         public MainWindowViewModel()
         {
             IsScanning = false;
@@ -186,6 +185,7 @@ public MainWindowViewModel()
             StopScanCommand = new RelayCommand(StopScan);
             CallTargetComputerCommand = new RelayCommand(CallTargetComputer);
             StopCallTargetComputerCommand = new RelayCommand(StopCallTargetComputer);
+            WatchDetailCommand = new RelayCommand(WatchDetail);
             _cancellationTokenSource = new CancellationTokenSource();
             ArpAttackComputers = new ObservableCollection<ArpAttackComputer>();
         }
@@ -200,7 +200,7 @@ private void Loaded()
             {
                 LibPcapLiveDevice = null;
                 MessageBox.Show("网卡数量不足", "错误", MessageBoxButton.OK, MessageBoxImage.Error);
-                return; 
+                return;
             }
 
             LibPcapLiveDevice = LibPcapLiveDevices.FirstOrDefault();
@@ -243,7 +243,7 @@ private void ShiftDevice()
 
             var gw = LibPcapLiveDevice.Interface.GatewayAddresses; // 网关IP
             //ipv4的gateway
-            GatewayIp = gw?.FirstOrDefault(x => x.AddressFamily == AddressFamily.InterNetwork);
+            GatewayIp = gw?.FirstOrDefault(x => x.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork);
             if (GatewayIp == null)
                 return;
 
@@ -252,34 +252,88 @@ private void ShiftDevice()
             GatewayMac = Resolve(GatewayIp);
         }
 
+        private void WatchDetail() 
+        {
+            var targets = ArpAttackComputers.Where(x => x.IsSelected).ToList();
+            foreach (var item in targets)
+            {
+                DetailViewModel detailViewModel = new DetailViewModel();
+                detailViewModel.ArpAttackComputer = item;
+
+                Detail detail = new Detail(detailViewModel);
+
+                detail.Show();
+            }
+        }
+
+        /// <summary>
+        /// 监听到攻击的网卡收到的数据包
+        /// </summary>
+        /// <param name="sender"></param>
+        /// <param name="e"></param>
         private void OnPacketArrival(object sender, PacketCapture e)
         {
-            var device = sender as LibPcapLiveDevice;
-            var packet = Packet.ParsePacket(e.Device.LinkType, e.Data.ToArray());
-            if (packet != null)
+            try
             {
-                if (packet is EthernetPacket ethernetPacket)
+                var device = sender as LibPcapLiveDevice;
+                var packet = Packet.ParsePacket(e.Device.LinkType, e.Data.ToArray());
+                if (packet != null)
                 {
-                    IPPacket ipPacket = ethernetPacket.Extract<IPPacket>();
-                    if (ipPacket == null) return;
-                    if (ipPacket.SourceAddress.ToString() == "192.168.1.2")
+                    if (packet is EthernetPacket ethernetPacket) //数据包是以太网数据
                     {
-                        //var tempTcpPacket = new TcpPacket(outerTcpPacket.SourcePort, outerTcpPacket.DestinationPort);
-                        //tempTcpPacket.PayloadData = outerTcpPacket.PayloadData;
-
-                        //IPv4Packet tempIpV4Packet = new IPv4Packet(outerIpPacket.SourceAddress, outerIpPacket.DestinationAddress);
-                        ////ipPacket.Version = 4;
-                        //tempIpV4Packet.HeaderLength = (byte)(IPv4Fields.HeaderLength + (tempTcpPacket.Options.Count() * 1));
-                        ////ipPacket.typ = 0;
-                        //tempIpV4Packet.TotalLength = (ushort)(tempIpV4Packet.HeaderLength + tempTcpPacket.Bytes.Length);
-                        //tempIpV4Packet.TimeToLive = 128;
-                        //tempIpV4Packet.Protocol = PacketDotNet.ProtocolType.Tcp;
-                        //tempIpV4Packet.PayloadPacket = tempTcpPacket;
-                        ethernetPacket.DestinationHardwareAddress = GatewayMac;
-                        device.SendPacket(ethernetPacket);
+                        var targetComputer = ArpAttackComputers.FirstOrDefault(x => x.MacAddress == ethernetPacket.SourceHardwareAddress.ToString());
+
+                        if (targetComputer != null)
+                        {
+                            var ipPacket = ethernetPacket.Extract<IPPacket>();
+                            if (ipPacket != null)
+                            {
+                                var packetViewModel = new PacketViewModel();
+                                packetViewModel.SourceIpAddress = ipPacket.SourceAddress.ToString();
+                                packetViewModel.TargetIpAddress = ipPacket.DestinationAddress.ToString();
+
+                                var udpPacket = ipPacket.Extract<UdpPacket>();
+                                var tcpPacket = ipPacket.Extract<TcpPacket>();
+                                packetViewModel.Type = "IP";
+                                //try
+                                //{
+                                //    CancellationTokenSource cts = new CancellationTokenSource();
+                                //    cts.CancelAfter(500);
+                                //    IPHostEntry hostEntry = Dns.GetHostEntryAsync(packetViewModel.TargetIpAddress, cts.Token).ConfigureAwait(false).GetAwaiter().GetResult();
+                                //    packetViewModel.Domain = hostEntry.Aliases == null ? null : hostEntry.Aliases.FirstOrDefault();
+                                //}
+                                //catch (Exception) { }
+
+                                if (udpPacket != null)
+                                {
+                                    packetViewModel.SourcePort = udpPacket.SourcePort;
+                                    packetViewModel.TargetPort = udpPacket.DestinationPort;
+                                    packetViewModel.Type = "UDP";
+                                }
+
+                                if (tcpPacket != null)
+                                {
+                                    packetViewModel.SourcePort = tcpPacket.SourcePort;
+                                    packetViewModel.TargetPort = tcpPacket.DestinationPort;
+                                    packetViewModel.Type = "TCP";
+                                }
+
+                                targetComputer.AddPacket(packetViewModel);
+                            }
+                            else
+                            {
+                                ///mac地址没啥好记录的都知道了
+                                var packetViewModel = new PacketViewModel();
+                                packetViewModel.Type = "以太网";
+                                targetComputer.AddPacket(packetViewModel);
+                            }
+                        }
                     }
                 }
             }
+            catch (Exception) 
+            {
+            }
         }
 
         /// <summary>
@@ -487,7 +541,7 @@ private void CallTargetComputer()
                 LibPcapLiveDevice.Open(DeviceModes.Promiscuous, 20);
                 LibPcapLiveDevice.Filter = "ether dst " + LocalMac.ToString();
                 LibPcapLiveDevice.StartCapture();
-            
+
             }
             foreach (var compute in target)
             {
@@ -601,7 +655,7 @@ public class ArpAttackComputer : ObservableObject
         public Task ArpAttackTask { get; set; }
         public Task DnsAttackTask { get; set; } //todo define dns attack
         public CancellationTokenSource CancellationTokenSource { get; set; }
-
+        public ObservableCollection<PacketViewModel> Packets { get; set; }
         private double _value;
         public double Value
         {
@@ -612,6 +666,7 @@ public double Value
         public ArpAttackComputer()
         {
             CancellationTokenSource = new CancellationTokenSource();
+            Packets = new ObservableCollection<PacketViewModel>();
             Task.Run(async () =>
             {
                 while (true)
@@ -630,6 +685,23 @@ public ArpAttackComputer()
             });
         }
 
+        private object _lock = new object();
+        public void AddPacket(PacketViewModel packetViewModel)
+        {
+            lock (_lock)
+            {
+                Application.Current.Dispatcher.Invoke(() =>
+                {
+                    if (Packets.Count >= 512)
+                    {
+                        Packets.RemoveAt(0);
+                    }
+
+                    Packets.Add(packetViewModel);
+                });
+            }
+        }
+
         /// <summary>
         /// 发送arp诈骗
         /// </summary>
@@ -643,4 +715,23 @@ internal void CancelTask()
             CancellationTokenSource?.Cancel();
         }
     }
+
+    /// <summary>
+    /// 被arp欺骗的电脑数据包
+    /// </summary>
+    public class PacketViewModel : ObservableObject
+    {
+        /// <summary>
+        /// 网络层
+        /// </summary>
+        public string SourceIpAddress { get; set; }
+        public string TargetIpAddress { get; set; }
+        /// <summary>
+        /// 传输层
+        /// </summary>
+        public ushort SourcePort { get; set; }
+        public ushort TargetPort { get; set; }
+        public string Type { get; set; }
+        public string Domain { get; set; }
+    }
 }