C# 更改传入和传出 TCP 通信

发布于 2024-10-19 02:18:46 字数 297 浏览 4 评论 0原文

读取、更改和重新发送 TCP 通信的最佳方式是什么?

例如,我有一个服务器应用程序,它告诉主服务器它还活着,并在端口 3209 上通过 TCP 发送数据包。它发出“我还活着,我的 ip 是 xxx.xxx.xxx.xxx,我当前有 3 个客户端连接到我。”然后主服务器响应:“Hello xxx.xxx.xxx.xxx 我在那里看到你了。”

服务器将数据包发送到主服务器的 MITM 的最佳方式是什么?我希望能够将“我还活着”更改为“我改变了”,甚至将“当前 3 个客户端连接”更改为“当前 0 个客户端连接”

如有任何想法,谢谢。

What is the best way of reading, changing, and resending tcp communications?

For instance i have a server application that tells a master server it's alive sending a packet over TCP on port 3209. It sends out "I'm alive, my ip is xxx.xxx.xxx.xxx and I have currently 3 clients connected to me." the master server then responds, "Hello xxx.xxx.xxx.xxx i see you there."

Whats the best way of MITM of the server sending its packet to the master server? I would like to be able to change "i'm alive," to something like, "I'm changed," or even "currently 3 clients connected" to "currently 0 clients connected"

Any ideas appreciated, thank you.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

箹锭⒈辈孓 2024-10-26 02:18:46

没有必要发出这样的信息。

首先,TCP是面向连接的,所以只要有连接就活。

您可以使用 TCPClient.Connected 属性。

其次,TCP 在 IP 上运行,因此在 IP 标头中您可以找到发送者 IP(位于套接字属性中),因此也无需发送 IP。

您可以使用 TCPClient 检查远程 IP 地址。 Socket.RemoteEndPoint 属性。

最后,您可能感兴趣的唯一事情是“3 个客户端连接部分”,它可以编码为简单的整数传输。即 4 字节的心跳。

介入连接是很棘手的,并且与通信协议无关。老实说,这是一项艰巨的工作,如果已经存在连接,您将必须找到一种方法让客户端或服务器删除它,然后让服务器重新建立与您的 MIDM 的连接。更重要的是,如果直接连接到 IP 地址,您将不得不以某种方式弄乱路由器表才能使攻击成功,如果不是,也许 DNS 中毒会对您起作用……无论如何,这不是一件容易的事。

这些只是想法...这取决于网络的类别,您是否有物理访问权限,客户端和服务器是否相互信任(就像它们是您的应用程序一样)等等...我假设所有这至少是道德的或教育性的......:)

There's no need to send out that kind of message.

First of all, TCP is connection oriented, so as long as you have a connection you'll be alive.

You can check if you're still connected by using the TCPClient.Connected property.

Secondly, TCP runs over IP so in the IP header you can find the sender IP (is in the socket properties) so no need to send the IP neither.

You can check the remote IP address by using TCPClient.Socket.RemoteEndPoint property.

Finally, the only thing you might be interested in telling is the "3 clients connected part" wich can be coded as a simple integer transmision. That is, a 4 bytes hearbeat.

Getting in the middle of the connection IS tricky and has nothing to do with communication protocols. And honestly it's a hell of a job, if there's a connection already present you'll have to find a way to make the client or the server drop it and then have the server reestablish it to your MIDM. More though, if the connection is made directly to an IP address you'll have to mess with the router tables somehow for the attact to be succesful, if it's not maybe DNS poisoning will work for you... anyway not an easy task.

Those are only ideas... it depends on the class of network, if you have physical access or not, if the client and the server trust each other (as in if they are your applications) and so on... I assume all this is ethical or educational at least... :)

旧人九事 2024-10-26 02:18:46

查看 SharpPcap 或任何其他数据包捕获/注入库。

为了实现 MITM,您必须强迫客户端认为您是服务器,而服务器则认为您是客户端。为此,您必须按照此处。然后,您将捕获数据包,修改它们并将它们注入网络(使用正确的 MAC 地址)。

Have a look at SharpPcap or any other packet capturing/injecting library.

In order to MITM, you'll have to force the client to think you're the server and the server to think you're the client. For that, you'll have to send ICMP packet to both machines as described here. Then, you will capture the packets, modify them and inject them to the network (with the correct MAC address).

铁憨憨 2024-10-26 02:18:46

选择一个不同的工具 - 这是在 C# 中尝试的级别太低的事情。这种事情是通过使用 Windows 过滤平台来实现的(在 Vista 及更高版本上)

Pick a different tool - this is too low level a kind of thing to attempt in C#. This kind of thing is achieved (on Vista and later) using the Windows Filtering Platform

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文