WinArpAttacker3.50

经过我们的工作人员测试,不含恶意插件或后门.但黑客软件是认为是病毒的,推荐大家在虚拟机下做测试。

运行环境:Win9x/NT/2000/XP/2003
软件等级:★★★
开发商:佚名
视频观看:软件演示地址软件注册地址
授权方式:免费版
解压密码:www.chkh.com

文件大小:685 K
软件类别:国产软件
授权方式:免费版
软件添加:阿杰
添加时间:2008-9-26 11:07:53
下载次数:次

WinArpAttacker3.50的描述

Caution: This program is dangerous, it is released just for research, any possible loss caused by this program is no relation with the author (unshadow), if you don't permit this, you must delete it immediately.

If you use this program, I think you permit all of these.
-----------------------------------------------------------------------------
WinArpAttacker is based on wpcap, you must install wpcap driver before running it.
wpcap: http://winpcap.polito.it/install/bin/WinPcap_3_1.exe
If you had installed old version of winpcap, just install WinPcap_3_1.exe overwrite it.
-----------------------------------------------------------------------------

Contents
   1. Overview
   2. System Requirement
   3. What's New
   4. Getting Started
   5. Known Issues
   6. Revision History
   7. To do

-----------------------------------------------------------------------------

1. Overview
------------------------------------

WinArpAttacker is a program that can scan,attack,detect and protect computers on local area network.

The features as following:

1.1 Scan

   -. It can scan and show the active hosts on the LAN within a very short time (~2-3 seconds).
      It has two scan mode, one is normal scanning, the other is antisniff scanning. The later is to find who is sniffing on the lan.
   -. It can save and load computer list file.
   -. It can scan the Lan regularly for new computer list.
   -. It can update the computer list in passive mode using sniffing technology, that is, it can update the computer list from the sender's address of arp request packets without scanning the lan.
   -. It can perform advanced scanning when you open advanced scanning dialg on menu.
   -. It can scan a B class ip range in advanced scan dialg.
   -. It can scan acthost listed in event listview.

1.2 Attack
   -. It can pull and collect all the packets on the LAN.
   -. It can perform six attacking actions as following:
     (1) Arp Flood - Send ip conflict packets to target computers as fast as possible, if you send too much, the target computers will down. :-(
     (2) BanGateway - Tell the gateway a wrong mac address of target computers, so the targets can't receive packet from the internet. This attack is to forbid the targets access the internet.
     (3) IPConflict - Like Arp Flood, send ip conflict packets to target computers regularly, maybe the users can't work because of regular ip conflict message. what's more, the targets can't access the lan.
     (4) SniffGateway - Spoof the targets and the gateway, you can use sniffer to collect packets between them.
     (5) SniffHosts   - Spoof among two or above targets, you can use sniffer to collect packets among all of them. (dangerous!!!!)
     (6) SniffLan     - Just like SniffGateway, the difference is that SniffLan sends broadcast arp packets to tell all computers on the lan that this host is just the gateway, So you can sniff all the data between all hosts with the gateway.(dangerous!!!!!!!!!!!!!!)
   -. While spoofing ARP tables, it can act as another gateway (or ip-forwarder) without other users' recognition on the LAN.
   -. It can collect and forward packets through WinArpAttacker's ipforward function, you had best check disable system ipforward function because WinArpAttacker can do well.
   -. All data sniffed by spoofing and forwarded by WinArpAttacker ipforward function will be counted, as you can see on main interface.
   -. As your wish, the arp table is recovered automatically in a little time (about 5 seconds). Your also can select not to recover.