How can you "infiltrate" an existing TCP/IP connection of an existing process and send your own packets?

M

Maxim Kuzmin2019-02-15 21:02:35

C++ / C#

Maxim Kuzmin, 2019-02-15 21:02:35

It's a difficult question, if I could figure it out myself, I wouldn't ask.

The task is next. A third-party process has an open TCP/IP connection. It sends certain packets, it receives certain packets, it doesn't matter. It is necessary to make sure that my program sends its additional packets to the same socket without creating a second connection, i.e., as if infiltrating an existing connection and sending its packets after the existing ones.

In Google, I read that this is possible, but rather laborious, because you need to do hooks on ws2_32.dll and get the socket handle, but how exactly to do this is not said. I myself am not strong in C ++ and WinAPI, so if possible, an answer in the style of a "teapot" is welcome.

Perhaps somehow else it is possible through DLL injection, but I'm not sure.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

C

CHolfield, 2019-02-16
@CHolfield

The TCP packet contains an identifier that is sequentially incremented by both parties. If you send a packet with the wrong ID, the recipient will drop it. If you guess the identifier, then the next packets from the "legal" sender will be discarded, because the identifiers in them will not be the ones that are expected. Modify packages on the fly, keeping this sequence, as well as not forgetting about the checksum, you will not be allowed by the computing power of your computer and the level of your theoretical training. Dll-injection and C++ - forget about it, your questions don't leave you a chance. Send packages after him bgggg.