Answer the question
In order to leave comments, you need to log in
How to intercept network packets before they are encrypted?
Hello ! I must say right away that I am new to both Linux and the C programming language. I decided to create a program that catches network packets that will be transmitted over the TLS (1.2) protocol and logs plain text (plain text, not encrypted). That is, I need to intercept the data before the encryption function is applied to it. I thought that a sniffer would help me, I decided to write it myself (I know about Wireshark). I managed to write a simple sniffer in pure C (without using libpcap), I see the transmitted packets. Regarding HTTPS, I see packets with data already encrypted. After bogging down in theory for several weeks, I suddenly realized that it would not be possible to get packets in this way before they were encrypted. Now, thoughts about solving this problem tend tomanipulation at the kernel level . I'm sorry, maybe the question is very stupid and I don't understand something elementary, but how can I get programmatic access to the process that generates network packets before they are encrypted? Push on man'y, or links to this subject. Honestly, there are no more thoughts. The target program will be located only on my computer, with root rights. I do this as a hobby. It is desirable that the solution can be implemented in pure C (I love it). If it helps, I have Gentoo GNU/Linux, kernel 3.10, I know English well. I will be grateful for any help.
Answer the question
In order to leave comments, you need to log in
If encryption / decryption is done by some library, it is easiest to intercept these library calls. To do this, you need to find out the name of these functions and replace them with your own library loaded into the process via LD_PRELOAD.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question