How to intercept TCP packets on the fly?

S

Sersoftin2017-01-13 04:06:12

Programming

Sersoftin, 2017-01-13 04:06:12

Welcome all. The question consists in the following: there is a task on modification of network packets. It is necessary to intercept packets in the program that fly according to def. ip addresses via def. ports (the packets themselves are not sent by my program), intercept them, process and send further. The packet size may change after processing. This must be done under Windows. I looked in the direction of WinPcap, but:
1) it seems that it does not allow changing at all what has reached the level at which it works.
2) scares with its low level. I would not really like to edit its header (size, checksum, etc.) after modifying the data in the packet by hand in the same place. It's also scary that you need to specify the interface that it should listen on. I want it to somehow determine where the Internet is and what you need to listen to.
send/recv hooks are not possible by def. reasons, as well as the use of a proxy. But I want something similar. The golden mean between hooks and pcap. Is there such a thing and what can you advise me to use in this situation?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

I

Ilya Evseev, 2017-01-13
@Sersoftin

tcpreplay.synfin.net/wiki/tcprewrite
Also fragroute and netsed.

R

Rou1997, 2017-01-13
@Rou1997

For some reason, hooks on WinAPI functions are not possible, but installation of the WinNT kernel driver is possible?
Another option is to reverse engineer and then "patching" the application that sends the packets.

T

Tujh, 2017-01-13
@Tujh

The best solution is to install a proxy machine after all. Everything else will take too long.