1

I'm trying to create a tool, which would append/edit something inside specific packets, before they get sent to the specific website.

For now I was using Wpe Pro to apply this filter.

Is there something similar in C# to create this tool?

Jevgeni Geurtsen
  • 3,133
  • 4
  • 17
  • 35
d4ne
  • 158
  • 2
  • 14
  • 1
    Even if this is a bit broad, I am interested in possible ways too. I guess we are talking about editing TCP/UDP packets. Point of interest is also editing packets when using SSL connections. – C4d Jul 25 '16 at 11:00
  • Yes im talking about TCP/UDP packets :) – d4ne Jul 25 '16 at 11:01
  • Since you will have to use [Pcap](https://www.winpcap.org/), you might want to use [this](http://pcapdotnet.codeplex.com/SourceControl/latest) .NET implementation. – lokusking Jul 27 '16 at 13:41

1 Answers1

3

There is not really a general way to do this. There are multiple possibilities you have to consider and see if they fit your situation. For example you can edit a packet that is send using HTTP by using Pcap.NET (as said in the comments) easily. There are dozens of examples out there on the web that will guide you in modifying packets using Pcap, for example this discussion on the official Pcap.NET forums.

However, if the packet is using HTTPS (SSL/TLS) then the payload, which is the actual data being send, will be encrypted and this could be bypassed; if one/multiple precondition(s) of SSL are broken or by using a tool like sslstrip (python). Note that sslstrip will try to force the socket to be send through HTTP even if HTTPS is requested and this is not guaranteed to work.

Personally I will always try to avoid touching the sockets even anything network related. Especially when it involves HTTPS, because as you probably understand by now, this is pretty hard to bypass. I have no idea what program you are attempting to break, but I felt like it would benefit to this answer.

For HTTP, one could easily create a simple program that hooks the Windows Socket API. You should be looking into the send function and possibly even the recv (receive) function. You can modify the payload as you wish or even replace it with another payload, if desired. Note that data that is send through the winsock.send function is already encrypted (if SSL/TLS is being used) as the application will handle layers 7 (application layer), 6 (presentation layer) and 5 (session layer, this is where SSL gets applied) of the OSI model. Winsock is a bridge between layer 5 and 4.

For HTTPS you can still use hooking, but you must hook the part of the application where it handles the connections and make sure you apply your (modified) payload before it initializes the connection / sets the payload. This may sound hard to do, put it is actually pretty easy to do, if you are willing to learn and have some time.

Community
  • 1
  • 1
Jevgeni Geurtsen
  • 3,133
  • 4
  • 17
  • 35
  • The goal (at least for me) is to handle general browsers behaviour with some data. If facing that much problems with SSL the alternative way would only be hooking up into the browser itself. But as there are many different of them I would need to code this for multiple browsers = much work to do. I was hoping grabbing the packets would group all of them on one place... :/ – C4d Jul 27 '16 at 14:51
  • If the browser visits the website using HTTP you can use any of the described methods but if it visits the website using HTTPS you either need to have the master certificate or hook the browser in order to decrypt, modify and (re-)encrypt the payload. – Jevgeni Geurtsen Jul 27 '16 at 14:54
  • Hmm not solved in the way I hoped for but I guess with this comment we are done in here. Thanks for clearing that out. Ill set the reward as far as the countdown went to 0 (22 hours). – C4d Jul 27 '16 at 15:19