5

Can i listen to outgoing HTTP Requests with my application without using WinPCap?

Danpe
  • 18,668
  • 21
  • 96
  • 131
  • 2
    Yes, there surely are other filter drivers that let you snoop on the TCP/IP driver stack. They all work the same way though, the mechanism is fixed in the Windows driver model. The nicer ones have a UI and a cracker that decodes the IP frame for you. Ethereal, Fiddler and WireShark are the better known ones. Hmm, what are the odds that they use winpcad under the hood? High. – Hans Passant Jul 03 '11 at 21:37
  • So if i want my application to sniff TCP/IP i need to use WinPcap so it extends my application with DLLs librerys and all of this ..? – Danpe Jul 03 '11 at 21:41
  • 1
    This is not a good way to ask a question. You have to leave room for contributors at SO to figure out 1: why you don't like to use the standard solution, 2: why you need to snoop on network traffic, 3: what you have tried, 4: why it failed. Without that information, it is just a shopping question. Which are off topic here. – Hans Passant Jul 03 '11 at 21:45
  • @Hans, I think Ethereal and Wireshark both use winpcap, but fiddler inserts itself as a web proxy. – spender Jul 03 '11 at 22:25

2 Answers2

2

The way Fiddler and Charles do this is by inserting themselves as the system proxy. That way, when a browser (or .net for that matter) make an HTTP request, it goes via the proxy and can therefore be traced. So to do this you need to write a proxy and figure out how to set it as the proxy used by the network app you wish to trace. If it's sensibly written, it should use the system defined proxy, which in this case will be your sniffer app.

spender
  • 117,338
  • 33
  • 229
  • 351
  • To general, how can i force the system to go trough my C# proxy... ? – Danpe Jul 03 '11 at 22:49
  • http://stackoverflow.com/questions/2020363/how-to-change-global-windows-proxy-using-c-net-with-immediate-effect seems to be the answer you need. – spender Jul 03 '11 at 22:55
0

I don't know for sure if it works for outbound packets, but you can set up a socket as SOCK_RAW and it will receive all inbound packets.

Jason Goemaat
  • 28,692
  • 15
  • 86
  • 113