Network Packet Forging

Hello guys,

I've had a though semester and I haven't been programming at all. I'm finally back.

So what I am trying to accomplish here is to write a packet forger, I've actually wrote one but not the way I'd like.

So here is what I want to do, and have done to an extent:

1
2
3
4
5
6
1.- Intercept a packet from a local application.
2.- Modify it in some way.
3.- Send it to where it was going before I intercepted it.
4.- Receive the response packet from the remote service.
5.- Modify it (or not).
6.- Resend it to the original application.


So the way I've accomplish this was to write an intermediary server listenning on local host. Than I modify the hosts files in windows to obly the app to send the packets through my program.

What I want to do here is bypass the hosts files modification step. I've looked into libpcap and libnet but as I understood it's only possibly to sniff the packets and not to intercept them.

Any ideas on how I could accomplish this?

Thanks,
eidge
See if the Windows Filtering Platform is good for this. I don't really know for sure if it allows for packet modification.

http://msdn.microsoft.com/en-us/library/windows/hardware/gg463267.aspx
It seems like it will do the job.

Still I'd rather use something more cross-platform, do you think it might exist?

EDIT: if a redirect lib exist it would also do the job. I just need to redirect the packet coming from an app to mine. Just like hosts works, but the hosts files works by redirecting a destination and not by redirection traffic coming from a specific application...
Last edited on
Well, if you wanted cross-platform you should have said so. :-P You posted in the Windows Programming forum, so I never would have guessed you were looking for a neutral library.

I only program for Windows, so I cannot really point out other solutions.
Sorry, I didn't really know were to put it since it's such a specific question. And I am indeed programming for windows in this case, so a windows solution is better then no solution at all.

Do you know any solution for the "edit" in the above post?
No, sorry. I rarely know about libraries. I usually know about WinAPI.
libpcap is usually the most used for network packets interception. Itis cross platform.
http://sourceforge.net/projects/libpcap/
From what I read, libpcap is a sniffing lib. One can't redirect packets, or am I wrong?
There is no platform independent solution to "man in the middle attacks", which is what you're actually doing.

Why? Because you have to intercept parts of the networking implementation and not using a standard interface. No standard == non-portable.
I wonder if there is ever a legitimate means for creating a program like this. Looks like the OP wants to be a hacker.
I think he's just trying to understand the principles, and not trying to do something bad. It's an intriging area, there's nothing wrong with exploring the possibilities.
Off-topic:
Not that you actually deserve to be answered but here we go:

Hell yes I want to be a hacker, everyone should want to be a hacker.

As I see the world a hacker is just someone who likes to know what's under the bonet, fiddle with it, break it once or twice and then get it back up.

A possible legitimate use of a "program like this" is to trick a remote server into thinking you're using something your not. Imagine if all the sudden you couldn't use firefox on google services?

As ridiculous as it might seem, problems like these arise everyday in dictatorship like countries. Just look at the VoIP law implemented in Etiopia.

On-topic:

Windows Filtering Platform so do you think this is the way to go?

Will this allow me to change packet contents and not just filter them? From the read I've done this is the windows api to implement firewalls, anti-virus.. I'm not sure if it is capable of doing what I want.

I'm going to take a deeper read anyway.

EDIT: Homework done, from what I've read I believe the windows api will do the job. Anyway if anyone knows of some cross-platform way of routing packets, please let me know.
Last edited on
Topic archived. No new replies allowed.