Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   capture and emulate internet data (https://forum.exetools.com/showthread.php?t=15846)

pertican 06-05-2014 19:03

capture and emulate internet data
 
hi to all
I have a target that connect to Internet for license check and for every opening the softwarel I need to connect to Internet (I have valid license)

can anyone tell me how I can capture and emulate data to software working without access to Internet.

ps : I don't want patch it I want emulate, something like dangle emulate.

sorry for bad english

regards

DMichael 06-05-2014 20:50

Capture with WireShark or CommView should work great

Syoma 06-06-2014 00:29

Most probable you could not just capture and emulate the remote server because of traffic encryption.

goku 06-06-2014 01:12

Small HTTP server

chessgod101 06-16-2014 01:44

I have seen a technique that involves API modification. If you know which API it uses to connect to the server and retrieve the information and know exactly what and how the data is returned, you can first use VirtualProtect to make the API readable and writable, patch it to call your own custom code, feed in the correct return values, and then restore the original code to the API in case it is used for another function in the program.

uranus64 06-16-2014 02:29

Can to see your target ? And maybe some captured traffic ?

mr.exodia 06-16-2014 02:40

1 Attachment(s)
here is a solution I used various times before, it's an embedded webserver and you can write the returns in C++ code instead of a big HTML thing.

Based on mongoose, do not use for commercial stuff. Credit where you think it's needed.

Greetings,

Mr. eXoDia

user1 06-16-2014 03:45

Something like Sentinel HL Cloud Emulator?

Av0id 06-17-2014 13:00

also you can find examples in polarssl

secmask 06-18-2014 13:59

proxifier is an other option, it allow you to force your application traffic to a socks proxy, then proxifier can dump all of the traffic. If the traffic is not using SSL then it can easy be replayed using handing tool such as nodejs.

Vosiyons 09-14-2022 21:29

Quote:

Originally Posted by mr.exodia (Post 92103)
here is a solution I used various times before, it's an embedded webserver and you can write the returns in C++ code instead of a big HTML thing.

Based on mongoose, do not use for commercial stuff. Credit where you think it's needed.

Greetings,

Mr. eXoDia

dear @mr.exodia How can we identify which API it uses to connect to the server and get the information and what exactly and how the data is returned I greet you with respect and love...

Turkuaz 09-15-2022 02:36

Quote:

Originally Posted by pertican (Post 91834)
hi to all
I have a target that connect to Internet for license check and for every opening the softwarel I need to connect to Internet (I have valid license)

can anyone tell me how I can capture and emulate data to software working without access to Internet.

ps : I don't want patch it I want emulate, something like dangle emulate.

sorry for bad english

regards

https://www.mandiant.com/resources/blog/fakenet-ng-next-gen this is mainly for malware traffic analysis. But you can use it i guess

pp2 09-16-2022 01:12

Just another idea: if your app uses SSL as a dynamic library, you can build your own version of such library which saves all data unencrypted.

Vosiyons 09-21-2022 04:38

2 Attachment(s)
If you know the incoming response from the opposite server, it's an embedded webserver and you can write the returns in C++ code instead of a big HTML thing.

Vosiyons 09-21-2022 19:26

1 Attachment(s)
Bypass License Verification!


All times are GMT +8. The time now is 22:59.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX