Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-30-2013, 23:58
Smoke Smoke is offline
Friend
 
Join Date: Jan 2013
Posts: 24
Rept. Given: 13
Rept. Rcvd 8 Times in 4 Posts
Thanks Given: 4
Thanks Rcvd at 7 Times in 2 Posts
Smoke Reputation: 8
Question Intercept requests and modification of the server response

I want to intercept all browser requests and then add some js into server responses before it will appears in browser.

For example "Ad muncher" is doing it. It add js that removes all ad from pages.

Please give me some advise, how I can do it?

I'm using C#.

I found 2 solutions that may be can help me:

1) www.fiddler2.com But as I understand I could only write my own plugin for it, but I can't make standalone application. And also it is a proxy-type solution..

2) www.tcpdump.org and www.winpcap.org I can't find how to modify server responses, I found some info only about sniffering the requests.

P.S: I don't want to use proxy server for this purpose.

Thanks for any help.
Reply With Quote
  #2  
Old 07-31-2013, 00:57
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 851
Rept. Given: 324
Rept. Rcvd 216 Times in 110 Posts
Thanks Given: 168
Thanks Rcvd at 354 Times in 201 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
>I want to intercept all browser requests
do you work by IP or by domain name with your service?
Reply With Quote
  #3  
Old 07-31-2013, 15:52
Loki Loki is offline
Lo*eXeTools*rd
 
Join Date: Jan 2009
Posts: 122
Rept. Given: 156
Rept. Rcvd 65 Times in 30 Posts
Thanks Given: 58
Thanks Rcvd at 18 Times in 13 Posts
Loki Reputation: 65
I use GreaseMonkey to do this quite a lot - extremely powerful as you're using JS to mod HTML/JS
Reply With Quote
The Following User Gave Reputation+1 to Loki For This Useful Post:
Smoke (07-31-2013)
  #4  
Old 07-31-2013, 20:23
Smoke Smoke is offline
Friend
 
Join Date: Jan 2013
Posts: 24
Rept. Given: 13
Rept. Rcvd 8 Times in 4 Posts
Thanks Given: 4
Thanks Rcvd at 7 Times in 2 Posts
Smoke Reputation: 8
Intercept requests form all application(chrome, firefox,yahoo,...) and modification of the server response
Reply With Quote
  #5  
Old 08-02-2013, 08:01
athapa athapa is offline
Friend
 
Join Date: Jul 2013
Posts: 24
Rept. Given: 4
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 6
Thanks Rcvd at 4 Times in 3 Posts
athapa Reputation: 1
I'd think proxy server would be easier than trying to make some other drivers to intercept and modify the packets.

Seems like windivert may let you do what you want. However I've never used that myself. Also it is in c not c#. Not sure if anyone have ported that. You may be able to pinvoke windivert dlls.

The closest thing I've used in c# is winpcap but that only intercept but not modify packets.

HTH,
athapa
Reply With Quote
The Following User Gave Reputation+1 to athapa For This Useful Post:
Smoke (08-02-2013)
  #6  
Old 08-05-2013, 00:08
memcpy memcpy is offline
Friend
 
Join Date: Nov 2011
Posts: 22
Rept. Given: 6
Rept. Rcvd 10 Times in 8 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
memcpy Reputation: 10
Hook all user internet APIs and change them inplace in memory.
Reply With Quote
  #7  
Old 08-05-2013, 08:40
athapa athapa is offline
Friend
 
Join Date: Jul 2013
Posts: 24
Rept. Given: 4
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 6
Thanks Rcvd at 4 Times in 3 Posts
athapa Reputation: 1
It may be possible to hook to HttpOpenRequest and other calls in wininet.dll as mentioned by memcpy. However if you want to support more than 1 browser types then you'll need to look at what api calls are made by other browsers. API Monitor mentioned here may help - http://www.rohitab.com/api-monitor-tutorial-sniffing-internet-explorer-ssl-data with that quest
Reply With Quote
  #8  
Old 08-06-2013, 19:15
trtty trtty is offline
Friend
 
Join Date: Feb 2010
Posts: 5
Rept. Given: 8
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
trtty Reputation: 0
Smoke, you would like to inject js's only in one project or you want to build a tool for this?

If 2nd, there is no need in hooking APIs... Build LSP library and add all required data to the packet.
Reply With Quote
  #9  
Old 08-07-2013, 13:22
Evilcry Evilcry is offline
Friend
 
Join Date: Jan 2009
Posts: 56
Rept. Given: 4
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 1
Thanks Rcvd at 39 Times in 17 Posts
Evilcry Reputation: 15
Try also to take a look on how work ZeuS (source code for version 2.0.8.9) are available, you can check how WebInjection is managed.
Reply With Quote
  #10  
Old 08-07-2013, 22:40
athapa athapa is offline
Friend
 
Join Date: Jul 2013
Posts: 24
Rept. Given: 4
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 6
Thanks Rcvd at 4 Times in 3 Posts
athapa Reputation: 1
Zeus sounds interesting but it is cpp not c#.
LSP might work but you'd need to build that in cpp and pinvoke that in your .net code.

I don't think you are targeting XP or older, then see if windows packet filtering api works:
http://www.codeproject.com/Articles/5144/An-Easy-Firewall-Application

Most likely you'd want to support Windows 7 and greater so in that case you could use Windows Filtering Platform (WFP). I've not seen a complete project yet in .net but this may help.
http://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/e2308de1-e892-4a07-9bc8-7278d1f5b104/wfp-with-c

BTW why c#?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Intercepting web requests from an application and modifying response Sailor_EDA General Discussion 8 05-06-2017 03:51
Site issue: no https response RedBlkJck General Discussion 6 03-20-2014 19:44


All times are GMT +8. The time now is 06:39.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )