capture and emulate internet data

[pertican]

hi to all
I have a target that connect to Internet for license check and for every opening the softwarel I need to connect to Internet (I have valid license)

can anyone tell me how I can capture and emulate data to software working without access to Internet.

ps : I don't want patch it I want emulate, something like dangle emulate.

sorry for bad english

regards

[DMichael]

Capture with WireShark or CommView should work great

[Syoma]

Most probable you could not just capture and emulate the remote server because of traffic encryption.

[goku]

Small HTTP server

[chessgod101]

I have seen a technique that involves API modification. If you know which API it uses to connect to the server and retrieve the information and know exactly what and how the data is returned, you can first use VirtualProtect to make the API readable and writable, patch it to call your own custom code, feed in the correct return values, and then restore the original code to the API in case it is used for another function in the program.

[uranus64]

Can to see your target ? And maybe some captured traffic ?

[mr.exodia]

here is a solution I used various times before, it's an embedded webserver and you can write the returns in C++ code instead of a big HTML thing.

Based on mongoose, do not use for commercial stuff. Credit where you think it's needed.

Greetings,

Mr. eXoDia

[user1]

Something like Sentinel HL Cloud Emulator?

[Av0id]

also you can find examples in polarssl

proxifier is an other option, it allow you to force your application traffic to a socks proxy, then proxifier can dump all of the traffic. If the traffic is not using SSL then it can easy be replayed using handing tool such as nodejs.

[Vosiyons]

Quote:

Originally Posted by mr.exodia

here is a solution I used various times before, it's an embedded webserver and you can write the returns in C++ code instead of a big HTML thing.

Based on mongoose, do not use for commercial stuff. Credit where you think it's needed.

Greetings,

Mr. eXoDia

dear @mr.exodia How can we identify which API it uses to connect to the server and get the information and what exactly and how the data is returned I greet you with respect and love...

[Turkuaz]

Quote:

Originally Posted by pertican

hi to all
I have a target that connect to Internet for license check and for every opening the softwarel I need to connect to Internet (I have valid license)

can anyone tell me how I can capture and emulate data to software working without access to Internet.

ps : I don't want patch it I want emulate, something like dangle emulate.

sorry for bad english

regards

https://www.mandiant.com/resources/blog/fakenet-ng-next-gen this is mainly for malware traffic analysis. But you can use it i guess

[pp2]

Just another idea: if your app uses SSL as a dynamic library, you can build your own version of such library which saves all data unencrypted.

[Vosiyons]

If you know the incoming response from the opposite server, it's an embedded webserver and you can write the returns in C++ code instead of a big HTML thing.

[Vosiyons]

Bypass License Verification!