Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-05-2014, 19:03
pertican pertican is offline
Family
 
Join Date: Oct 2011
Posts: 33
Rept. Given: 43
Rept. Rcvd 51 Times in 12 Posts
Thanks Given: 4
Thanks Rcvd at 3 Times in 3 Posts
pertican Reputation: 51
capture and emulate internet data

hi to all
I have a target that connect to Internet for license check and for every opening the softwarel I need to connect to Internet (I have valid license)

can anyone tell me how I can capture and emulate data to software working without access to Internet.

ps : I don't want patch it I want emulate, something like dangle emulate.

sorry for bad english

regards
Reply With Quote
  #2  
Old 06-05-2014, 20:50
DMichael's Avatar
DMichael DMichael is offline
Family
 
Join Date: Apr 2012
Location: Israel
Posts: 197
Rept. Given: 138
Rept. Rcvd 281 Times in 72 Posts
Thanks Given: 13
Thanks Rcvd at 31 Times in 25 Posts
DMichael Reputation: 200-299 DMichael Reputation: 200-299 DMichael Reputation: 200-299
Capture with WireShark or CommView should work great
Reply With Quote
The Following User Gave Reputation+1 to DMichael For This Useful Post:
pertican (06-06-2014)
  #3  
Old 06-06-2014, 00:29
Syoma Syoma is offline
reverse engineer
 
Join Date: May 2009
Posts: 338
Rept. Given: 35
Rept. Rcvd 77 Times in 50 Posts
Thanks Given: 15
Thanks Rcvd at 78 Times in 51 Posts
Syoma Reputation: 77
Most probable you could not just capture and emulate the remote server because of traffic encryption.
Reply With Quote
The Following User Gave Reputation+1 to Syoma For This Useful Post:
pertican (06-06-2014)
  #4  
Old 06-06-2014, 01:12
goku goku is offline
Banned User
 
Join Date: Feb 2009
Location: https://t.me/pump_upp
Posts: 128
Rept. Given: 30
Rept. Rcvd 34 Times in 15 Posts
Thanks Given: 23
Thanks Rcvd at 6 Times in 4 Posts
goku Reputation: 34
Small HTTP server
Reply With Quote
The Following User Gave Reputation+1 to goku For This Useful Post:
pertican (06-06-2014)
  #5  
Old 06-16-2014, 01:44
chessgod101's Avatar
chessgod101 chessgod101 is offline
Co-Administrator
 
Join Date: Jan 2011
Location: United States
Posts: 535
Rept. Given: 2,218
Rept. Rcvd 691 Times in 219 Posts
Thanks Given: 700
Thanks Rcvd at 939 Times in 186 Posts
chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699
I have seen a technique that involves API modification. If you know which API it uses to connect to the server and retrieve the information and know exactly what and how the data is returned, you can first use VirtualProtect to make the API readable and writable, patch it to call your own custom code, feed in the correct return values, and then restore the original code to the API in case it is used for another function in the program.
__________________
"As the island of our knowledge grows, so does the shore of our ignorance." John Wheeler
Reply With Quote
The Following User Gave Reputation+1 to chessgod101 For This Useful Post:
Vivaldi (06-16-2014)
  #6  
Old 06-16-2014, 02:29
uranus64 uranus64 is offline
VIP
 
Join Date: Mar 2011
Location: EE
Posts: 315
Rept. Given: 595
Rept. Rcvd 462 Times in 140 Posts
Thanks Given: 480
Thanks Rcvd at 241 Times in 82 Posts
uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499
Can to see your target ? And maybe some captured traffic ?
Reply With Quote
  #7  
Old 06-16-2014, 02:40
mr.exodia mr.exodia is offline
Retired Moderator
 
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
here is a solution I used various times before, it's an embedded webserver and you can write the returns in C++ code instead of a big HTML thing.

Based on mongoose, do not use for commercial stuff. Credit where you think it's needed.

Greetings,

Mr. eXoDia
Attached Files
File Type: rar mongoose_embed.rar (257.3 KB, 98 views)
Reply With Quote
The Following 11 Users Gave Reputation+1 to mr.exodia For This Useful Post:
alekine322 (06-17-2014), bilbo (06-16-2014), bolzano_1989 (06-18-2014), chessgod101 (06-16-2014), cjack (06-16-2014), pertican (06-30-2014), TechLord (06-16-2014), tonyweb (06-18-2014), uel888 (06-17-2014), uranus64 (06-16-2014), zeuscane (06-16-2014)
The Following User Says Thank You to mr.exodia For This Useful Post:
ahmadmansoor (09-19-2022)
  #8  
Old 06-16-2014, 03:45
user1 user1 is offline
Family
 
Join Date: Sep 2012
Location: OUT
Posts: 1,041
Rept. Given: 547
Rept. Rcvd 120 Times in 67 Posts
Thanks Given: 695
Thanks Rcvd at 566 Times in 337 Posts
user1 Reputation: 41
Something like Sentinel HL Cloud Emulator?
Reply With Quote
  #9  
Old 06-17-2014, 13:00
Av0id Av0id is offline
VIP
 
Join Date: Jan 2006
Posts: 399
Rept. Given: 112
Rept. Rcvd 111 Times in 69 Posts
Thanks Given: 0
Thanks Rcvd at 15 Times in 15 Posts
Av0id Reputation: 100-199 Av0id Reputation: 100-199
also you can find examples in polarssl
Reply With Quote
  #10  
Old 06-18-2014, 13:59
secmask
 
Posts: n/a
proxifier is an other option, it allow you to force your application traffic to a socks proxy, then proxifier can dump all of the traffic. If the traffic is not using SSL then it can easy be replayed using handing tool such as nodejs.
Reply With Quote
The Following User Gave Reputation+1 to For This Useful Post:
pertican (06-30-2014)
  #11  
Old 09-14-2022, 21:29
Vosiyons Vosiyons is offline
Friend
 
Join Date: Jan 2022
Posts: 26
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 94
Thanks Rcvd at 50 Times in 12 Posts
Vosiyons Reputation: 0
Quote:
Originally Posted by mr.exodia View Post
here is a solution I used various times before, it's an embedded webserver and you can write the returns in C++ code instead of a big HTML thing.

Based on mongoose, do not use for commercial stuff. Credit where you think it's needed.

Greetings,

Mr. eXoDia
dear @mr.exodia How can we identify which API it uses to connect to the server and get the information and what exactly and how the data is returned I greet you with respect and love...
Reply With Quote
  #12  
Old 09-15-2022, 02:36
Turkuaz Turkuaz is offline
Family
 
Join Date: Sep 2017
Posts: 161
Rept. Given: 3
Rept. Rcvd 7 Times in 4 Posts
Thanks Given: 39
Thanks Rcvd at 136 Times in 49 Posts
Turkuaz Reputation: 7
Quote:
Originally Posted by pertican View Post
hi to all
I have a target that connect to Internet for license check and for every opening the softwarel I need to connect to Internet (I have valid license)

can anyone tell me how I can capture and emulate data to software working without access to Internet.

ps : I don't want patch it I want emulate, something like dangle emulate.

sorry for bad english

regards
https://www.mandiant.com/resources/blog/fakenet-ng-next-gen this is mainly for malware traffic analysis. But you can use it i guess
Reply With Quote
  #13  
Old 09-16-2022, 01:12
pp2 pp2 is offline
Friend
 
Join Date: Jan 2002
Posts: 59
Rept. Given: 1
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 1
Thanks Rcvd at 16 Times in 12 Posts
pp2 Reputation: 2
Just another idea: if your app uses SSL as a dynamic library, you can build your own version of such library which saves all data unencrypted.
Reply With Quote
  #14  
Old 09-21-2022, 04:38
Vosiyons Vosiyons is offline
Friend
 
Join Date: Jan 2022
Posts: 26
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 94
Thanks Rcvd at 50 Times in 12 Posts
Vosiyons Reputation: 0
If you know the incoming response from the opposite server, it's an embedded webserver and you can write the returns in C++ code instead of a big HTML thing.
Attached Files
File Type: zip mongoose-master.zip (1.79 MB, 94 views)
File Type: txt Mongoose Tutorial.txt (302 Bytes, 17 views)
Reply With Quote
The Following User Says Thank You to Vosiyons For This Useful Post:
alekine322 (09-21-2022)
  #15  
Old 09-21-2022, 19:26
Vosiyons Vosiyons is offline
Friend
 
Join Date: Jan 2022
Posts: 26
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 94
Thanks Rcvd at 50 Times in 12 Posts
Vosiyons Reputation: 0
Bypass License Verification!
Attached Files
File Type: txt Bypass License Verification.txt (90 Bytes, 21 views)
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LPT & Intercpet Capture in WINXP learner38 General Discussion 14 10-02-2005 02:59
How to get data sent by Internet Explorer? sirrysh General Discussion 2 07-17-2002 12:47


All times are GMT +8. The time now is 18:10.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )