EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-05-2014, 19:03
pertican pertican is offline
Family
 
Join Date: Oct 2011
Posts: 33
Rept. Given: 43
Rept. Rcvd 51 Times in 12 Posts
Thanks Given: 4
Thanks Rcvd at 1 Time in 1 Post
pertican Reputation: 51
capture and emulate internet data

hi to all
I have a target that connect to Internet for license check and for every opening the softwarel I need to connect to Internet (I have valid license)

can anyone tell me how I can capture and emulate data to software working without access to Internet.

ps : I don't want patch it I want emulate, something like dangle emulate.

sorry for bad english

regards
Reply With Quote
  #2  
Old 06-05-2014, 20:50
DMichael's Avatar
DMichael DMichael is offline
Family
 
Join Date: Apr 2012
Location: Israel
Posts: 199
Rept. Given: 139
Rept. Rcvd 281 Times in 72 Posts
Thanks Given: 13
Thanks Rcvd at 7 Times in 3 Posts
DMichael Reputation: 200-299 DMichael Reputation: 200-299 DMichael Reputation: 200-299
Capture with WireShark or CommView should work great
Reply With Quote
The Following User Gave Reputation+1 to DMichael For This Useful Post:
pertican (06-06-2014)
  #3  
Old 06-06-2014, 00:29
Syoma Syoma is offline
reverse engineer
 
Join Date: May 2009
Posts: 338
Rept. Given: 35
Rept. Rcvd 77 Times in 50 Posts
Thanks Given: 15
Thanks Rcvd at 48 Times in 27 Posts
Syoma Reputation: 77
Most probable you could not just capture and emulate the remote server because of traffic encryption.
Reply With Quote
The Following User Gave Reputation+1 to Syoma For This Useful Post:
pertican (06-06-2014)
  #4  
Old 06-06-2014, 01:12
goku goku is offline
 
Join Date: Feb 2009
Posts: 119
Rept. Given: 29
Rept. Rcvd 34 Times in 15 Posts
Thanks Given: 7
Thanks Rcvd at 2 Times in 1 Post
goku Reputation: 34
Small HTTP server
__________________
hi
Reply With Quote
The Following User Gave Reputation+1 to goku For This Useful Post:
pertican (06-06-2014)
  #5  
Old 06-16-2014, 01:44
chessgod101's Avatar
chessgod101 chessgod101 is offline
Co-Administrator
 
Join Date: Jan 2011
Location: United States
Posts: 480
Rept. Given: 2,083
Rept. Rcvd 665 Times in 206 Posts
Thanks Given: 428
Thanks Rcvd at 552 Times in 104 Posts
chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699
I have seen a technique that involves API modification. If you know which API it uses to connect to the server and retrieve the information and know exactly what and how the data is returned, you can first use VirtualProtect to make the API readable and writable, patch it to call your own custom code, feed in the correct return values, and then restore the original code to the API in case it is used for another function in the program.
__________________
"Real knowledge is to know the extent of one's ignorance." Confucius
Reply With Quote
The Following User Gave Reputation+1 to chessgod101 For This Useful Post:
Vivaldi (06-16-2014)
  #6  
Old 06-16-2014, 02:29
uranus64 uranus64 is offline
VIP
 
Join Date: Mar 2011
Location: EE
Posts: 275
Rept. Given: 581
Rept. Rcvd 459 Times in 137 Posts
Thanks Given: 188
Thanks Rcvd at 112 Times in 38 Posts
uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499
Can to see your target ? And maybe some captured traffic ?
Reply With Quote
  #7  
Old 06-16-2014, 02:40
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 855
Rept. Given: 496
Rept. Rcvd 1,154 Times in 308 Posts
Thanks Given: 92
Thanks Rcvd at 528 Times in 202 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
here is a solution I used various times before, it's an embedded webserver and you can write the returns in C++ code instead of a big HTML thing.

Based on mongoose, do not use for commercial stuff. Credit where you think it's needed.

Greetings,

Mr. eXoDia
Attached Files
File Type: rar mongoose_embed.rar (257.3 KB, 75 views)
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
The Following 11 Users Gave Reputation+1 to mr.exodia For This Useful Post:
alekine322 (06-17-2014), bilbo (06-16-2014), bolzano_1989 (06-18-2014), chessgod101 (06-16-2014), cjack (06-16-2014), pertican (06-30-2014), TechLord (06-16-2014), tonyweb (06-18-2014), uel888 (06-17-2014), uranus64 (06-16-2014), zeuscane (06-16-2014)
  #8  
Old 06-16-2014, 03:45
user1's Avatar
user1 user1 is offline
Family
 
Join Date: Sep 2012
Location: Romania
Posts: 721
Rept. Given: 367
Rept. Rcvd 108 Times in 56 Posts
Thanks Given: 372
Thanks Rcvd at 268 Times in 150 Posts
user1 Reputation: 30
Something like Sentinel HL Cloud Emulator?
Reply With Quote
  #9  
Old 06-17-2014, 13:00
Av0id Av0id is offline
VIP
 
Join Date: Jan 2006
Posts: 399
Rept. Given: 112
Rept. Rcvd 111 Times in 69 Posts
Thanks Given: 0
Thanks Rcvd at 3 Times in 3 Posts
Av0id Reputation: 100-199 Av0id Reputation: 100-199
also you can find examples in polarssl
Reply With Quote
  #10  
Old 06-18-2014, 13:59
secmask
 
Posts: n/a
proxifier is an other option, it allow you to force your application traffic to a socks proxy, then proxifier can dump all of the traffic. If the traffic is not using SSL then it can easy be replayed using handing tool such as nodejs.
Reply With Quote
The Following User Gave Reputation+1 to For This Useful Post:
pertican (06-30-2014)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LPT & Intercpet Capture in WINXP minawahib1 General Discussion 14 10-02-2005 02:59
How to get data sent by Internet Explorer? sirrysh General Discussion 2 07-17-2002 12:47


All times are GMT +8. The time now is 18:11.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX