There are two problems here:
- What if content is encoded:gzip...
- Do I also need to change the header part to make the HTTP packet valid(checksums if any?)
UPDATE
Can someone with actual experience elaborate the steps involved?
I'm using winpcap
and bpf tcp and src port 80
to filter the traffic,so my job lies in this callback function:
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
WinPcap doesn't allow you to change a packet that was already sent.
If the packet was sent, WinPcap won't prevent it from reaching its destination.
If you want to send another response - in addition to the response that was sent - I'm not sure what you're trying to achieve.
- Decompress it with a GZIP decompresser.
- Remove the
Content-Encoding
header and add a Content-Length
header representing the new length in bytes.
That said, for a better answer you'll need to supply more context in the question. This is namely a smell. What is it you're trying to achieve and for which you think that modifying the HTTP response is the right solution?
libpcap
is used for capturing. If you want to do modification and injection of network packets you need another library, such as libnet
.
winpcap is an odd way to try modifying a TCP stream - you don't explain why you are trying to do this, but you should probably be able to achieve this by writing your own HTTP proxy instead. That way, you get presented with a straight datastream you can intercept, log and modify to your heart's content. Once you do that, strip out Accept-Encoding from the request headers, then you'll never need to deal with gzipped responses in the first place.
There are no HTTP checksums, but the lower layers do have checksums; by operating on the application level as a proxy server, you let the network stack deal with all this for you.