How do I modify a HTTP response packet with winpca

2019-02-20 05:31发布

问题:

There are two problems here:

  1. What if content is encoded:gzip...
  2. Do I also need to change the header part to make the HTTP packet valid(checksums if any?)

UPDATE

Can someone with actual experience elaborate the steps involved?

I'm using winpcap and bpf tcp and src port 80 to filter the traffic,so my job lies in this callback function:

void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)

回答1:

WinPcap doesn't allow you to change a packet that was already sent.

If the packet was sent, WinPcap won't prevent it from reaching its destination.

If you want to send another response - in addition to the response that was sent - I'm not sure what you're trying to achieve.



回答2:

  1. Decompress it with a GZIP decompresser.
  2. Remove the Content-Encoding header and add a Content-Length header representing the new length in bytes.

That said, for a better answer you'll need to supply more context in the question. This is namely a smell. What is it you're trying to achieve and for which you think that modifying the HTTP response is the right solution?



回答3:

libpcap is used for capturing. If you want to do modification and injection of network packets you need another library, such as libnet.



回答4:

winpcap is an odd way to try modifying a TCP stream - you don't explain why you are trying to do this, but you should probably be able to achieve this by writing your own HTTP proxy instead. That way, you get presented with a straight datastream you can intercept, log and modify to your heart's content. Once you do that, strip out Accept-Encoding from the request headers, then you'll never need to deal with gzipped responses in the first place.

There are no HTTP checksums, but the lower layers do have checksums; by operating on the application level as a proxy server, you let the network stack deal with all this for you.