I have some question about web redirection.

Home Forums Discussions Support Portal I have some question about web redirection.

This topic contains 6 replies, has 4 voices, and was last updated by  Vadim Smirnov 12 years, 4 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #5017

    machun
    Participant

    Hello.

    i have some question.

    i want to make block harmful site.

    if we detect some harmful site(http packet) in winpkfilter we redirect alert site.

    i know about some information.

    but i can’t make this with winpkfilter.

    anyone have some idea or source code ?

    #6035

    Kon
    Participant

    Hi. It is impossible to do or very hard to do to redirect to alert site.

    The problem is that when you detect that site is harmful connection is being established between client and harmful site. Bat where is no connection between client and aler site. If you redirect such packet to alert site it simply drop it.

    The one easy way to do it is to answer on GET query packet by yourself. Just create packet with answer as any site do.

    But it needs some some special knowledges about tcp and http.

    Regards,
    Andrew

    #6036

    Vadim Smirnov
    Moderator

    if we detect some harmful site(http packet) in winpkfilter we redirect alert site.

    Since connection to the harmful site already established it can’t be easily redirected (normally redirection should occure during connection establishment). However, you can terminate connection to the harmful site and drop all packet to/from it, alert user about harmful site, redirect all newly established HTTP user sessions from the registered harmful site to the alert site and etc…

    #6037

    kkkerem
    Participant

    Hi
    is it possible to redirect all http packets to a diffrent host ? if yes, canyou give some delphi code for this ? (i’ve tried to change destination ip of ipheader, then recalculate checksum but it didn’t work)

    #6038

    Vadim Smirnov
    Moderator

    i’ve tried to change destination ip of ipheader, then recalculate checksum but it didn’t work

    You should modify destination IP address in the potgoing packet to redirect address and recalculate packet checksums (both IP and TCP). You should do the reverse operation in the incoming packet associated with the connection you modify.

    #6039

    kkkerem
    Participant

    I’ve recalculated the Ip checksum.
    I’ve tried all the ways told in the forum but I can’t recalculate tcp checksum in delphi. Please help me about this.

    #6040

    Vadim Smirnov
    Moderator

    This is TCP checksum in C, I suppose you should be able to translate to Delphi


    //
    // Function recalculates TCP checksum
    //
    VOID
    RecalculateTCPChecksum (
    PINTERMEDIATE_BUFFER pPacket
    )
    {
    tcphdr_ptr pTcpHeader = NULL;
    unsigned short word16, padd = 0;
    unsigned int i, sum = 0;
    PUCHAR buff;
    DWORD dwTcpLen;

    iphdr_ptr pIpHeader = (iphdr_ptr)&pPacket->m_IBuffer[sizeof(ether_header)];

    // Sanity check
    if (pIpHeader->ip_p == IPPROTO_TCP)
    {
    pTcpHeader = (tcphdr_ptr)(((PUCHAR)pIpHeader) + sizeof(DWORD)*pIpHeader->ip_hl);
    }
    else
    return;

    dwTcpLen = ntohs(pIpHeader->ip_len) - pIpHeader->ip_hl*4;//pPacket->m_Length - ((PUCHAR)(pTcpHeader) - pPacket->m_IBuffer);

    if ( (dwTcpLen/2)*2 != dwTcpLen )
    {
    padd=1;
    pPacket->m_IBuffer[dwTcpLen + pIpHeader->ip_hl*4 + sizeof(ether_header)] = 0;
    }

    buff = (PUCHAR)pTcpHeader;
    pTcpHeader->th_sum = 0;

    // make 16 bit words out of every two adjacent 8 bit words and
    // calculate the sum of all 16 vit words
    for (i=0; i< dwTcpLen+padd; i=i+2){
    word16 =((buff< <8)&0xFF00)+(buff[i+1]&0xFF);
    sum = sum + (unsigned long)word16;
    }

    // add the TCP pseudo header which contains:
    // the IP source and destination addresses,

    sum = sum + ntohs(pIpHeader->ip_src.S_un.S_un_w.s_w1) + ntohs(pIpHeader->ip_src.S_un.S_un_w.s_w2);
    sum = sum + ntohs(pIpHeader->ip_dst.S_un.S_un_w.s_w1) + ntohs(pIpHeader->ip_dst.S_un.S_un_w.s_w2);

    // the protocol number and the length of the TCP packet
    sum = sum + IPPROTO_TCP + (unsigned short)dwTcpLen;

    // keep only the last 16 bits of the 32 bit calculated sum and add the carries
    while (sum>>16)
    sum = (sum & 0xFFFF)+(sum >> 16);

    // Take the one's complement of sum
    sum = ~sum;

    pTcpHeader->th_sum = htons((unsigned short)sum);
    }
Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.