- This topic has 1 reply, 1 voice, and was last updated 15 years, 10 months ago by
.
-
Posts
-
Hi
I’m trying trying to write a little application that monitors my network adapter and then when it detetcs outgoing http traffic, it must be redireted to another site om my local network.
I am using Delphi 7 and have installed the pack downloaded from your site.
All in all, everything seems to be in order except the redirection fails.
From what I gather from extensive reading on this forum, I haver to “intercept” all outbound http packets on port 80 (internet directed) and then modify the IP header to set the new destIP and then of course recalculate the ipHeader checksum.
Ok then on inbound traffic from the redirected server I have to change the sourceIP back to the original destIP in the ipHeader and then also recaclulate the ipHeader checksum.
I can’t seem to get this working as it cannot seem to reach my redirect site.
Also, from what I see, the source ip on inbound traffic is all funny, eg. instead of 192.168.0.1 it’s 0.1.168.192 ??? Any ideas why?
Maybe my RecalcIPCheckSum proc is wrong?
procedure RecalculateIPChecksum(var pIpHeader: TIPHeaderPtr);
var
sum: longword;
i: longword;
buff: PByteArray; // see note 1
beginSum := 0;
i := 0;// Initialize checksum to zero
pIpHeader.CheckSum := 0;
Buff := PByteArray(pIpHeader);// Calculate header checksum
while i < ((pIpHeader.hl_vl and $F) * 4) do begin Inc(Sum, (buff[ i ] shl 8 ) + Buff[ i +1 ]); Inc( i, 2 ); end; // Keep only the last 16 bits of the 32 bit calculated sum and add the carries
while (Sum shr 16) <> 0 do
Sum := (Sum and $FFFF) +(Sum shr 16);// Take the one’s complement of sum
Sum := Sum xor $FFFFFFFF;// …and store it in network order
pIpHeader.CheckSum := htons(Sum);end;
Here’s the part my code that does the work, am I missing something, do i have to redirect anything else??, please give me soem advice, this is driving me nuts!:
if ntohs(pEtherHeader.h_proto) = ETH_P_IP then
beginpIPHeader := TIPHeaderPtr(Integer(pEtherHeader) +
SizeOf(TEtherHeader));SourceIP.S_addr := (pIPHeader.SourceIp);
DestIP.S_addr := (pIPHeader.DestIp);AddLine (Format(‘ IP %.3u.%.3u.%.3u.%.3u –> %.3u.%.3u.%.3u.%.3u PROTOCOL: %u’,
[byte(SourceIP.S_un_b.s_b1),
byte(SourceIP.S_un_b.s_b2),
byte(SourceIP.S_un_b.s_b3),
byte(SourceIP.S_un_b.s_b4),
byte(DestIP.S_un_b.s_b1),
byte(DestIP.S_un_b.s_b2),
byte(DestIP.S_un_b.s_b3),
byte(DestIP.S_un_b.s_b4),
byte(pIPHeader.Protocol)]
));if pIPHeader.Protocol = IPPROTO_TCP then
beginpTcpHeader := TTCPHeaderPtr(Integer(pIPHeader) + (pIPHeader.hl_vl and $F) * 4);
AddLine (Format(‘ TCP SRC PORT: %d DST PORT: %d’,
[ntohs(pTcpHeader.SourcePort),
ntohs(pTcpHeader.DestPort)]));//Check if it’s a http packet then redirect.
if Receiving then beginif (ntohs(pTcpHeader.DestPort) = 80) then begin
byte(NewDestIP.S_un_b.s_b1) := 192;
byte(NewDestIP.S_un_b.s_b2) := 168;
byte(NewDestIP.S_un_b.s_b3) := 0;
byte(NewDestIP.S_un_b.s_b4) := 1;AddLine(Format(‘*** Redirecting to IP %.3u.%.3u.%.3u.%.3u –> %.3u.%.3u.%.3u.%.3u PROTOCOL: %u’,
[byte(SourceIP.S_un_b.s_b1),
byte(SourceIP.S_un_b.s_b2),
byte(SourceIP.S_un_b.s_b3),
byte(SourceIP.S_un_b.s_b4),byte(NewDestIP.S_un_b.s_b1),
byte(NewDestIP.S_un_b.s_b2),
byte(NewDestIP.S_un_b.s_b3),
byte(NewDestIP.S_un_b.s_b4),
byte(pIPHeader.Protocol)]));pIPHeader.DestIp := htons(NewDestIP.S_addr);
RecalculateIPChecksum(pIpHeader);//Add it to a list for later reference…
if not(FindIP((SourceIP.S_addr), (NewDestIP.S_addr), tmpAddreses)) then begin
SetLength(AddressArray, Length(AddressArray)+1);
AddressArray[Length(AddressArray)-1].SourceIP.S_addr := (SourceIP.S_addr);
AddressArray[Length(AddressArray)-1].RedirIP.S_addr := (pIPHeader.DestIp);
AddressArray[Length(AddressArray)-1].DestIP.S_addr := (DestIP.S_addr);
end;
end;end else begin //Sending htpp packet…
if FindIP(ntohl(SourceIP.S_addr), ntohl(DestIP.S_addr), tmpAddreses) then begin
AddLine(‘This packet is from our redir server, substitute source ip with oroginal IP.’);pIPHeader.SourceIP := (tmpAddreses.DestIP.S_addr);
RecalculateIPChecksum(pIpHeader);src.S_addr := pIPHeader.SourceIP;
dst.S_addr := pIPHeader.DestIp;
AddLine(”);
AddLine(Format(‘*** New IP Header: IP %.3u.%.3u.%.3u.%.3u –> %.3u.%.3u.%.3u.%.3u ***’,
[byte(src.S_un_b.s_b1),
byte(src.S_un_b.s_b2),
byte(src.S_un_b.s_b3),
byte(src.S_un_b.s_b4),byte(dst.S_un_b.s_b1),
byte(dst.S_un_b.s_b2),
byte(dst.S_un_b.s_b3),
byte(dst.S_un_b.s_b4)]));end;
end;
end;MANY THANKS!!!
ps: I am also changing the dest MAC address because the redir server is also on my local network.
Here is my code for this (AdapterMAC is my redir server adapter MAC):
pEtherHeader.h_dest[1] := (AdapterMAC.Address[1]);
pEtherHeader.h_dest[2] := (AdapterMAC.Address[2]);
pEtherHeader.h_dest[3] := (AdapterMAC.Address[3]);
pEtherHeader.h_dest[4] := (AdapterMAC.Address[4]);
pEtherHeader.h_dest[5] := (AdapterMAC.Address[5]);
pEtherHeader.h_dest[6] := (AdapterMAC.Address[6]);Also, here is a sample of traffic from my log file:
(999) – Interface –> MSTCP
Packet size = 62
IP 192.168.000.003 –> 064.233.183.104 PROTOCOL: 6
TCP SRC PORT: 1474 DST PORT: 80
*********************************************************************************Found out going http packet – redirecting to local www server for authentication.
*** Redirecting to IP 192.168.000.003 –> 192.168.000.001 PROTOCOL: 6
*********************************************************************************(998) – MSTCP –> Interface
Packet size = 58
IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
TCP SRC PORT: 80 DST PORT: 1474
*********************************************************************************Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.
This packet is from our www server, substitute source ip with oroginal IP.
*** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
****************
*********************************************************************************(997) – MSTCP –> Interface
Packet size = 58
IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
TCP SRC PORT: 80 DST PORT: 1474
*********************************************************************************Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.
This packet is from our www server, substitute source ip with oroginal IP.
*** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
****************
*********************************************************************************(996) – MSTCP –> Interface
Packet size = 58
IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
TCP SRC PORT: 80 DST PORT: 1474
*********************************************************************************Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.
This packet is from our www server, substitute source ip with oroginal IP.
*** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
****************
*********************************************************************************(995) – Interface –> MSTCP
Packet size = 62
IP 192.168.000.003 –> 064.233.183.104 PROTOCOL: 6
TCP SRC PORT: 1474 DST PORT: 80
*********************************************************************************Found out going http packet – redirecting to local www server for authentication.
*** Redirecting to IP 192.168.000.003 –> 192.168.000.001 PROTOCOL: 6
*********************************************************************************(994) – MSTCP –> Interface
Packet size = 58
IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
TCP SRC PORT: 80 DST PORT: 1474
*********************************************************************************Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.
This packet is from our www server, substitute source ip with oroginal IP.
*** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
****************
*********************************************************************************(993) – MSTCP –> Interface
Packet size = 58
IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
TCP SRC PORT: 80 DST PORT: 1474
*********************************************************************************Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.
This packet is from our www server, substitute source ip with oroginal IP.
*** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
****************
*********************************************************************************(992) – MSTCP –> Interface
Packet size = 58
IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
TCP SRC PORT: 80 DST PORT: 1474
*********************************************************************************Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.
This packet is from our www server, substitute source ip with oroginal IP.
*** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
****************
*********************************************************************************(991) – MSTCP –> Interface
Packet size = 58
IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
TCP SRC PORT: 80 DST PORT: 1474
*********************************************************************************Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.
This packet is from our www server, substitute source ip with oroginal IP.
*** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
****************
*********************************************************************************(990) – Interface –> MSTCP
Packet size = 62
IP 192.168.000.003 –> 064.233.183.104 PROTOCOL: 6
TCP SRC PORT: 1474 DST PORT: 80
*********************************************************************************Found out going http packet – redirecting to local www server for authentication.
*** Redirecting to IP 192.168.000.003 –> 192.168.000.001 PROTOCOL: 6
*********************************************************************************(989) – MSTCP –> Interface
Packet size = 58
IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
TCP SRC PORT: 80 DST PORT: 1474
*********************************************************************************Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.
This packet is from our www server, substitute source ip with oroginal IP.
*** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
****************
*********************************************************************************(988) – MSTCP –> Interface
Packet size = 58
IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
TCP SRC PORT: 80 DST PORT: 1474
*********************************************************************************Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.
This packet is from our www server, substitute source ip with oroginal IP.
*** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
****************
*********************************************************************************(987) – MSTCP –> Interface
Packet size = 58
IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
TCP SRC PORT: 80 DST PORT: 1474
*********************************************************************************Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.
This packet is from our www server, substitute source ip with oroginal IP.
*** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
****************
*********************************************************************************
- You must be logged in to reply to this topic.