Redirection ? Help/advice needed

Home Forums Discussions Support Portal Redirection ? Help/advice needed

This topic contains 1 reply, has 1 voice, and was last updated by  HannesG 9 years ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #5210

    HannesG
    Participant

    Hi

    I’m trying trying to write a little application that monitors my network adapter and then when it detetcs outgoing http traffic, it must be redireted to another site om my local network.

    I am using Delphi 7 and have installed the pack downloaded from your site.

    All in all, everything seems to be in order except the redirection fails.

    From what I gather from extensive reading on this forum, I haver to “intercept” all outbound http packets on port 80 (internet directed) and then modify the IP header to set the new destIP and then of course recalculate the ipHeader checksum.

    Ok then on inbound traffic from the redirected server I have to change the sourceIP back to the original destIP in the ipHeader and then also recaclulate the ipHeader checksum.

    I can’t seem to get this working as it cannot seem to reach my redirect site.

    Also, from what I see, the source ip on inbound traffic is all funny, eg. instead of 192.168.0.1 it’s 0.1.168.192 ??? Any ideas why?

    Maybe my RecalcIPCheckSum proc is wrong?
    procedure RecalculateIPChecksum(var pIpHeader: TIPHeaderPtr);
    var
    sum: longword;
    i: longword;
    buff: PByteArray; // see note 1
    begin

    Sum := 0;
    i := 0;

    // Initialize checksum to zero
    pIpHeader.CheckSum := 0;
    Buff := PByteArray(pIpHeader);

    // Calculate header checksum
    while i < ((pIpHeader.hl_vl and $F) * 4) do begin Inc(Sum, (buff[ i ] shl 8 ) + Buff[ i +1 ]); Inc( i, 2 ); end; // Keep only the last 16 bits of the 32 bit calculated sum and add the carries
    while (Sum shr 16) <> 0 do
    Sum := (Sum and $FFFF) +(Sum shr 16);

    // Take the one’s complement of sum
    Sum := Sum xor $FFFFFFFF;

    // …and store it in network order
    pIpHeader.CheckSum := htons(Sum);

    end;

    Here’s the part my code that does the work, am I missing something, do i have to redirect anything else??, please give me soem advice, this is driving me nuts!:

    if ntohs(pEtherHeader.h_proto) = ETH_P_IP then
    begin

    pIPHeader := TIPHeaderPtr(Integer(pEtherHeader) +
    SizeOf(TEtherHeader));

    SourceIP.S_addr := (pIPHeader.SourceIp);
    DestIP.S_addr := (pIPHeader.DestIp);

    AddLine (Format(‘ IP %.3u.%.3u.%.3u.%.3u –> %.3u.%.3u.%.3u.%.3u PROTOCOL: %u’,
    [byte(SourceIP.S_un_b.s_b1),
    byte(SourceIP.S_un_b.s_b2),
    byte(SourceIP.S_un_b.s_b3),
    byte(SourceIP.S_un_b.s_b4),
    byte(DestIP.S_un_b.s_b1),
    byte(DestIP.S_un_b.s_b2),
    byte(DestIP.S_un_b.s_b3),
    byte(DestIP.S_un_b.s_b4),
    byte(pIPHeader.Protocol)]
    ));

    if pIPHeader.Protocol = IPPROTO_TCP then
    begin

    pTcpHeader := TTCPHeaderPtr(Integer(pIPHeader) + (pIPHeader.hl_vl and $F) * 4);
    AddLine (Format(‘ TCP SRC PORT: %d DST PORT: %d’,
    [ntohs(pTcpHeader.SourcePort),
    ntohs(pTcpHeader.DestPort)]));

    //Check if it’s a http packet then redirect.
    if Receiving then begin

    if (ntohs(pTcpHeader.DestPort) = 80) then begin

    byte(NewDestIP.S_un_b.s_b1) := 192;
    byte(NewDestIP.S_un_b.s_b2) := 168;
    byte(NewDestIP.S_un_b.s_b3) := 0;
    byte(NewDestIP.S_un_b.s_b4) := 1;

    AddLine(Format(‘*** Redirecting to IP %.3u.%.3u.%.3u.%.3u –> %.3u.%.3u.%.3u.%.3u PROTOCOL: %u’,
    [byte(SourceIP.S_un_b.s_b1),
    byte(SourceIP.S_un_b.s_b2),
    byte(SourceIP.S_un_b.s_b3),
    byte(SourceIP.S_un_b.s_b4),

    byte(NewDestIP.S_un_b.s_b1),
    byte(NewDestIP.S_un_b.s_b2),
    byte(NewDestIP.S_un_b.s_b3),
    byte(NewDestIP.S_un_b.s_b4),
    byte(pIPHeader.Protocol)]));

    pIPHeader.DestIp := htons(NewDestIP.S_addr);
    RecalculateIPChecksum(pIpHeader);

    //Add it to a list for later reference…

    if not(FindIP((SourceIP.S_addr), (NewDestIP.S_addr), tmpAddreses)) then begin
    SetLength(AddressArray, Length(AddressArray)+1);
    AddressArray[Length(AddressArray)-1].SourceIP.S_addr := (SourceIP.S_addr);
    AddressArray[Length(AddressArray)-1].RedirIP.S_addr := (pIPHeader.DestIp);
    AddressArray[Length(AddressArray)-1].DestIP.S_addr := (DestIP.S_addr);
    end;
    end;

    end else begin //Sending htpp packet…

    if FindIP(ntohl(SourceIP.S_addr), ntohl(DestIP.S_addr), tmpAddreses) then begin
    AddLine(‘This packet is from our redir server, substitute source ip with oroginal IP.’);

    pIPHeader.SourceIP := (tmpAddreses.DestIP.S_addr);
    RecalculateIPChecksum(pIpHeader);

    src.S_addr := pIPHeader.SourceIP;
    dst.S_addr := pIPHeader.DestIp;
    AddLine(”);
    AddLine(Format(‘*** New IP Header: IP %.3u.%.3u.%.3u.%.3u –> %.3u.%.3u.%.3u.%.3u ***’,
    [byte(src.S_un_b.s_b1),
    byte(src.S_un_b.s_b2),
    byte(src.S_un_b.s_b3),
    byte(src.S_un_b.s_b4),

    byte(dst.S_un_b.s_b1),
    byte(dst.S_un_b.s_b2),
    byte(dst.S_un_b.s_b3),
    byte(dst.S_un_b.s_b4)]));

    end;
    end;
    end;

    MANY THANKS!!!

    ps: I am also changing the dest MAC address because the redir server is also on my local network.

    Here is my code for this (AdapterMAC is my redir server adapter MAC):
    pEtherHeader.h_dest[1] := (AdapterMAC.Address[1]);
    pEtherHeader.h_dest[2] := (AdapterMAC.Address[2]);
    pEtherHeader.h_dest[3] := (AdapterMAC.Address[3]);
    pEtherHeader.h_dest[4] := (AdapterMAC.Address[4]);
    pEtherHeader.h_dest[5] := (AdapterMAC.Address[5]);
    pEtherHeader.h_dest[6] := (AdapterMAC.Address[6]);

    Also, here is a sample of traffic from my log file:
    (999) – Interface –> MSTCP
    Packet size = 62
    IP 192.168.000.003 –> 064.233.183.104 PROTOCOL: 6
    TCP SRC PORT: 1474 DST PORT: 80
    *********************************************************************************

    Found out going http packet – redirecting to local www server for authentication.

    *** Redirecting to IP 192.168.000.003 –> 192.168.000.001 PROTOCOL: 6
    *********************************************************************************

    (998) – MSTCP –> Interface
    Packet size = 58
    IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
    TCP SRC PORT: 80 DST PORT: 1474
    *********************************************************************************

    Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.

    This packet is from our www server, substitute source ip with oroginal IP.

    *** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
    ****************
    *********************************************************************************

    (997) – MSTCP –> Interface
    Packet size = 58
    IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
    TCP SRC PORT: 80 DST PORT: 1474
    *********************************************************************************

    Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.

    This packet is from our www server, substitute source ip with oroginal IP.

    *** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
    ****************
    *********************************************************************************

    (996) – MSTCP –> Interface
    Packet size = 58
    IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
    TCP SRC PORT: 80 DST PORT: 1474
    *********************************************************************************

    Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.

    This packet is from our www server, substitute source ip with oroginal IP.

    *** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
    ****************
    *********************************************************************************

    (995) – Interface –> MSTCP
    Packet size = 62
    IP 192.168.000.003 –> 064.233.183.104 PROTOCOL: 6
    TCP SRC PORT: 1474 DST PORT: 80
    *********************************************************************************

    Found out going http packet – redirecting to local www server for authentication.

    *** Redirecting to IP 192.168.000.003 –> 192.168.000.001 PROTOCOL: 6
    *********************************************************************************

    (994) – MSTCP –> Interface
    Packet size = 58
    IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
    TCP SRC PORT: 80 DST PORT: 1474
    *********************************************************************************

    Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.

    This packet is from our www server, substitute source ip with oroginal IP.

    *** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
    ****************
    *********************************************************************************

    (993) – MSTCP –> Interface
    Packet size = 58
    IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
    TCP SRC PORT: 80 DST PORT: 1474
    *********************************************************************************

    Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.

    This packet is from our www server, substitute source ip with oroginal IP.

    *** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
    ****************
    *********************************************************************************

    (992) – MSTCP –> Interface
    Packet size = 58
    IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
    TCP SRC PORT: 80 DST PORT: 1474
    *********************************************************************************

    Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.

    This packet is from our www server, substitute source ip with oroginal IP.

    *** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
    ****************
    *********************************************************************************

    (991) – MSTCP –> Interface
    Packet size = 58
    IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
    TCP SRC PORT: 80 DST PORT: 1474
    *********************************************************************************

    Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.

    This packet is from our www server, substitute source ip with oroginal IP.

    *** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
    ****************
    *********************************************************************************

    (990) – Interface –> MSTCP
    Packet size = 62
    IP 192.168.000.003 –> 064.233.183.104 PROTOCOL: 6
    TCP SRC PORT: 1474 DST PORT: 80
    *********************************************************************************

    Found out going http packet – redirecting to local www server for authentication.

    *** Redirecting to IP 192.168.000.003 –> 192.168.000.001 PROTOCOL: 6
    *********************************************************************************

    (989) – MSTCP –> Interface
    Packet size = 58
    IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
    TCP SRC PORT: 80 DST PORT: 1474
    *********************************************************************************

    Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.

    This packet is from our www server, substitute source ip with oroginal IP.

    *** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
    ****************
    *********************************************************************************

    (988) – MSTCP –> Interface
    Packet size = 58
    IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
    TCP SRC PORT: 80 DST PORT: 1474
    *********************************************************************************

    Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.

    This packet is from our www server, substitute source ip with oroginal IP.

    *** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
    ****************
    *********************************************************************************

    (987) – MSTCP –> Interface
    Packet size = 58
    IP 001.000.168.192 –> 192.168.000.003 PROTOCOL: 6
    TCP SRC PORT: 80 DST PORT: 1474
    *********************************************************************************

    Found inbound http packet – have to check and see if it is from the redirect server and change IP back again.

    This packet is from our www server, substitute source ip with oroginal IP.

    *** New IP Header: IP 064.233.183.104 –> 192.168.000.003 ***
    ****************
    *********************************************************************************

    #6642

    HannesG
    Participant

    Hi

    The solution to my problem was found.

    I found that I was changing the wrong inbound packets….(Also, the C++ DLL I wrote to help with the calculation of the checksums…)

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.