Geek Answers Handbook

Is it possible to intercept HTTP requests and change data (for example, replace content with a regular expression) before it appears in the browser? If so, how?

Today I came across Wireshark, able to intercept all network traffic on your PC. I was wondering if it is possible to change the data after the request (so that the data that is sent back to the PC) and change it using a regular expression? How to replace words and patterns in the data before they are displayed in the browser? (Example: replace the word “crazy” with happy or replace the entire site with “Stop intercrastinating”)

If possible:

  • How do I implement it? What features will be important?
  • Are there any open source libraries that will help me accomplish this?
  • Should there be any preliminary reads before doing this?

Please note that the platform for this will be Windows, and I will try to do it in C ++

+4
source share
3 answers

What you are describing is called a "transparent proxy." (Assuming you are not changing the browser). Usually you need help from the operating system to bypass the browser and the network, or you need to implement the proxy server in a separate router. On linux, this can be done using iptables. I think windows have a similar function.

+2
source

You can use WinDivert (LGPL) for this purpose (disclaimer: WinDivert is my project). WinDivert is a user-mode API that raises the functionality of the WFP kernel call driver in user mode.

The pseudocode will look something like this:

HANDLE handle = DivertOpen( "inbound && " // Inbound packets "tcp.SrcPort == 80 && " // HTTP "tcp.PayloadLength > 0", // Data 0, 0, 0); while (TRUE) { // Capture a packet. DivertRecv(handle, buf, size, &addr, &len); // Modify the packet. ... // Re-inject modified packet. DivertSend(handle, buf, len, &addr, NULL); }

Note that WinDivert is a packet level, so the HTTP stream can be split into several packets, which can complicate the situation.

+3
source

For Windows 7 / vista, you can use the Windows Filtering Platform (WFP), which allows you to insert hooks at different levels, access these packets, modify them and re-enter tcp / ip on the stack. For Mac OS, you can use divert socket with ipfw. Thus, you configured the rule on ipfw, forwarded certain packets for "socket forwarding", performed the modification, and then re-added.

Btw, wirehark really does not intercept traffic, it only drops traffic ~

+1
source

More articles:


All Articles