Can Wireshark be used to modify package contents

Question

Can Wireshark be used to modify package contents

Wireshark does not seem to be able to modify the contents of filtered packets in real time.

Does anyone know of simlichny software that can modify the filtered content of the package.

Searching for something like this will truly be a lifesaver

Thanks.

+7

networking wireshark sniffer

Mihul Jan 08 '11 at 11:15

source share

5 answers

user562374 · Answer 1 · 2011-01-08T13:13:45+0000

At least in Unices and, for example, where raw sockets are used, this is impossible, since the package is copied to user space, and you only work with this copy. In addition, sending a packet back through the raw socket can be considered an “outgoing” packet, so that it does not actually redirect to the input path where it should be. The source sockets were - according to the Linux file page - for implementing the new protocols, IOW, raw sockets - this is the "endpoint", not the "end-to-end station".

To modify packets in the input path (as for the passage), each OS has its own set of interfaces. On Linux (you were not specific to what you were targeting), this will be the nfqueue mechanism, which can be used via libnetfilter_queue. And of course, this is how wirehark, if it wants to (I don’t see him doing the package change the last time I checked), would continue to do so.

Wilgert · Answer 2 · 2011-01-08T13:36:25+0000

Please give Burp Suite a try. It includes a relay that allows you to modify HTTP requests.

sashang · Answer 3 · 2011-01-08T14:58:19+0000

No wirehark will allow you to modify the contents of packages and put them back in line. However, there are ways to change packages when they go through the machine. Typically, a host is configured by two bridges connected to each other. One nic is connected to one network and the other to another network. Then, when packets pass through this point, the host can see them. Now you can use iptables / netfilter and write a module that modifies the data in the package. For example, you can write something that can redirect the original IP addresses. It has been a while since I used netfilter / iptables, so I can’t provide more details, but I used it in the previous task to do some neat things with packages while they were in the stream. This means that you need a host machine that sits at network junctions.

user568032 · Answer 4 · 2011-01-08T13:17:13+0000

The documentation assumes that node.get ("nextSibling") and node.get ("previousSibling") are what you need.

itay · Answer 5 · 2014-03-10T10:52:22+0000

Yes it is possible.

You need to pass this parameter to the script configuration before you create it: --enable-package-editor

Can Wireshark be used to modify package contents

More articles: