Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 19:25

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 26 posts ] 
Author Message
 Post subject: Proxy
PostPosted: 04 Jun 2008 19:10 

Joined: 19 Apr 2008 00:59
Posts: 42
I was how you would capture packets going outbound/inbound, read them, modify them, and finish sending.

Anything I find on google is just about monitoring outbound/inbound packets.


Top
 Profile  
 
 
 Post subject:
PostPosted: 04 Jun 2008 20:59 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
I have some example code that you can find probably enough useful, but at the moment the only one I remember is the code of lfscbof and soldatdos:

http://mirror.aluigi.org/poc/lfscbof.zip
http://mirror.aluigi.org/poc/soldatdos.zip

in the code you can find a function called miniproxy which does all the job but implements both TCP and UDP data so you must remove the TCP part before (the sockets used by UDP are sdu and sdul and the first SENDTO is used to connect the udp socket to the server).

Anyway usually when I want to modify UDP packets quickly I write a mini plugin for sudppipe like I did for the proof-of-concept of call of duty:

http://aluigi.org/mytoolz.htm#sudppipe
http://mirror.aluigi.org/poc/cod4statz_sudp.zip

Hope this helps


Top
 Profile  
 
 Post subject:
PostPosted: 04 Jun 2008 21:48 

Joined: 19 Apr 2008 00:59
Posts: 42
So what you do is bind the destination IP and port? So when it gets sent it actually gets send to the proxy. Then the proxy handles it and sends it to the destination?


Top
 Profile  
 
 Post subject:
PostPosted: 04 Jun 2008 22:09 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
in short there I have used two sockets, one which binds the local port and so handles all the incoming packets from the "client", and the other which instead handles the packets from the "server" to which you connect.

In reality is also possible to use only one socket and then handle the packets through their source IP address, probably this solution is more elegant (avoids to send the first empty packet to the server) but requires a better handling of the source informations in the packets.


Top
 Profile  
 
 Post subject:
PostPosted: 04 Jun 2008 22:36 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
in attachment there is the smallest UDP proxy I can write which uses only one socket.
you must only place your "modification code" before the sendto calls


Attachments:
udpproxy.zip [5.94 KiB]
Downloaded 138 times


Last edited by aluigi on 07 Jun 2008 21:09, edited 1 time in total.
Top
 Profile  
 
 Post subject:
PostPosted: 04 Jun 2008 23:02 

Joined: 19 Apr 2008 00:59
Posts: 42
Ok thanks.

I kinda don't get it?

Does using Bind make all data on that port direct to that socket instead of were it would normally go?


Top
 Profile  
 
 Post subject:
PostPosted: 05 Jun 2008 00:31 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
the bind() instruction gets a socket and assigns a local port to it, so if you bind the port 1234 other clients can connect to that port of your system and communicating with that socket.

So in that udpproxy tool I create the socket, bind it to the local port and then I tell the program to receive data from it.

Note that I use that peeru structure for receiving the data so I can keep the latest client's IP-port saved in peerl:

- peer is the structure of the server
- peerl is the structure of the client
- peeru is the temporary structure when you receive packets

the first packet you will receive is the one of the client so in the program I compare the IP/port of the peeru with peer (the server) and if it's the same means that I have received the packet from the server and so I need to send it to the client I have in memory (peerl) and then viceversa if peeru differs from peer.

In case you need to test the proxy quickly open 3 consoles:

proxy: udpproxy 127.0.0.1 1234 12345
server: nc -l -p 1234 -v -v -n -u
client: nc 127.0.0.1 12345 -v -v -n -u


Top
 Profile  
 
 Post subject:
PostPosted: 05 Jun 2008 01:20 

Joined: 19 Apr 2008 00:59
Posts: 42
Well what is confusing me is what stops the packet from just going past the proxy? Like with a packet monitor it goes.

Code:
Client-------->Server
           |
           V
     Monitoring program


so the monitoring program has no effect on the packet.

How does the packet go with the proxy?

Like this?
Code:
Client-------->Proxy program-------->Server

If thats how it goes why does the packet go to the Proxy program instead of just straight to the server. Does Bind cause that?


Top
 Profile  
 
 Post subject:
PostPosted: 05 Jun 2008 11:08 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
yes:

client -> proxy -> server

and viceversa for the reply


Top
 Profile  
 
 Post subject:
PostPosted: 05 Jun 2008 22:37 

Joined: 19 Apr 2008 00:59
Posts: 42
Is that because of Binding the socket?


Top
 Profile  
 
 Post subject:
PostPosted: 05 Jun 2008 22:46 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
ehmm... it's the job of proxies getting packets from one side and putting them to the other :)


Top
 Profile  
 
 Post subject:
PostPosted: 06 Jun 2008 20:21 

Joined: 19 Apr 2008 00:59
Posts: 42
aluigi wrote:
ehmm... it's the job of proxies getting packets from one side and putting them to the other :)


Well like does Bind cause all outbound/inbound packets on that port to go to the proxy?

Also how would you do this with tcp?


Top
 Profile  
 
 Post subject:
PostPosted: 06 Jun 2008 22:19 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
Quote:
Well like does Bind cause all outbound/inbound packets on that port to go to the proxy?

bind() is the function needed to assign the local port to the proxy, it's a required function otherwise you can't connect to the proxy

Quote:
Also how would you do this with tcp?

with tcp this is a bit longer since you can't use one single socket as in the udpproxy example.
I don't have simple examples at the moment.


Top
 Profile  
 
 Post subject:
PostPosted: 06 Jun 2008 22:34 

Joined: 19 Apr 2008 00:59
Posts: 42
I am guessing you would, wait for a connection, add its socket to a list, loop through the list receiving and sending?


Top
 Profile  
 
 Post subject:
PostPosted: 06 Jun 2008 23:03 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
in short you need at least 3 sockets to use:
- a socket for bind+listen
- another one for accept
- another one for connect

and you must use select for knowing when one of the last two receive data.

this is what to do for supporting one client, if you want to support multiple clients it's enough to use a thread for each socket created by accept() and then handling the select() in the new thread.
It's also possible to make all threadless but all it's up to you.


Top
 Profile  
 
 Post subject:
PostPosted: 06 Jun 2008 23:19 

Joined: 19 Apr 2008 00:59
Posts: 42
ok, thanks for all the help.

Hmm I can't get TCP working.

I Bind a socket to address any, listen and try to accept but it never picks up the connection when I try to connect to something through the binded port.

Although lfscbof did the same thing.


Top
 Profile  
 
 Post subject:
PostPosted: 07 Jun 2008 21:10 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
I have updated the micro udp proxy attached to this thread since a friend of mine (Katz) saw that after some minutes the "if(len < 0) break;" terminated the program


Top
 Profile  
 
 Post subject:
PostPosted: 08 Jun 2008 00:59 

Joined: 19 Apr 2008 00:59
Posts: 42
aluigi wrote:
I have updated the micro udp proxy attached to this thread since a friend of mine (Katz) saw that after some minutes the "if(len < 0) break;" terminated the program


Well I tried making my own.

Its all proxy programs dont seem to work on my computer.


Top
 Profile  
 
 Post subject:
PostPosted: 14 Jun 2008 02:26 

Joined: 19 Apr 2008 00:59
Posts: 42
So does this only proxy remote connections?

I can't get it to receive local packets.


Top
 Profile  
 
 Post subject:
PostPosted: 14 Jun 2008 10:24 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
a proxy can work with any IP, 127.0.0.1 too


Top
 Profile  
 
 Post subject:
PostPosted: 14 Jun 2008 18:01 

Joined: 19 Apr 2008 00:59
Posts: 42
the examples you gave don't work for me 0,o. They never receive any data.


Top
 Profile  
 
 Post subject:
PostPosted: 15 Jun 2008 11:19 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
Quote:
I can't get it to receive local packets.


maybe im missing something here, but how exactly you wanna recieve local packets ???
it has nothing to do with proxy, but when i wanna capture my local packets using commview, i have to open special adapter (127.0.0.1 - local ip). it doesn't exist in connections, but commview 6.x versions shows it as capture adapter. ..see what im saying ?!


Top
 Profile  
 
 Post subject:
PostPosted: 16 Jun 2008 03:36 

Joined: 19 Apr 2008 00:59
Posts: 42
I have tried ipany and localhost


Top
 Profile  
 
 Post subject:
PostPosted: 16 Jun 2008 13:12 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
yet again, maybe im wrong about this one, but commview installs special driver to be able to capture localhost specifically. older commview versions was not even able to capture localhost. also most packet programs cant capture localhost either.

its whole different thing, but in general that maybe the problem.
proxy is something else, but if it comes down to recieve local packets then problem is similiar.


Top
 Profile  
 
 Post subject:
PostPosted: 16 Jun 2008 14:37 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
a proxy and commview work on 2 completely different layers: socket the first and low level/raw the second one.


Top
 Profile  
 
 Post subject:
PostPosted: 17 Jun 2008 10:02 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
ofcourse proxy and packet capture program are different, but recieving local packets is still the same if im correct.

i was trying this paros proxy and it didnt work in 127.0.0.1 either at first. paros is not meant to hide ur ip .. its simply a datapipe or how its called. it shows the data recieved and sent by program.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 26 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: