Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to intercept http requests and modify the data (eg replace content using regex) before it renders in the browser? If so, how?

Today I stumbled upon Wireshark which is capable of intercepting all the network traffic on your PC. I was wondering if it is possible to modify data after a request (so the data that is sent back to the PC) and modify it using regex? Like replace words and patterns in the data before it is rendered in the browser? (Example: replace the word mad with happy or replace a whole website with "Stop procrastinating")

If this is possible:

  • How should I implement it? What functions will be essential?
  • Are there any open source libraries that will help me accomplish this?
  • Are there any prior reading I should do before implementing this?

Note that the platform for this will be Windows and I'll try and do this in C++

like image 432
Kush Avatar asked Aug 24 '12 17:08

Kush


People also ask

Can http requests be intercepted?

To intercept HTTP requests, use the webRequest API. This API enables you to add listeners for various stages of making an HTTP request. In the listeners, you can: Get access to request headers and bodies and response headers.

How do you intercept HTTP data?

Manually intercepting HTTP clients To manually intercept traffic from a client that doesn't have automatic setup, you need to do two things: Configure the HTTP proxy settings to point to HTTP Toolkit. Ensure the client trusts your HTTPS certificate (if you're using HTTPS)

How do you intercept response Burp Suite?

What we're going to do is to change the response's body. To do that, click Action, which will open a long list of options. Towards the bottom mouse over Do intercept and then click Response to this request and then click Forward. The request will complete and Burp will pause again when the response is received.

How do you turn on intercepts?

In Chrome. In Burp tool, click on the Intercept tab and make sure the toggle “Intercept is on” is turned on. This toggle allows you to intercept any request or response, modify it before forwarding it. Then go to the Connections-> LAN settings and set the proxy server as you set up in burp tool.


2 Answers

You can use WinDivert (LGPL) for this purpose (disclaimer: WinDivert is my project). WinDivert is a user-mode API that lifts some kernel-mode WFP call-out driver functionality to user space.

The pseudo-code would look something like this:

HANDLE handle = DivertOpen(
    "inbound && "                // Inbound packets
    "tcp.SrcPort == 80 && "      // HTTP
    "tcp.PayloadLength > 0",     // Data
    0, 0, 0);
while (TRUE)
{
    // Capture a packet.
    DivertRecv(handle, buf, size, &addr, &len);

    // Modify the packet.
    ...

    // Re-inject modified packet.
    DivertSend(handle, buf, len, &addr, NULL);
}

Note that WinDivert is packet-level, so the HTTP stream may be split over multiple packets, which may complicate things.

like image 99
Basil Avatar answered Oct 27 '22 18:10

Basil


What you're describing is called a "transparent proxy". (Assuming that you aren't modifying the browser). You'll generally need some help from the OS to get in between the browser and the network, or you need to implement the proxy in a separate router. In linux this can be accomplished with iptables. I imagine windows has a similar feature.

like image 44
Lawrence D'Anna Avatar answered Oct 27 '22 19:10

Lawrence D'Anna