Today I stumbled upon Wireshark which is capable of intercepting all the network traffic on your PC. I was wondering if it is possible to modify data after a request (so the data that is sent back to the PC) and modify it using regex? Like replace words and patterns in the data before it is rendered in the browser? (Example: replace the word mad with happy or replace a whole website with "Stop procrastinating")
If this is possible:
Note that the platform for this will be Windows and I'll try and do this in C++
To intercept HTTP requests, use the webRequest API. This API enables you to add listeners for various stages of making an HTTP request. In the listeners, you can: Get access to request headers and bodies and response headers.
Manually intercepting HTTP clients To manually intercept traffic from a client that doesn't have automatic setup, you need to do two things: Configure the HTTP proxy settings to point to HTTP Toolkit. Ensure the client trusts your HTTPS certificate (if you're using HTTPS)
What we're going to do is to change the response's body. To do that, click Action, which will open a long list of options. Towards the bottom mouse over Do intercept and then click Response to this request and then click Forward. The request will complete and Burp will pause again when the response is received.
In Chrome. In Burp tool, click on the Intercept tab and make sure the toggle “Intercept is on” is turned on. This toggle allows you to intercept any request or response, modify it before forwarding it. Then go to the Connections-> LAN settings and set the proxy server as you set up in burp tool.
You can use WinDivert (LGPL) for this purpose (disclaimer: WinDivert is my project). WinDivert is a user-mode API that lifts some kernel-mode WFP call-out driver functionality to user space.
The pseudo-code would look something like this:
HANDLE handle = DivertOpen(
"inbound && " // Inbound packets
"tcp.SrcPort == 80 && " // HTTP
"tcp.PayloadLength > 0", // Data
0, 0, 0);
while (TRUE)
{
// Capture a packet.
DivertRecv(handle, buf, size, &addr, &len);
// Modify the packet.
...
// Re-inject modified packet.
DivertSend(handle, buf, len, &addr, NULL);
}
Note that WinDivert is packet-level, so the HTTP stream may be split over multiple packets, which may complicate things.
What you're describing is called a "transparent proxy". (Assuming that you aren't modifying the browser). You'll generally need some help from the OS to get in between the browser and the network, or you need to implement the proxy in a separate router. In linux this can be accomplished with iptables. I imagine windows has a similar feature.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With