3

I want to modify packet header(IP header, TCP Header) before the host send them into the network.

For example, if I'm using firefox for browsing, then I want to intercept all the packets from firefox and modify the IP/TCP header and then send them into the network.

so basically, there are two requirements: 1 intercept all the packets from firefox(but not other programs). if this is not possible, is it possible to intercept the packets from a specific port or ip/port pair

2 modify the IP/TCP header and then inject them into the network

are there ways, APIs to achieve this? how about libpcap? are there similar source code snippets? I'm working with linux c

thanks!

user138126
  • 953
  • 3
  • 14
  • 29
  • It seems you want [deep packet inspection](http://en.wikipedia.org/wiki/Deep_packet_inspection). – Some programmer dude Mar 15 '13 at 09:27
  • are there any code examples that are close to my requirements? thanks! – user138126 Mar 15 '13 at 09:30
  • I am still wondering what both this question and [your other one](http://stackoverflow.com/questions/15422041/how-to-get-the-tcp-header-of-a-received-packet-in-socket-programming) are actually about. What in the TCP header do you need to see and change, that can't be accomplished via the API? – user207421 Mar 16 '13 at 02:37

3 Answers3

4

To modify the packets, it is better as simple as injecting the packet which is modified into your network. C has a library libnet which does every thing related to packet injection. Python has scapy to inject the packets .

Now you can do quite interesting things , with libent and scapy , instead of modifying your packet ip/tcp headers , perform arp spoofing and then inject falsify packets and redirect them to the victim.

Libpcap is used for capturing packets but not for modifying packets . So you can build your own sniffer using libpcap , but to inject/modify packets you need to use libnet .

To make life simpler , there are tools like burp suite etc..where you can modify the http headers only before forwarding it .

V SAI MAHIDHAR
  • 167
  • 1
  • 7
  • 2
    This should be the accepted answer for this question. In fact `libnet` is fit for the purpose and is decently maintained – sjsam Oct 25 '18 at 20:53
  • Hey if you really want to explore the power of python , you could actually use a third party library called netfilterqueue along with scapy , capture the packets in queue , modify it by using scapy and inject back using set payload function in netfilterqueue – V SAI MAHIDHAR Nov 05 '18 at 11:12
1

Razorback is an open source API for deep packet injection. You can find the source at:

http://sourceforge.net/projects/razorbacktm/files/Razorback/

You can also request them for the source code for their proposed system.

http://www.icir.org/vern/papers/pktd-pam03.pdf

Yasir Malik
  • 441
  • 2
  • 9
-3

it should be for you Network packet capturing for Linux.

But it seems to intercept all process in the system.

maybe you can use

#include <sys/ptrace.h>
long ptrace (enum __ptrace_request request,
             pid_t pid,
             void *addr,
             void *data);

and hook send(2) or recv(2) to modify the tcp header.

Scy
  • 488
  • 3
  • 11
  • 1
    capturing is not enough, because the original packets are still sent out to the network. I need to intercep them – user138126 Mar 15 '13 at 15:06