-2

I want to dump network traffic from any application in Windows. But I don't want to use any proxy or listen to socket. I just want to read it from memory.

I could do it with Strace in linux. Can you suggest a solution for Windows? As a result of my research, I found Echo Mirage. But I could not find which dll(winapi) uses this process.

Thanks...

Kanber
  • 1
  • 1

2 Answers2

0

Have you thought about using a system tool such as Network Monitor and filtering the resulting traffic down to your specific port ? The following implies that it's possible https://blogs.technet.microsoft.com/netmon/2006/10/17/intro-to-filtering-with-network-monitor-3-0/

newbie
  • 558
  • 7
  • 12
  • Yes, I did, but it doesn't meet my needs. I need to read send/recv packets through system calls. – Kanber Oct 18 '19 at 05:00
0

To get the winsock traffic you would want to hook the send & recv functions which are exported by ws2_32.dll and log the arguments.

If the traffic is HTTP you should use Fiddler.

For logging non HTTP traffic for a specific process on Windows the best tool (despite being deprecated) is Message Analyzer

GuidedHacking
  • 3,628
  • 1
  • 9
  • 59