been searching for hours, but can't solve it. I am trying to replicate a packet sent by a windows application to speed up a task however I cannot understand the payload structure for the server to accept it.
I attached an image below. Is there any way to see what structure I'm sending the data- so I can replicate with new info and encrypt to md5
New to this and Wireshark. I appreciate any guidance I could get.
Or to be told it's not possible.
Take care, thanks in advance.
Related
I am trying to write a minifilter that more or less captures everything that happens in the kernel and was wondering if I could also capture "URLs"/network information; I stumbled upon windivert which seems to be using a .sys driver and also another thread which says we cannot get URLs in driver mode which leaves me a bit confused. If it is true then how does windivert do it?
I understand there is something called network redirect under minifilters on learn.microsoft.com which uses a dll and .sys file (same as windivert), but I could not find any resources that can help make me one.
Is there a better way to capture all visited URLs in real time?
Thanks in advance for any help or directions.
You're looking for Windows Filtering Platform and Filtering Platform Callout Drivers, which WinDivert is utilizing. This gives you the data that goes out over the wire, so for plain old HTTP over port 80 you can parse the requests to obtain the URL. This won't work for HTTPS since you're getting encrypted data over the wire; you'd have to implement some kind of MITM interception technique to handle that.
OS : Ubuntu 14.04
ion : 3.2.2
In my current setup, I am using gstreamer utility to stream live video.
The system has Ip address of 192.168.58.10( say for example). I am streaming it to another machine say 192.168.58.12 port 5000.
From 2nd machine I want to use Ion-dtn to stream it to different endpoints. I am completely clueless how to proceed.
I have done bit of research and found that bssStreamingApp utility and bsspadmin can do it but I failed to find any examples. Can some one please advice me. Earlier I have integrated bpsource in my application to send messages or text stream and it was quite successful.
Thanks in advance for help or any criticism
I want to create a program to interface with a site.
I want the program to collect all the data that the site would be transmitting to me if i had the site window open, and then i want my program to perform data analysis.
I'm obviously not looking for a complete explanation, but am wondering where to start.
Ultimately, my question is:
Do i use socket programming? Is there a way to route all packets from that site into my program and convert the packet data to manipulatable info?
Or do i have to do it another way?
Edit: Also i have some familiarity with Java
Are you talking about a web proxy?
Here is the developer info to write your own scripts for Fiddler:
http://fiddler2.com/Fiddler/dev/ScriptSamples.asp
or
http://www.charlesproxy.com/
or if you need detailed packet info
http://www.wireshark.org/
If you just know a little java, you're not going to accomplish this on your own right away IMHO.
im looking for a way to detect, and capture data being sent TO and FROM a specific program, ive attempted to use something like wireshark but it all seems to be a bunch of nonsense to me, so i was wondering if anybody could help me get the data, translate it into text, to allow for editing, and then to resend the new edited information on its way.
Look for Capture TCP stream feature/menu item in Wireshark.
Edit: It's actually Follow TCP Stream.
Wireshark is definitely the way to go. It'll capture the data going to a specific port (which you can probably correlate to a the program fairly easily). I hope this isn't happening over SSL though (wireshark isn't going to help you much if it is).
But if you have to reverse engineer the server's communication protocol, capturing the network packets is the least of your problems. Reverse engineering is difficult and can be fairly error prone as it's often based on guess work. My suggestion is to do this as a last resort: if the server is intended to communicate with the outside world, there's probably some protocol documentation floating around somewhere that will be much more reliable than a wireshark trace.
In testing certain network device driver receive features, I need to send special packets on the wire. I know I need to open a raw socket and push the bytes out. Is there some well-known example (C, perl, whatever) code already available for playing at this level?
(added later) I would prefer non-platform-specific answers, they'll be the most useful for everyone.
Look at the documentation for packet. Basically, you create a socket with SOCK_RAW or SOCK_DGRAM, then write to the socket using normal socket i/o. However, the data you send will be put directly on the line, rather than automatically getting the headers that are necessary for most network interop.
http://www.codeproject.com/KB/IP/sendrawpacket.aspx
There's already an existing project that may be able to help you with this.
Check out http://tcpreplay.synfin.net/wiki/tcprewrite#RewritingLayer2
and http://tcpreplay.synfin.net/
Seems to me you are looking for a tool to generate your own packets, Scapy is such a tool often used in the security industry (such as pentesters).
Demo is available: http://www.secdev.org/projects/scapy/demo.html
I can't think of any examples. But you should just be able to open up a UDP socket to any IP address you like and start writing data to it. Make sure its UDP or this will not work.
I found that there's a good C example here at Security-Freak, which only needed a little modification for flexibility. I'm hoping there are more answers in other languages.