none
Modify Incoming TCP Packet Sent to the Browser RRS feed

  • Question

  • In kernel mode speaking where can I intercept TCP data sent to the browser and modify the data based on set of rules.

    I need to be able to see everything that is all TCP traffic at the highest layer (application) possible. How can this be done ? Since this is a security product I don't want to miss any traffic.

    Best Regards

    Mrutyunjaya

    Friday, September 21, 2018 4:05 AM

Answers

  • You need to write a WFP (Windows Filtering Platform) kernel-mode driver. You can intercept the data stream at any level within the network stack, including the application layer. You can find information on WFP here. There are also samples in the WDK (Windows Driver Kit) here

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Friday, September 21, 2018 4:20 AM
    Moderator

All replies

  • You need to write a WFP (Windows Filtering Platform) kernel-mode driver. You can intercept the data stream at any level within the network stack, including the application layer. You can find information on WFP here. There are also samples in the WDK (Windows Driver Kit) here

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Friday, September 21, 2018 4:20 AM
    Moderator
  • Which one is the exact sample for this ? Mrutyunjaya
    Friday, September 21, 2018 9:33 AM
  • There are no exact samples for what you want. You'll have to learn how to write a WFP driver, or pay a consultant to do it for you

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Friday, September 21, 2018 7:29 PM
    Moderator
  • How can I load WFP filter driver during Windows 10 boot up. I recall using Service Control Manager some time ago for a non WFP driver.

    Mrutyunjaya

    Monday, September 24, 2018 6:25 AM
  • There is a .INX file in the WFP Sample

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Monday, September 24, 2018 7:02 PM
    Moderator