none
How to Get SOCKET Information WDK ? RRS feed

  • General discussion

  • Creating a WFP drier will i be able to catch Catch Informative data before they Encrypted from Such as Web Browser or Some other Application which uses Sockets in User Space? 

    Or How can i Get such sensitive information from kernel. I know About the OSI model. 


    Thanks

    Monday, December 12, 2016 10:49 AM

All replies

  • What information are you trying to get?  If you are looking for the data in the packet it will be exactly what the application sends (i.e. encrypted if the app encrypts it).   If you are looking for data such as what application is sending data, what IP addresses are involved etc, yes the filter will capture this.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Monday, December 12, 2016 12:12 PM
  • What information are you trying to get?  If you are looking for the data in the packet it will be exactly what the application sends (i.e. encrypted if the app encrypts it).   If you are looking for data such as what application is sending data, what IP addresses are involved etc, yes the filter will capture this.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    such as login info of a website ? 
    Monday, December 12, 2016 1:42 PM
  • To achieve Such Goal Which level in kernel do i have to work in kernel ? 
    Monday, December 12, 2016 1:47 PM
  • As I said you can see the packets in the form they are handed to WinSock.   How ever the login/password is sent you will see it, the challenge is that you need to recognize the packets and find what the data is.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Monday, December 12, 2016 1:48 PM