locked
StmEdit not calling callout functions for inbound traffic RRS feed

  • Question

  • Hello,

    I'm trying to get the stmedit sample to work and am running into some difficulties.

    When I turn on the InspectOutbound flag in the registry, set EditInline to 1, set InspectionPort to 80, set StringToFind to A and StringToReplace to B, and use a proxy, going to www.A.com redirects to www.B.com as expected since the destination is moved to part of the payload.

    When I turn off the InspectOutbound flag in the registry, still using EditInline, still InspectionPort=80, accessing a simple http://www.somewebsite.com/somepage.html page I see that no functions from the driver source code have been called.

    I added a DbgPrint() call to every function in the source code to see the basic code flow without having to use the debugger for everything, although I do have it working and haven't been able to find the issue here. 

    I'm not sure why none of the callout functions are being called when there are clearly inbound packets associated with port 80.

    Any help would be really appreciated.


    • Edited by SB_MSDN Wednesday, June 29, 2016 1:29 PM
    Wednesday, June 22, 2016 8:21 PM