ReturnDirectory
Some days ago, when my colleagues tested their students, they usedIECTool, he isIEForm interception and tampering tools can interceptHTTPRequest, and tamper withGetOrPostAnd then submit the tampered data to the server. This function is a bit interesting. Let's implement it by ourselves and analyze its implementation principles.
-
- HTTP proxy for interception and tampering of request packets
-
- HTTP proxy for interception and tampering of request packets 2-function introduction + Source Code download
-
- HTTP proxy for interception and tampering of request packets 3 --CodeAnalysis started
-
- HTTP proxy for interception and tampering of request packets 4-read and encapsulate request packets from the client
- HTTP proxy for interception and tampering of request packets 5-forward request packets to the target server
-
- HTTP proxy to intercept and tamper with request packets. 6. Receive and encapsulate response packets from the target server.
-
- HTTP proxy to intercept and tamper with request packets. 7. Return the received response packet to the client.
-
- HTTP proxy for interception and tampering of request packets 8-automatically set and cancel proxy + Source Code download
-
- HTTP proxy for interception and tampering of request packets 8-automatic configuration and cancellation of ADSL dial-up connection proxy + Source Code download
-
- HTTP proxy for interception and tampering of request packets 9-demonstration + Source Code download after tampering
- HTTP proxy for interception and tampering of request packets 10-code analysis of the tampering part of the finale
There are many ways to implement this function. You can use Winpcap to directly capture packets from the network adapter and tamper with the packets. You can also hook the send function or other related network APIs. I still don't know the technology used by the IEC software, but from the perspective that it can only intercept ie data, it should be BHO or asynchronous pluggable protocols ), I will not study the specific, to tell the truth, compiled in VB P-CODE ModeProgramIs a virtual machine, in the Assembly level, analysis of VB Virtual Machine to execute the P-CODE code, it is too much trouble.
UseWinpcapTo achieve this function, it is a bit cool to use.HookTechnology is not too secure. It basically involves active defense and smart behavior analysis,HookThe functions used are closely monitored. Therefore, none of the above two technologies are used here.
We use the third technology.--Proxy interception technology: people with a little computer knowledge can see the proxy. The words that are immediately reflected should be the proxy server. Yes, proxy interception technology is implemented based on the proxy server technology.
Next, let's take a look at the basic knowledge of the proxy server.
GenerallyHTTPRequest and response,As shown in.
After joining the Proxy Server,As shown in
have you seen any doorways? Yes, when you use the proxy server, all HTTP requests are sent to the proxy server first and then repackaged by the proxy server, send it to the target ( actual ) server, the response is the same. The proxy server first receives the response from the target ( actual ) the response of the server is packaged and sent to the client. The implementation method is already obvious.
We can implement a proxy server by ourselves, and then set the proxy server of the Local Machine to point to our own proxy server. In this way, when the browser of the local machine sends a request, in fact, they are all sent to our own proxy server. Even if the request is intercepted, the next step is to tamper with the request. As mentioned just now, the request sent to the proxy server is re-packaged by the proxy server and then forwarded to the target(Actual)The proxy server is implemented by ourselves, so isn't the request "wrapped" with our own intention? :) there is no problem with tampering like this.
ReturnDirectory