Forward winsock traffic (mostly understanding question)

c++ / delphi package - dll injection and api hooking
Post Reply
Hypfvieh
Posts: 3
Joined: Wed Oct 08, 2008 7:09 am

Forward winsock traffic (mostly understanding question)

Post by Hypfvieh »

Hi there!

I know there are lots of threads around here talking about hooking winsock. So this is another one :D

I read most of the old winsock related topics. Maybe it is a missunderstandig by myself, maybe someone is able to help me out.

So the problem is: I want to get all traffic (at least TCP) from all apps running by the user using my program. The traffic should be modified and then gets send into a SSH Tunnel. The SSH server will then do the request somewhere in the internet or on his internal network and send back the answer to the client machine.

I played around with some code from appsniff, but maybe I'm searching on the wrong end.
I hooked winsocks 'connect' function and modified the IP to get the packet send to my tunnel (listing on localhost:7070). I can see that the tunnel creates some traffic and sends back a packet. But the source application doesn't know that this packet is for it, so I'll get a timeout.

If I modify the IP like I do it right now, the SSH server may not know to which server the packet should be redirected to (because the IP is not the IP the packet was created for). If thats not the case, at least the client application is waiting for an answer of original IP the request was for and not for an answer of localhost... any clue on how to get this handled?

After a while of thinking about the way TCP/IP is working, I thought I had to put a TCP packet into another TCP packet, but I'm not sure that this is a correct solution.. If I try that, I have to hook recv/send?

Atm I'm a bit confused on how some stuff is handled by winsock -.-
Post Reply