Hook Winsock API, can be done in various ways including: Winsock LSP, TDI, NDIS, Hooks, WFP. Which one is correct for you? it depends on what you plan to do, so it’s recommended you read about the technologies.
Barak
Archive for the ‘Technology’ Category
Hook Winsock API
Sunday, May 2nd, 2010LSP hook
Wednesday, April 28th, 2010LSP hook is a term that refers to the way Winsock LSP intercepts traffic. This should not be confused with Winsock hook which is another way to perform network interception.
Barak
Content filter SDK
Wednesday, April 28th, 2010Content filter SDK can be used mainly to save time, writing one is a tedious job, it requires knowledge in network intercepting and after you spend around three months building your component, you will spend even more debugging it in the field.
Barak
How to intercept data on Internet
Friday, April 9th, 2010How to intercept data on Internet? This can be done using number of technologies:
- Winsock LSP – Is good when you want to operate at user level and inspect streams and not packets.
- TDI – Soon to be phased out, it’s a driver like technology that can be used either in packet or stream level.
- NDIS – Kernel driver that inspects packets and has total control over the network.
- WFP – Microsoft new filterting platform, but until Windows XP is phased out, I forsee it will not gain momentum.
Barak
HTTP Filtering SDK
Saturday, April 3rd, 2010HTTP Filtering SDK is needed when you want to filter/modify HTTP traffic. The challenge when trying to modify HTTP is that you first need to remove all the HTTP encodings like GZIP, Inflate, SDCH, Chunked transfer and more.
Once you removed the encodings you also need to adjust the headers so the browser will know how to interpert the new encodings.
Barak
Intercepting network traffic
Tuesday, March 30th, 2010Intercepting network traffic is a method which is used to transparently redirect the network traffic in order to accomplish various common tasks like:
- Parental control.
- Anonymizers.
- Spam filtering.
There are number of ways and technology to achieve it, I think one of the easiest way which is the cheapest in the long run is to use our Network interception SDK.
Barak
How to debug memory heap corruptions
Tuesday, March 23rd, 2010Debugging memory heap corruptions is quite tricky because the location of the crash gives us absolutly no clue on where the corrupting code is located.
We wrote an article about how to debug heap corruptions which covers a simple yet unknown and powerfull technique to debug and solve such corruptions.
Barak
Hooking Winsock
Monday, March 22nd, 2010Hooking Winsock is one way to allow the programmer to intercept Winsock2 calls, this way has advantages and disadvantages. Advantages:
- No need to install anything.
- Easy to learn.
Disadvantages:
- For commercial products requires a commercial hooking library.
- For 64bit there’s only Microsoft Detours which costs a small fortune.
- On Vista and above you have to deal with injection security enforcement.
Barak
Internet Explorer sniffer
Wednesday, March 17th, 2010Download our free Internet Explorer sniffer which is a useful tool for various tasks ranging from debugging your application to debugging web sites. Other Internet explorer sniffers can come with or without SSL/HTTPS decryption support, it can be Open source, or propietary.
Which to use? this is not an easy question to answer because the sniffer choice is really a combination or needs, budget and deployment environment. For example: you can’t use a GPL sniffer like Wireshark for a commercial application, but buying a SDK just to sniff a normal website for a one time debug isn’t making sense as well.
Barak
SSL Decrypt
Wednesday, March 17th, 2010There are number of ways to perform SSL Decrypt and it’s up to the programmer to decide what works best for him:
- Using a product/SDK that isn’t modifying the SSL certificate (like SSL Decryptor) but it’s targeted per specific browser, Komodia’s SSL Decryptor works with FF and IE.
- Using a product/SDK that performs manipulation on the SSL certificate but isn’t alerting the user (like SSL Digestor), this product is more general and works with all browsers and the popular mail clients.
- Using open source proxy which changing the certificate and alerts the user, basically they pefrom MITM attack, using these solutions is good for debug purposes.
Barak