Archive for March, 2010

SSL sniffing of XP

Sunday, March 21st, 2010

SSL sniffing of XP, can be done in number of ways, it can be done with a SDK which is relevant for commercial applications or it can be done with a SSL Sniffer, you can even use Wireshark, but for that you must have the SSL key.

Barak

Net filter SDK

Saturday, March 20th, 2010

Network Redirector SDK is Komodia’s flagship product, it does 95% of all possible network modification needed and it’s off the shelf product, which means that you can work with it from the minute you use it just like Net filter SDK.

In case you do need to extend its functionality you can write a DLL using our easy to use DLL extension framework.

Barak

TDI Driver

Saturday, March 20th, 2010

TDI Driver is mostly used today for personal AV products. I know there are number of parental control, spam filters products that use it as well.

I’m not a fan of TDI, although it has its place in doing networking filtering, it’s time is up and in one and a half year it will be phased out, so I don’t see any reason to start a project using TDI.

You can read this nice article about the difference between LSP and TDI.

Barak

Windows Filtering Platform (WFP)

Thursday, March 18th, 2010

Windows Filtering Platform is a relativly new technology from Microsoft that was built to replace all existing technologies: Winsock LSP, TDI, NDIS.

First step would we TDI as Microsoft announced it will not be supported anymore on the next OS, but it seems that NDIS and LSP are supported.

I had a prospect ask me why I don’t WFP, well WFP the main reason not to use WFP for me is the lack of support for Windows XP (many of my clients also want to support Windows 2000), and until Windows XP will become obsolete, WFP will not gain momentum.

Barak

NDIS Filter

Thursday, March 18th, 2010

NDIS Filter is used to perform packet filtering, modification and inspection, unlike other technologies like LSP and TDI which operate on streams.

NDIS Filter is actually a NDIS IM driver which receives packets (to send or receive), can perform processing on them and then send them to the next layer or drop them, that’s why NDIS IM drivers are used for: Firewalls, corporate firewalls, custom network solutions and more.

When stream operations is requires, NDIS IM is sometimes a bad choice because it imposes additional work to convert packets to streams, which can be avoided if using TDI or LSP.

Barak

C++ filter network traffic

Wednesday, March 17th, 2010

You can request a trial for our c++ filter network traffic which allows you to perform network modification and interception without delving into the deeps of network filtering technology.

Our clients are using this SDK to rapidly deploy their products such as: Parental control, Anonymizers, Content analyzers and more.

Barak

C++ parental control

Wednesday, March 17th, 2010

You can get a free trial of our c++ parental control which allows you to build you own filter without wasting your valuable time on learning and implementing network interception and modification techniques.

It also parses various HTTP encodings such as GZIP, Inflate, SDCH, Chunked trasfer and has the ability to decrypt SSL traffic.

Barak

Internet Explorer sniffer

Wednesday, March 17th, 2010

Download our free Internet Explorer sniffer which is a useful tool for various tasks ranging from debugging your application to debugging web sites. Other Internet explorer sniffers can come with or without SSL/HTTPS decryption support, it can be Open source, or propietary.

Which to use? this is not an easy question to answer because the sniffer choice is really a combination or needs, budget and deployment environment. For example: you can’t use a GPL sniffer like Wireshark for a commercial application, but buying a SDK just to sniff a normal website for a one time debug isn’t making sense as well.

Barak

SSL Decrypt

Wednesday, March 17th, 2010

There are number of ways to perform SSL Decrypt and it’s up to the programmer to decide what works best for him:

  • Using a product/SDK that isn’t modifying the SSL certificate (like SSL Decryptor) but it’s targeted per specific browser, Komodia’s SSL Decryptor works with FF and IE.
  • Using a product/SDK that performs manipulation on the SSL certificate but isn’t alerting the user (like SSL Digestor), this product is more general and works with all browsers and the popular mail clients.
  • Using open source proxy which changing the certificate and alerts the user, basically they pefrom MITM attack, using these solutions is good for debug purposes.

Barak

Sniffer API

Tuesday, March 16th, 2010

Sniffer API is needed when a programmer wants to have a sniffing capability in his application. First thing to check is whether the programmer needs stream sniffing or packet sniffing. The difference is so great that choosing the wrong one can doom the project (I’ll not get into the differences in this post)

There are a few options:

  • Open source sniffers, the programmer must keep in mind that if he wants a closed commercial application, GPL sniffers such as Wireshark is not the best idea.
  • Propietary sniffers, can be used commercialy, sometimes may look costly in compare to “free” sniffers, but will be much better in terms of TCO.

Barak