SSL sniffing of XP, can be done in number of ways, it can be done with a SDK which is relevant for commercial applications or it can be done with a SSL Sniffer, you can even use Wireshark, but for that you must have the SSL key.
Network Redirector SDKÂ is Komodia’s flagship product, it does 95% of all possible network modification needed and it’s off the shelf product, which means that you can work with it from the minute you use it just like Net filter SDK.
In case you do need to extend its functionality you can write a DLL using our easy to use DLL extension framework.
TDI DriverÂ is mostly used today for personal AV products. I know there are number of parental control, spam filters products that use it as well.
I’m not a fan of TDI, although it has its place in doing networking filtering, it’s time is up and in one and a half year it will be phased out, so I don’t see any reason to start a project using TDI.
You can read this nice article about the difference between LSP and TDI.
Windows Filtering PlatformÂ is a relativly new technology from Microsoft that was built to replace all existing technologies: Winsock LSP, TDI, NDIS.
First step would we TDI as Microsoft announced it will not be supported anymore on the next OS, but it seems that NDIS and LSP are supported.
I had a prospect ask me why I don’t WFP, well WFP the main reason not to use WFP for me is the lack of support for Windows XP (many of my clients also want to support Windows 2000), and until Windows XP will become obsolete, WFP will not gain momentum.
NDIS FilterÂ is used to perform packet filtering, modification and inspection, unlike other technologies like LSP and TDI which operate on streams.
NDIS Filter is actually a NDIS IM driver which receives packets (to send or receive), can perform processing on them and then send them to the next layer or drop them, that’s why NDIS IM drivers are used for: Firewalls, corporate firewalls, custom network solutions and more.
When stream operations is requires, NDIS IM is sometimes a bad choice because it imposes additional work to convert packets to streams, which can be avoided if using TDI or LSP.
Our clients are using this SDK to rapidly deploy their products such as: Parental control, Anonymizers, Content analyzers and more.
You can get a free trial of our c++ parental controlÂ which allows you to build you own filter without wasting your valuable time on learning and implementing network interception and modification techniques.
It also parses various HTTP encodings such as GZIP, Inflate, SDCH, Chunked trasfer and has the ability to decrypt SSL traffic.
Download our free Internet Explorer snifferÂ which is a useful tool for various tasks ranging from debugging your application to debugging web sites. Other Internet explorer sniffers can come with or without SSL/HTTPS decryption support, it can be Open source, or propietary.
Which to use? this is not an easy question to answer because the sniffer choice is really a combination or needs, budget and deployment environment. For example: you can’t use a GPL sniffer like Wireshark for a commercial application, but buying a SDK just to sniff a normal website for a one time debug isn’t making sense as well.
There are number of ways to perform SSL DecryptÂ and it’s up to the programmer to decide what works best for him:
Sniffer APIÂ is needed when a programmer wants to have a sniffing capability in his application. First thing to check is whether the programmer needs stream sniffing or packet sniffing. The difference is so great that choosing the wrong one can doom the project (I’ll not get into the differences in this post)
There are a few options: