Archive for April, 2010

LSP hook

Wednesday, April 28th, 2010

LSP hook is a term that refers to the way Winsock LSP intercepts traffic. This should not be confused with Winsock hook which is another way to perform network interception.

Barak

Content filter SDK

Wednesday, April 28th, 2010

Content filter SDK can be used mainly to save time, writing one is a tedious job, it requires knowledge in network intercepting and after you spend around three months building your component, you will spend even more debugging it in the field.

Barak

How to intercept HTTP traffic

Thursday, April 15th, 2010

How to intercept HTTP traffic can be done using a number of technologies, I always recommend going for stream based technologies which are: Winsock LSP, TDI or WFP. Each has advantages and disadvantages like everything in life.

Barak

Intercepting HTTPS traffic using C#

Thursday, April 15th, 2010

Intercepting HTTPS traffic using C# can be done using the Komodia’s Redirector SDK, all you have to do is implement a couple of methods and that’s it.

Barak

TCP filter SDK

Tuesday, April 13th, 2010

TCP filter SDK can be used to filter, block, modify, and inspect any TCP traffic. It also has number of optional modules to perform various advanced tasks such as SSL Decryption, DNS Interception, Parental control and more.

Barak

How to intercept data on Internet

Friday, April 9th, 2010

How to intercept data on Internet? This can be done using number of technologies:

  • Winsock LSP – Is good when you want to operate at user level and inspect streams and not packets.
  • TDI – Soon to be phased out, it’s a driver like technology that can be used either in packet or stream level.
  • NDIS – Kernel driver that inspects packets and has total control over the network.
  • WFP – Microsoft new filterting platform, but until Windows XP is phased out, I forsee it will not gain momentum.

Barak

HTTP Filtering SDK

Saturday, April 3rd, 2010

HTTP Filtering SDK is needed when you want to filter/modify HTTP traffic. The challenge when trying to modify HTTP is that you first need to remove all the HTTP encodings like GZIP, Inflate, SDCH, Chunked transfer and more.

Once you removed the encodings you also need to adjust the headers so the browser will know how to interpert the new encodings.

Barak

Network traffic monitor Windows

Thursday, April 1st, 2010

Network traffic monitor Windows can be done with various methods and technologies like: Winsock LSP, NDIS Passthru or NDIS IM, TDI Filter or TDI Driver, WFP and more.

Barak

Layered Service Provider

Thursday, April 1st, 2010

Layered Service Provider or its more known form is Winsock LSP is used to perform various packet interception/manipulation tasks. The main advantage of Winsock LSP is that it works on stream level and it’s implemented in user level.

Barak