Archive for the ‘Technology’ Category

Hook Winsock API

Sunday, May 2nd, 2010

Hook Winsock API, can be done in various ways including: Winsock LSP, TDI, NDIS, Hooks, WFP. Which one is correct for you? it depends on what you plan to do, so it’s recommended you read about the technologies.


LSP hook

Wednesday, April 28th, 2010

LSP hook is a term that refers to the way Winsock LSP intercepts traffic. This should not be confused with Winsock hook which is another way to perform network interception.


Content filter SDK

Wednesday, April 28th, 2010

Content filter SDK can be used mainly to save time, writing one is a tedious job, it requires knowledge in network intercepting and after you spend around three months building your component, you will spend even more debugging it in the field.


How to intercept data on Internet

Friday, April 9th, 2010

How to intercept data on Internet? This can be done using number of technologies:

  • Winsock LSP – Is good when you want to operate at user level and inspect streams and not packets.
  • TDI – Soon to be phased out, it’s a driver like technology that can be used either in packet or stream level.
  • NDIS – Kernel driver that inspects packets and has total control over the network.
  • WFP – Microsoft new filterting platform, but until Windows XP is phased out, I forsee it will not gain momentum.


HTTP Filtering SDK

Saturday, April 3rd, 2010

HTTP Filtering SDK is needed when you want to filter/modify HTTP traffic. The challenge when trying to modify HTTP is that you first need to remove all the HTTP encodings like GZIP, Inflate, SDCH, Chunked transfer and more.

Once you removed the encodings you also need to adjust the headers so the browser will know how to interpert the new encodings.


Intercepting network traffic

Tuesday, March 30th, 2010

Intercepting network traffic is a method which is used to transparently redirect the network traffic in order to accomplish various common tasks like:

  • Parental control.
  • Anonymizers.
  • Spam filtering.

There are number of ways and technology to achieve it, I think one of the easiest way which is the cheapest in the long run is to use our Network interception SDK.


How to debug memory heap corruptions

Tuesday, March 23rd, 2010

Debugging memory heap corruptions is quite tricky because the location of the crash gives us absolutly no clue on where the corrupting code is located.

We wrote an article about how to debug heap corruptions which covers a simple yet unknown and powerfull technique to debug and solve such corruptions.


Hooking Winsock

Monday, March 22nd, 2010

Hooking Winsock is one way to allow the programmer to intercept Winsock2 calls, this way has advantages and disadvantages. Advantages:

  • No need to install anything.
  • Easy to learn.


  • For commercial products requires a commercial hooking library.
  • For 64bit there’s only Microsoft Detours which costs a small fortune.
  • On Vista and above you have to deal with injection security enforcement.


Internet Explorer sniffer

Wednesday, March 17th, 2010

Download our free Internet Explorer sniffer which is a useful tool for various tasks ranging from debugging your application to debugging web sites. Other Internet explorer sniffers can come with or without SSL/HTTPS decryption support, it can be Open source, or propietary.

Which to use? this is not an easy question to answer because the sniffer choice is really a combination or needs, budget and deployment environment. For example: you can’t use a GPL sniffer like Wireshark for a commercial application, but buying a SDK just to sniff a normal website for a one time debug isn’t making sense as well.


SSL Decrypt

Wednesday, March 17th, 2010

There are number of ways to perform SSL Decrypt and it’s up to the programmer to decide what works best for him:

  • Using a product/SDK that isn’t modifying the SSL certificate (like SSL Decryptor) but it’s targeted per specific browser, Komodia’s SSL Decryptor works with FF and IE.
  • Using a product/SDK that performs manipulation on the SSL certificate but isn’t alerting the user (like SSL Digestor), this product is more general and works with all browsers and the popular mail clients.
  • Using open source proxy which changing the certificate and alerts the user, basically they pefrom MITM attack, using these solutions is good for debug purposes.