Login/Register
WinDivert redirect to proxy
Asked Answered
Solved windowsproxywfp
N

1

2

I'm trying to redirect all tcp packets to my local proxy to modify html content(adblocker like). I wanted to use WinDivert but it doesn't seem to work.

Im starting the driver like this:

handle = WinDivertOpen("outbound", WINDIVERT_LAYER_NETWORK, 0, 0);

then when capturing and modifying packets: 

 if (ip_header != NULL && tcp_header != NULL) {

    //redirect to proxy
    if (ntohs(tcp_header->DstPort) == 80)
    {

       UINT32 dst_addr = ip_header->DstAddr;
       ip_header->DstAddr = ip_header->SrcAddr;
       ip_header->SrcAddr = dst_addr;
       tcp_header->DstPort = htons(PROXY);
       addr.Direction = DIVERT_DIRECTION_INBOUND;
    }

    else if (ntohs(tcphdr->SrcPort) == PROXY)
    {
        //  proxy to browser
        uint32_t dst_addr = iphdr->DstAddr;
        iphdr->DstAddr = iphdr->SrcAddr;
        iphdr->SrcAddr = dst_addr;
        tcphdr->SrcPort = htons(80);
        addr.Direction = DIVERT_DIRECTION_INBOUND;
    }
 WinDivertHelperCalcChecksums(packet, packet_len, 0);

 if (!WinDivertSend(handle, packet, packet_len , &addr, &send_len))
    {
        qWarning() << "warning: failed to reinject packet" << GetLastError() << send_len;
    }

But on the proxy side i cant see any incoming traffic and pages are not loading in the web browser.

Natty answered 2/6, 2014 at 13:9 Comment(3)
For the infinite loop problem: one solution is to connect using a different port other than 80. For example, connect via port 12345, then have the windivert application translate port 12345 packets to port 80 packets on the way out. Do the reverse translation for inbound packets.Rida
@Basil: Such a translation does not work when using SSL (or any other serious transport security protocol), as the client assumes a different destination and the checksums don't match.Lakeshialakey
Yes, if true then this will not work. There may be other more complicated solutions (e.g. connection tracking, and a table of connections that are allowed to "pass through"?) Ideally Windows would support something like SO_MARK from Linux, which would make everything much easier.Rida
R
3

The code snippet will transform outbound (port HTTP) packets into inbound (port PROXY) packets. This part is OK. But there is currently nothing that handles the reverse path.

For example, consider the TCP handshake. The code snippet will redirect a (DstPort=80) SYN packet to the proxy server, which will reply with a (SrcPort=PROXY) SYN/ACK. However, this SYN/ACK is not handled by the above code and will be lost. You need to add code to redirect outbound (SrcPort=PROXY) packets to inbound (SrcPort=80) packets.

See the TorWall example: https://github.com/basil00/TorWall/blob/082b7ff0fa86abfa2df480ece8cb31e25a29c1bc/tor_wall.c

Edit: Also see the streamdump WinDivert sample: https://github.com/basil00/Divert/blob/master/examples/streamdump/streamdump.c

Rida answered 3/6, 2014 at 13:29 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.