How can I redirect a request?

Apr 26, 2011 at 4:12 AM

I wanna write a demonstration that intercept a request from local host to an address like www.abcdef.com, it is possible with eEx? 

Coordinator
Apr 26, 2011 at 8:57 AM

Hi

Since the Network Libraray uses WinPcap for accessing the nerwork inferace, you can only modify traffic from remote hosts, when you route their traffic. But if you only want to capture the request and analyze it, it sould be no problem, as long as you don't need to modify it. For capturing HTTP, have a look at the eExNetworkLibrary.Monitoring.HTTPMonitor.

Could you probably describe the problem further? Maybe we could find a solution.  
Since it is a demonstration, would it be possible to intercept a request from a demonstration host which is connected to the internet over a diffrent host with the program running on it?

regards, Emi

Apr 26, 2011 at 3:23 PM

Hello Emi,

Thanks for your answer in detail. Yeah, my scenario is I have a list of address that a user can not access to. I wanna create a program that auto detect the target address. It will check in the black list, if found the target of request will be changed (redirect) to another address contains a message to inform him. I think the eExNetworkLibrary.Monitoring.HTTPMonitor only allow us to VIEW information, doesn't allow to modify. Right? Thanks...

Coordinator
Apr 26, 2011 at 7:36 PM

Hi

Yes, you are completely right.

Sadly, as I wrote, it is not possible to edit data send and received by the local host. To do this, it would be necassary to use hooks or a own NDIS driver, like firewalls do, for example.

Nevertheless it would be possible, as said, to create a tool which routes the traffic and checks it against the blacklist, and have it running on a seperate host which is used as default by the hosts to control. Even using a MITM attack like ARP poisoning could be used to accomplish the traffc being routed over a certain host. In fact, this is what the tool Traffic Watch does, which can be used to protect a network from bandwith consuming downloads (link: http://www.eex-dev.net/index.php?id=68&L=1). Maybe this could be a solution?

Intercepting local host traffic is a planned feature, but I cannot make any predicts when this feature will be ready at the moment.

regards, Emi