How do I change the HTTP response packet using winpcap?
There are two problems here:
- What to do if the content is encoded: gzip ...
- Do I also need to change part of the header to make the HTTP packet valid (checksums, if any?)
UPDATE
Can someone with actual experience describe the steps in detail?
I also use winpcap
bpf tcp and src port 80
to filter traffic, so my task is this callback function:
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
a source to share
WinPcap prevents you from modifying a packet that has already been sent.
If the packet was sent, WinPcap will not prevent it from reaching its destination.
If you would like to post a different response - in addition to the response that was posted, I am not sure what you are trying to achieve.
a source to share
- Decompress it with a GZIP decompressor.
- Remove the header
Content-Encoding
and addContent-Length
one representing the new length in bytes.
However, for a better answer, you will need to provide more context in the question. This is the smell. What are you trying to achieve, and for what do you think it is correct to change the HTTP response?
a source to share
winpcap is a weird way to try changing the TCP stream - you don't explain why you are trying to do this, but you can probably achieve this by writing your own HTTP proxy instead. In this way, you are presented with a direct data stream that you can intercept, log and modify in your heart content. Once you've done that, strip the Accept-Encoding from the request headers so you never have to deal with gzipped responses.
There are no HTTP checksums, but the lower levels have checksums; by working at the application level as a proxy, you let the network stack handle all of this for you.
a source to share