C# socket programming

DarkMessiah · 03/28/2010, 12:40

I've decided to swap over to mainly proxy with memory enhancements using what I've already accomplished. I've managed to get a lot of stuff done, like finding local socket used by process ID etc and I can listen on different ports so that I have a packet logger. What i want to do instead of just listening though is actually block/intercept the packet and modify it before it gets to its target. Does anyone know a way in c# to accomplish this? I think I will most likely have to use a c++ dll to have that kind of functionality, but I figured I'd get your guys opinions first.

btw if it helps any, all i need to intercept is the first packet sent by the server.

Nullable · 03/28/2010, 14:16

You need to write a proxy that will listen for 1st peer(client) and then issue a connection to the 2nd peer(server) then exchange data between both peers. anyhow here is the first packet(on connection) from server[v5225]:

Quote:

C5 48 69 12 95 E7 FF 99

This isn't decrypted, actually i really don't know, if this is to be decrypted or not, because looks like it doesn't follow the same packet style(after decryption it doesn't follow the style: (header + data) where header consists of [size = 2 bytes -- type = 2 bytes]) also i have found that the first 4 bytes are always constant, only the last 4 bytes change, anyhow it might be just my encryption, or it might follow some other rules.

flowerpot! · 03/28/2010, 15:18

Yes, it needs to be decrypted. The packet contains a seed for the password encryption.

DarkMessiah · 03/28/2010, 21:18

Quote:

Originally Posted by Nullable

You need to write a proxy that will listen for 1st peer(client) and then issue a connection to the 2nd peer(server) then exchange data between both peers. anyhow here is the first packet(on connection) from server[v5225]:

This isn't decrypted, actually i really don't know, if this is to be decrypted or not, because looks like it doesn't follow the same packet style(after decryption it doesn't follow the style: (header + data) where header consists of [size = 2 bytes -- type = 2 bytes]) also i have found that the first 4 bytes are always constant, only the last 4 bytes change, anyhow it might be just my encryption, or it might follow some other rules.

this is assuming you already have the client set to connect to localhost though. I'm trying something a little bit different that actually has to block about 4 packets before i can go about it that way :/

MasterFletch · 03/29/2010, 20:47

You are right to think that you will have to code this part outside of C#. It is not something you want to try in a managed language.

For modification of the packet midstream:
-Look into windows filtering platform and callout drivers

Otherwise, you just need to write out a simple packet filter. (Mini firewall)

Either way, you are looking at writing a driver, from what I can see.

Good luck, you have taken an interesting route as opposed to the traditional Proxy design. Whether it is better or worse, only the future will tell.

Edit: I heard from a various source that SharpPcap might do what you want in C#. Hope this helps.

deaconator · 03/30/2010, 12:10

Just write a simple proxy in C# first, patch your client so it connects to 127.0.0.1. Only worry about encryption/decryption when you get past that first step.

MasterFletch · 03/30/2010, 19:46

Quote:

Originally Posted by deaconator

Just write a simple proxy in C# first, patch your client so it connects to 127.0.0.1. Only worry about encryption/decryption when you get past that first step.

He said that he doesn't want to have to be reliant on a client patched to local host

He is asking about packet filtering(basically a simple firewall) in C#. He didn't ask about encryption or decryption at all XD