I'm trying to redirect all tcp packets to my local proxy to modify html content(adblocker like). I wanted to use WinDivert but it doesn't seem to work.
Im starting the driver like this:
handle = WinDivertOpen("outbound", WINDIVERT_LAYER_NETWORK, 0, 0);
then when capturing and modifying packets:
if (ip_header != NULL && tcp_header != NULL) {
//redirect to proxy
if (ntohs(tcp_header->DstPort) == 80)
{
UINT32 dst_addr = ip_header->DstAddr;
ip_header->DstAddr = ip_header->SrcAddr;
ip_header->SrcAddr = dst_addr;
tcp_header->DstPort = htons(PROXY);
addr.Direction = DIVERT_DIRECTION_INBOUND;
}
else if (ntohs(tcphdr->SrcPort) == PROXY)
{
// proxy to browser
uint32_t dst_addr = iphdr->DstAddr;
iphdr->DstAddr = iphdr->SrcAddr;
iphdr->SrcAddr = dst_addr;
tcphdr->SrcPort = htons(80);
addr.Direction = DIVERT_DIRECTION_INBOUND;
}
WinDivertHelperCalcChecksums(packet, packet_len, 0);
if (!WinDivertSend(handle, packet, packet_len , &addr, &send_len))
{
qWarning() << "warning: failed to reinject packet" << GetLastError() << send_len;
}
But on the proxy side i cant see any incoming traffic and pages are not loading in the web browser.
The code snippet will transform outbound (port HTTP) packets into inbound (port PROXY) packets. This part is OK. But there is currently nothing that handles the reverse path.
For example, consider the TCP handshake. The code snippet will redirect a (DstPort=80) SYN packet to the proxy server, which will reply with a (SrcPort=PROXY) SYN/ACK. However, this SYN/ACK is not handled by the above code and will be lost. You need to add code to redirect outbound (SrcPort=PROXY) packets to inbound (SrcPort=80) packets.
See the TorWall example: https://github.com/basil00/TorWall/blob/082b7ff0fa86abfa2df480ece8cb31e25a29c1bc/tor_wall.c
Edit: Also see the
streamdumpWinDivert sample: https://github.com/basil00/Divert/blob/master/examples/streamdump/streamdump.c