VixinG Posted July 14, 2012 Share Posted July 14, 2012 (edited) I wanted to start working on a small script which will scan the chosen process and capture every outgoing packet in that process (or on specified port) which contains "74 65 73 74" (hex 'test').Then it will automatically change the "74 65 73 74" in that packet to "54 45 53 54" (hex 'TEST').It's just an example. Do I need to inject the Windows Socket 2.0 DLL (ws2_32.dll) and call it functions somehow with DLLCall()?Process -> Script [modifying packet] -> ServerI found that somewhere on the forums, and that's all what I got for now. I don't know where to start Func SendData() $v_Data= "54455354" ;TEST $v_Buffer = DllStructCreate("byte[4]") For $n = 1 to 4 $val = StringMid($v_Data,1+($n-1)*2,2) DllStructSetData($v_Buffer,1,Dec($val),$n);struct,element,data,index NextAnd this for injecting the DLL:#include '_DLLInjection.au3' Local $sProcess,$iProcessID,$sDLLToInject,$hInjectedDLL,$bLoadedProc=False $sProcess='Test.exe' $sDLLToInject='ws2_32.dll' $iProcessID=ProcessExists($sProcess) If $iProcessID Then $bLoadedProc=True Else $iProcessID=Run($sProcess) If $iProcessID=0 Then Exit Local $hProcess=_ProcessOpen($iProcessID,$PROCESS_QUERY_LIMITED_INFO) ; Wait for the process to 'settle' _ProcessWaitForInputIdle($hProcess,3000) _ProcessCloseHandle($hProcess) EndIf MsgBox(0,"Ready!","Ready to inject! ('"&$sDLLToInject&"')") $hInjectedDLL=_DLLInject($iProcessID,$sDLLToInject) If @error Then Exit MsgBox(0,"DLL Injection Failed","Injection failed, Return: "&$hInjectedDLL&"@error="&@error&", @extended="&@extended)Any help will be greatly appreciated! Edit: I can use something like that:If StringInStr($packet,Hex('test')) Then Local $mod_packet = StringReplace($packet,Hex('test'),Hex('TEST')) ;and here the function to send that packet forward EndIfWSASend function? (http://msdn.microsoft.com/en-us/library/windows/desktop/ms742203(v=vs.85).aspx)PacketX? ARP Packet? () Edited July 14, 2012 by VixinG [indent=3][/indent] Link to comment Share on other sites More sharing options...
VixinG Posted July 14, 2012 Author Share Posted July 14, 2012 (edited) I got this so far:expandcollapse popup#include <Winpcap.au3> #include <Array.au3> Global $pcap, $AdapterName = 0 Global $iScan = 0 Global $iAlive = 0 Global $aData, $mData Dim $aIPSendArray[2] = [1, 0] Dim $aAliveHosts[1] = [0] Global $sProcess,$iProcessID $winpcap = _PcapSetup() If ($winpcap = -1) Then Exit EndIf $pcap_devices = _PcapGetDeviceList() If ($pcap_devices = -1) Then Exit EndIf $sIPReso = '192.168.1.109' For $i = 0 To UBound($pcap_devices) - 1 If $pcap_devices[$i][7] = $sIPReso Then $AdapterName = $pcap_devices[$i][7] ExitLoop EndIf Next If $AdapterName = 0 Then Exit ;-------- $sProcess='xchat.exe' $iProcessID=ProcessExists($sProcess) If $iProcessID Then $bLoadedProc=True Else Exit EndIf $pcap = _PcapStartCapture($AdapterName,"tcp") While 1 $packet = _PcapGetPacket($pcap) If IsArray($packet) Then $aData = StringTrimLeft($packet[3],2) If StringInStr($aData,Hex('test')) Then $mData = StringReplace($aData,Hex('test'),Hex('TEST')) EndIf WEndCan you help me a little? I'm missing functions to block the outgoing packet with "test" and sending stuff...And btw this script doesn't work. I don't know why. It should monitor packets and it's not.I do that for educational purposes only and I don't know where to look for help :| Edited July 14, 2012 by VixinG [indent=3][/indent] Link to comment Share on other sites More sharing options...
VixinG Posted July 14, 2012 Author Share Posted July 14, 2012 Sorry for bumping again, but if anyone knows how to help me with it... I'm not really good in all this packet stuff, so I don't have a clue how to do that / how it should function step by step. C'mon [indent=3][/indent] Link to comment Share on other sites More sharing options...
kylomas Posted July 15, 2012 Share Posted July 15, 2012 VixinG,You may find a more responsive audience by explaining exactly what you are doing and why you are doing it.kylomas Forum Rules Procedure for posting code "I like pigs. Dogs look up to us. Cats look down on us. Pigs treat us as equals." - Sir Winston Churchill Link to comment Share on other sites More sharing options...
Maffe811 Posted July 15, 2012 Share Posted July 15, 2012 And wait 24 hours before bumping. [font="helvetica, arial, sans-serif"]Hobby graphics artist, using gimp.Automating pc stuff, using AutoIt.Listening to music, using Grooveshark.[/font]Scripts:[spoiler]Simple ScreenshotSaves you alot of trouble when taking a screenshot!Don't remember what happened with this, but aperantly the exe is all i got.If you don't want to run it, simply don't._IsRun UDFIt figures out if the script has ben ran before based on the info in a ini file.If you don't want to use exactly what i wrote, you can use it as inspiration.[/spoiler] Link to comment Share on other sites More sharing options...
VixinG Posted July 15, 2012 Author Share Posted July 15, 2012 And wait 24 hours before bumping.That's why I said I'm sorry for bumping I will wait next time I swear.VixinG,You may find a more responsive audience by explaining exactly what you are doing and why you are doing it.kylomasOf course, kylomas. I'm explaining.What: I want to capture an outgoing packet which contains eg. 70 0C 2B A1, modify it to eg. 22 4A 1C 08 and send forward.Why: I want to learn how to write something like that. It can be helpful, like everything else what I found here on forums. I very appreciate everyone's work and I study every interesting source code. It's all for education. I'm not ready yet to learn any 'serious' language like C++/C#, and I like AutoIt and I would like to learn as much as I can. I'm not lying now. I want to achieve something. I want to know at least one programming language and I choose this. [indent=3][/indent] Link to comment Share on other sites More sharing options...
kylomas Posted July 15, 2012 Share Posted July 15, 2012 VixinG,I understand your desire to learn and appreciate that English is not your native language so your "WHY" expanation may be losing somehting in translation. However, your "WHAT" is very specific and I cannot think of a non-malicious reason to do something like this. If this is my misunderstanding then I apologize and Good Luck...kylomas Forum Rules Procedure for posting code "I like pigs. Dogs look up to us. Cats look down on us. Pigs treat us as equals." - Sir Winston Churchill Link to comment Share on other sites More sharing options...
VixinG Posted July 16, 2012 Author Share Posted July 16, 2012 VixinG,I understand your desire to learn and appreciate that English is not your native language so your "WHY" expanation may be losing somehting in translation. However, your "WHAT" is very specific and I cannot think of a non-malicious reason to do something like this.If this is my misunderstanding then I apologize and Good Luck...kylomasThanks for reply. I can see I won't get any help here about that, so I will just leave it and start doing something other [indent=3][/indent] Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now