Home › Forums › Discussions › Support › I have some question about web redirection.
- This topic has 6 replies, 4 voices, and was last updated 18 years, 8 months ago by Vadim Smirnov.
-
AuthorPosts
-
April 25, 2006 at 10:22 am #5017
Hello.
i have some question.
i want to make block harmful site.
if we detect some harmful site(http packet) in winpkfilter we redirect alert site.
i know about some information.
but i can’t make this with winpkfilter.
anyone have some idea or source code ?
April 25, 2006 at 12:22 pm #6035Hi. It is impossible to do or very hard to do to redirect to alert site.
The problem is that when you detect that site is harmful connection is being established between client and harmful site. Bat where is no connection between client and aler site. If you redirect such packet to alert site it simply drop it.
The one easy way to do it is to answer on GET query packet by yourself. Just create packet with answer as any site do.
But it needs some some special knowledges about tcp and http.
Regards,
AndrewApril 25, 2006 at 12:52 pm #6036if we detect some harmful site(http packet) in winpkfilter we redirect alert site.
Since connection to the harmful site already established it can’t be easily redirected (normally redirection should occure during connection establishment). However, you can terminate connection to the harmful site and drop all packet to/from it, alert user about harmful site, redirect all newly established HTTP user sessions from the registered harmful site to the alert site and etc…
April 28, 2006 at 9:25 am #6037Hi
is it possible to redirect all http packets to a diffrent host ? if yes, canyou give some delphi code for this ? (i’ve tried to change destination ip of ipheader, then recalculate checksum but it didn’t work)April 28, 2006 at 9:52 am #6038i’ve tried to change destination ip of ipheader, then recalculate checksum but it didn’t work
You should modify destination IP address in the potgoing packet to redirect address and recalculate packet checksums (both IP and TCP). You should do the reverse operation in the incoming packet associated with the connection you modify.
April 28, 2006 at 7:49 pm #6039I’ve recalculated the Ip checksum.
I’ve tried all the ways told in the forum but I can’t recalculate tcp checksum in delphi. Please help me about this.April 29, 2006 at 8:45 am #6040This is TCP checksum in C, I suppose you should be able to translate to Delphi
//
// Function recalculates TCP checksum
//
VOID
RecalculateTCPChecksum (
PINTERMEDIATE_BUFFER pPacket
)
{
tcphdr_ptr pTcpHeader = NULL;
unsigned short word16, padd = 0;
unsigned int i, sum = 0;
PUCHAR buff;
DWORD dwTcpLen;
iphdr_ptr pIpHeader = (iphdr_ptr)&pPacket->m_IBuffer[sizeof(ether_header)];
// Sanity check
if (pIpHeader->ip_p == IPPROTO_TCP)
{
pTcpHeader = (tcphdr_ptr)(((PUCHAR)pIpHeader) + sizeof(DWORD)*pIpHeader->ip_hl);
}
else
return;
dwTcpLen = ntohs(pIpHeader->ip_len) - pIpHeader->ip_hl*4;//pPacket->m_Length - ((PUCHAR)(pTcpHeader) - pPacket->m_IBuffer);
if ( (dwTcpLen/2)*2 != dwTcpLen )
{
padd=1;
pPacket->m_IBuffer[dwTcpLen + pIpHeader->ip_hl*4 + sizeof(ether_header)] = 0;
}
buff = (PUCHAR)pTcpHeader;
pTcpHeader->th_sum = 0;
// make 16 bit words out of every two adjacent 8 bit words and
// calculate the sum of all 16 vit words
for (i=0; i< dwTcpLen+padd; i=i+2){
word16 =((buff<<8)&0xFF00)+(buff[i+1]&0xFF);
sum = sum + (unsigned long)word16;
}
// add the TCP pseudo header which contains:
// the IP source and destination addresses,
sum = sum + ntohs(pIpHeader->ip_src.S_un.S_un_w.s_w1) + ntohs(pIpHeader->ip_src.S_un.S_un_w.s_w2);
sum = sum + ntohs(pIpHeader->ip_dst.S_un.S_un_w.s_w1) + ntohs(pIpHeader->ip_dst.S_un.S_un_w.s_w2);
// the protocol number and the length of the TCP packet
sum = sum + IPPROTO_TCP + (unsigned short)dwTcpLen;
// keep only the last 16 bits of the 32 bit calculated sum and add the carries
while (sum>>16)
sum = (sum & 0xFFFF)+(sum >> 16);
// Take the one's complement of sum
sum = ~sum;
pTcpHeader->th_sum = htons((unsigned short)sum);
} -
AuthorPosts
- You must be logged in to reply to this topic.