[Winpcap-users] Socksification

Guy Harris guy at alum.mit.edu
Tue Sep 25 21:35:22 GMT 2007

On Sep 25, 2007, at 1:13 AM, Tim Haughton wrote:

> I’m looking to write a socksifier for Windows and was looking at  
> WinPCap as a potential avenue. I want to be able to launch  
> applications and automagically route their traffic through a SOCKS  
> proxy, along the lines of FreeCap on Windows, or tsocks/torify on  
> *nix.
> Is it possible to do this with WinPCap?

Not in any way I know of.

tsocks works by "shared library interception", which means that it  
doesn't do anything to the network stack - it just causes calls by an  
application or library to low-level socket routines such as socket(),  
connect(), etc. to operate through a SOCKS proxy.

If there's a way to do that with Windows DLLs, that might be the  
easiest way to do it.

If your intent is to capture low-level TCP or UDP traffic being sent  
from the machine before it leaves the machine, and *prevent* it from  
leaving the machine and instead doing SOCKS proxying, and to inject  
into the networking stack as low-level TCP or UDP traffic coming into  
the machine faked packets from the SOCKS server, WinPcap cannot do  
that.  It's designed to allow passive traffic capture *without*  
disrupting traffic, so it can't do that sort of "filtering".

A driver and library to do that sort of filtering would be useful, for  
writing applications of that sort (firewalls, transparent proxies,  
etc.), and if a version could be made that supports Windows and  
various UN*X mechanisms, to allow them to be written portably, that  
would be even more useful.  That library wouldn't be libpcap/WinPcap,  
however; it'd be a different library.

More information about the Winpcap-users mailing list