[Winpcap-users] Socksification
Guy Harris
guy at alum.mit.edu
Tue Sep 25 21:35:22 GMT 2007
On Sep 25, 2007, at 1:13 AM, Tim Haughton wrote:
> I’m looking to write a socksifier for Windows and was looking at
> WinPCap as a potential avenue. I want to be able to launch
> applications and automagically route their traffic through a SOCKS
> proxy, along the lines of FreeCap on Windows, or tsocks/torify on
> *nix.
>
> Is it possible to do this with WinPCap?
Not in any way I know of.
tsocks works by "shared library interception", which means that it
doesn't do anything to the network stack - it just causes calls by an
application or library to low-level socket routines such as socket(),
connect(), etc. to operate through a SOCKS proxy.
If there's a way to do that with Windows DLLs, that might be the
easiest way to do it.
If your intent is to capture low-level TCP or UDP traffic being sent
from the machine before it leaves the machine, and *prevent* it from
leaving the machine and instead doing SOCKS proxying, and to inject
into the networking stack as low-level TCP or UDP traffic coming into
the machine faked packets from the SOCKS server, WinPcap cannot do
that. It's designed to allow passive traffic capture *without*
disrupting traffic, so it can't do that sort of "filtering".
A driver and library to do that sort of filtering would be useful, for
writing applications of that sort (firewalls, transparent proxies,
etc.), and if a version could be made that supports Windows and
various UN*X mechanisms, to allow them to be written portably, that
would be even more useful. That library wouldn't be libpcap/WinPcap,
however; it'd be a different library.
More information about the Winpcap-users
mailing list