Intercepting and modifying packets on the fly

**sak3r** · 03-27-2009, 05:58 PM

Hi, I'm not sure if this kind of question goes against rules (I have no ill intentions but still) so if it is my apologies and you can delete it =)

So I've been looking for a way to do this for a while, and haven't figured out the best approach yet.

I want to view packets sent from a device and modify them before they're sent.

For example instead of cheating in a psp game to get an highscore, I want to intercept that score and modify it when it's sent to the rank tables, or to map the commands an online iPhone game uses when talking to the server and change some stuff around.

What's the best way to do this? I've bridged a wi-fi connection from my iPhone to my laptop with my laptop to my router via ethernet and used ethereal (wireshark) to view the conversation, then made a filter in ettercap to modify stuff.

But to use ettercap I had to attack my own iPhone from the router to the laptop, and I feel this is an awkward way to do it.

Is there something that would show me each packet before it's sent and allow me to edit it?

Tips?

**Barry** · 03-27-2009, 06:17 PM

Originally Posted by sak3r

Hi, I'm not sure if this kind of question goes against rules (I have no ill intentions but still) so if it is my apologies and you can delete it =)

So I've been looking for a way to do this for a while, and haven't figured out the best approach yet.

I want to view packets sent from a device and modify them before they're sent.

For example instead of cheating in a psp game to get an highscore, I want to intercept that score and modify it when it's sent to the rank tables, or to map the commands an online iPhone game uses when talking to the server and change some stuff around.

What's the best way to do this? I've bridged a wi-fi connection from my iPhone to my laptop with my laptop to my router via ethernet and used ethereal (wireshark) to view the conversation, then made a filter in ettercap to modify stuff.

But to use ettercap I had to attack my own iPhone from the router to the laptop, and I feel this is an awkward way to do it.

Is there something that would show me each packet before it's sent and allow me to edit it?

Tips?

Google "upsidedownternet". Should point you in the right direction.

**opreat0r** · 03-28-2009, 01:57 AM

http://forums.remote-exploit.org/showthread.php?p=94904

**imported_blackfoot** · 03-28-2009, 06:20 PM

You will need to create a tunnel and pipe your packets through the tunnel.

You are presumably working with a program which automates the production o packets. You will need to pipe these into buffer and analyse them one-by-one.

This is known as level 2 crafting.

It is not trivial.

You might gain experience by looking at proving your concept with scapy. This is a useful library to begin and will help you understand the procedure. You should then proceed to write a program in 'C'. Such a move will be necessary to modify packets in real-time as packet production will be rapid. Python will be too slow.

You mention iPod. This suggests that you wish to consider wireless packet headers. That is additional fun! Certainly enjoyable and rewarding but experience and additional knowledge is required. I suggest you write a library of functions both cases.

**sak3r** · 03-28-2009, 06:50 PM

yes it's an interesting project, and I'll probably end up doing that,,

BackTrack Linux - Penetration Testing Distribution

Thread: Intercepting and modifying packets on the fly

Thread Tools

Search Thread

Display

Intercepting and modifying packets on the fly

tunnel

Posting Permissions