This is a mirror of official site: http://jasper-net.blogspot.com/

URL Sniffer Based on NetFilter SDK

| Wednesday, April 21, 2010
Hi,

Just moved here, from Codeproject my article, How to use NetFilter SDK to develop an URL Sniffer. I'm not the author of this SDK but I founded it quite Professional and Flexible, so I wanted to share some explaination and piece of code here.


In this little article we are going to discuss one of various potential usages of {NetFilter SDK} that is a powerul framework for transparent filtering of Data Packets Exchanged, on Windows. By using NetFilter we are able to develop Basic Firewalls, Network Monitors and all possible applications that has something to do with Data Packet Management.

In our application we will use an higher abstraction level of raw data packet filtering, called Protocol Filtering. NetFilter is capable of advanced packet parsing, so we can work directly with protocols like HTTP, SMTP, POP3, SSL.

In our application we will filter all outgoing HTTP Request and dump the URL.

Using the code

Before starting to code the Url Sniffer we have to understand the architecture of NetFilter SDK. We have essentially two components, one at Kernel Mode (the filter driver) and a correspondant User Mode Interface, given by a DLL.

Filtering functionality is basically accomplished by netfilter2.sys a Transparent Filter Driver, that hooks at NDIS Level and allows transparent operations, this means that we will not have any conflict with products like AntiVirus or Firewalls.


Read more: Evilcodecave

Posted via email from jasper22's posterous

0 comments: