Intercepting / Redirecting outgoing http connections on windows

StackOverflow https://stackoverflow.com/questions/16899069

Question

i am looking to redirect outgoing http connections (which do not use the system proxy) on a windows machine.

Background:

I have some legacy software that interacts with a now defunct web service. I have emulated that service in a simple desktop application, and would like to reroute the outgoing http requests to this app.

Experimentally i have used the windows hosts file to redirect to localhost successfully, but this is impractical as i have other services that need to listen on default http port 80, and i do not want to setup another physical server just for this

The legacy software does not use the system proxy, so solutions like FiddlerCore wont work (unfortunately, because this is awesome!)

I have noticed EasyHook mentioned in similar questions, in conjunction with winsock, but my experiance of lower level programming is extremely limited, and before i embark on a long and confusing journey, i would like to check i am on the correct path!

So, is it theoretically possible to intercept and redirect outgoing http traffic that does not use the system proxy by hooking winsock (preferably with easyHook in c#)?

A simple yes / no answer will be fine, some reasoning, or even better documentation would be fantastic

Was it helpful?

Solution

I've done it many times so it is absolutely possible. Use the following steps to get started.

  1. Have your program launch the target application with CreateProcess and pass CREATE_SUSPENDED to the dwCreationFlags argument. This will start the target application but won't start execution.
  2. Inject the DLL that contains your "trampoline" functions.
  3. Hook the Winsock function gethostbyname.
  4. Call ResumeThread on the target processes main thread to start execution.
  5. In your hook function call the real gethostbyname Winsock function when it returns a valid pointer to a hostent structure change the address data to make it point to your loopback device (localhost).

Depending on how the target application works you may need to hook additional Winsock functions but hooking gethostbyname is usually sufficient for this scenario.

You will want to write the hook functions that are in your DLL in C++ or C. Using C# is probably not an option here plus it will pull in a lot of dependencies that may cause conflicts with the target application.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top