Hello community,
I'm trying to intercept an IP packet with libnetfilter_queue and change the payload (append additional data or delete some data) of the packet.
For example, if the payload length is 2 bytes, I only can change the two bytes, not append any additional data.
I tried it with netcat.
When I send an "a" from the client to the server , on the server side "12" appears,
Wehn I send "ab", on the other side "123" appears.
How I can add additional data to the payload or delete some data ?
Can anybody help me please.
here my code:
I'm trying to intercept an IP packet with libnetfilter_queue and change the payload (append additional data or delete some data) of the packet.
For example, if the payload length is 2 bytes, I only can change the two bytes, not append any additional data.
I tried it with netcat.
When I send an "a" from the client to the server , on the server side "12" appears,
Wehn I send "ab", on the other side "123" appears.
How I can add additional data to the payload or delete some data ?
Can anybody help me please.
here my code:
C++:
//#######################################################################
#include <dirent.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <stdio.h>
#include <string>
#include <algorithm>
#include <iomanip>
#include <iostream>
#include <cstdlib>
#include <net/if.h>
#include <libnfnetlink/libnfnetlink.h>
#include <libmnl/libmnl.h>
extern "C"
{
#include <libnetfilter_queue/libnetfilter_queue.h>
#include <libnetfilter_queue/libnetfilter_queue_ipv4.h>
#include <libnetfilter_queue/libnetfilter_queue_tcp.h>
#include <libnetfilter_queue/libnetfilter_queue_udp.h>
#include <libnetfilter_queue/pktbuff.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
}
using namespace std;
int call_back(struct nfq_q_handle *queue_handle, struct nfgenmsg *nfmsg, struct nfq_data *paket_daten, void *data)
{
int rc = -1;
u_int32_t id = -1;
struct nfqnl_msg_packet_hdr *paket_header;
paket_header = nfq_get_msg_packet_hdr(paket_daten);
id = ntohl(paket_header->packet_id);
char *paket_inhalt;
int paket_laenge_2 = nfq_get_payload(paket_daten, &paket_inhalt);
struct pkt_buff * pkBuff = pktb_alloc(AF_INET, paket_inhalt, paket_laenge_2, 8192);
struct iphdr *ip = nfq_ip_get_hdr(pkBuff);
nfq_ip_set_transport_header(pkBuff, ip);
struct tcphdr *tcp = nfq_tcp_get_hdr(pkBuff);
char *payload = nfq_tcp_get_payload(tcp, pkBuff);
unsigned int payloadLen = nfq_tcp_get_payload_len(tcp, pkBuff);
int payloadLen_alt = payloadLen;
unsigned short tcphdrlen = tcp->doff * 4;
if (payloadLen > 0)
{
char dest[4096];
strcpy(new_payload,"1234567890");
memcpy(payload, new_payload, strlen(new_payload) + 1);
int payload_len_neu = - 1;
payload_len_neu = strlen(payload);
rc = pktb_mangle(pkBuff, tcphdrlen + iphl_bytes , 0, payloadLen_alt, payload, payload_len_neu);
nfq_tcp_compute_checksum_ipv4(tcp, ip);
}
return nfq_set_verdict(queue_handle, ntohl(paket_header->packet_id), NF_ACCEPT, pktb_len(pkBuff), pktb_data(pkBuff));
pktb_free(pkBuff);
}
int main (void)
{
struct nfq_handle *nfq_lib_handle;
nfq_lib_handle = nfq_open();
int rc = -1;
rc = -1;
rc = nfq_unbind_pf(nfq_lib_handle, AF_INET);
rc = -1;
rc = nfq_bind_pf(nfq_lib_handle, AF_INET);
struct nfq_q_handle *queue_handle;
queue_handle = nfq_create_queue(nfq_lib_handle, 0, &call_back, NULL);
rc = -1;
rc = nfq_set_mode(queue_handle, NFQNL_COPY_PACKET, 0xffff);
int file_descriptor_nfq = -1;
file_descriptor_nfq = nfq_fd(nfq_lib_handle);
int paket_laenge = -1;
char paket_puffer[8192];
while (( paket_laenge = recv(file_descriptor_nfq, paket_puffer, sizeof(paket_puffer), 0)) >= 0)
{
nfq_handle_packet(nfq_lib_handle, paket_puffer, paket_laenge);
}
nfq_destroy_queue(queue_handle);
nfq_close(nfq_lib_handle);
return 0;
}
//#######################################################################
Last edited by a moderator: