I'm trying to create a tool, which would append/edit something inside specific packets, before they get sent to the specific website.
For now I was using Wpe Pro to apply this filter.
Is there something similar in C# to create this tool?
There is not really a general way to do this. There are multiple possibilities you have to consider and see if they fit your situation. For example you can edit a packet that is send using HTTP by using Pcap.NET (as said in the comments) easily. There are dozens of examples out there on the web that will guide you in modifying packets using Pcap, for example this discussion on the official Pcap.NET forums.
However, if the packet is using HTTPS (SSL/TLS) then the payload, which is the actual data being send, will be encrypted and this could be bypassed; if one/multiple precondition(s) of SSL are broken or by using a tool like sslstrip (python). Note that sslstrip will try to force the socket to be send through HTTP even if HTTPS is requested and this is not guaranteed to work.
Personally I will always try to avoid touching the sockets even anything network related. Especially when it involves HTTPS, because as you probably understand by now, this is pretty hard to bypass. I have no idea what program you are attempting to break, but I felt like it would benefit to this answer.
For HTTP, one could easily create a simple program that hooks the Windows Socket API. You should be looking into the send function and possibly even the recv (receive) function. You can modify the payload as you wish or even replace it with another payload, if desired.
Note that data that is send through the winsock.send function is already encrypted (if SSL/TLS is being used) as the application will handle layers 7 (application layer), 6 (presentation layer) and 5 (session layer, this is where SSL gets applied) of the OSI model. Winsock is a bridge between layer 5 and 4.
For HTTPS you can still use hooking, but you must hook the part of the application where it handles the connections and make sure you apply your (modified) payload before it initializes the connection / sets the payload. This may sound hard to do, put it is actually pretty easy to do, if you are willing to learn and have some time.
Related
I am pretty new to Socket programming and one of the first things I started making is a simple Terminal Chat between Server and Client. I was wondering about how you send your whole message data( Username, Time, message etc. ) via TCP connection in one go.
My first attempt was to split the Data with a :, then display the chunks as I want ti but I realised that it prevents the user from using colons.
Second guess was serialisation... Still not sure what's the best solution to send multiple strings in a stream.
Thanks in Advance
I agree with TheGeneral that you probably don't want to use plain sockets for most applications; however, if you are just making the chat program to learn sockets, I suggest that you serialize the data (for example using JSON). Using Newtonsoft.json nuget package, you can just convert your struct or object with whatever data into a JSON and deserialize it on the other end. There are many examples on how to do it with just a few lines of code. Coming up with your own protocol is usually a very bad idea. I know from experience.
For passwords, it depends on how much security you want. Since this is just to learn socket programming and not for production, I suggest you just use a hash to send the password as plain text. MD5 is the easiest but it is no longer secure. SHA-256 is still considered secure.
If you want better security, look into using Secure Remote Password protocol (SRP) or Kerberos protocols.
Once you learn sockets, you can try using a library like SignalR that natively supports authentication headers.
yes,there is so many sample for a tcp server,but I can't find one use scala future or c#/f# async/awite
Is future/async suitable for writing a simple tcp server,like echo server?
or if there is a server/client modle like smtp,the server and client will talk many times in a session(helo/ok from/ok rcpt/ok data/ok quit/ok),is future or async suitable for this modle?is there some possible that the serve A first get HELO from client A but then talk to client B with other smtp command like "mail from"?
where to find the sample code that a echo server use Future or async/awit/Task?
Thanks!
TCP servers are pretty complex beasts, and since the data is a stream (not a series of bounded packets), it isn't usually directly amenable to just an "await some data" API. The raw sockets API has an async component, but it isn't the shape you would normally expect.
Kestrel can be used to construct an async TCP server using the "pipelines" API, which deals with all the things like back-buffer management (for when you can't yet consume an incomplete frame) - I have a blog series here on that, however: no official client-side API exists (yet) for "pipelines"; again, the same blog series discusses how you can use Pipelines.Sockets.Unofficial to bridge that gap.
However! I wonder if what you really want here is a message passing library that sits on top of the TCP layer, so you can just say "send a message" and "await a reply message". Many such libraries exist, but they invariably change the shape of the underlying data protocol, as they will be introducing "framing" etc. This means that they may not be suitable choices if you intend to implement a pre-existing protocol (as the choices won't align).
Ok im pretty new in this networking stuff in .net especially in sockets.
I've already "made" a proxy application and tried using it with my own local website (using wampserver) i selected few pictures that are around 60~k bytes of size yet i receive in my proxy counter around 15k "bytes", I have the feeling this is the packets cause i'm using
Socket.Send & Socket.Receive. Any help would do :)
Your problem is one of message framing. The Available property only reports the bytes that have arrived so far - not the complete HTTP request or response.
If this is just a learning exercise, then I recommend using another protocol. HTTP has one of the most complex message framing systems of any protocol.
If this is intended for production, then you'll have to implement (at least partial) HTTP parsing to handle the message framing, and I also recommend a change to asynchronous socket methods rather than synchronous. A better solution is to just implement a web application that uses WebRequest to handle client requests.
So I'm working on a project for my internship and have hit a bit of a brick wall. Unfortunately, the only people I know who are qualified to help me at the office are on vacation at the moment, and Google has been unfortunately unhelpful (or my search skills inadequate), so I thought I'd ask here.
The project is basically to make a server to mimic one that the company (which makes phone apps) already has. What I need to do is have one of their apps send a request to my server (I will have to modify the app to do this, but don't know how), and have my server reply with an XML response that the app already knows how to process. (The main purpose is so that we can see how the app responds when the real server sends it an error by simulating it on my server.)
Now, I already have a few sample HTTP requests and their associated XML responses handy, taken from simulations with the app and the real server. The app is written in C#, and currently sends HTTP web requests to the real server's online location, which responds to these HTTP web requests with XML. My server, however, will not have an online location, so the app will have to be modified to work with sockets on a local host.
My questions:
1) My boss said to create an XML file to associate certain requests with certain XML responses, but I have no idea what he means or how to do this. (He said it could also be done with a .ini file.) Does anyone know?
2) Once I have this XML file that can make these associations, how can I incorporate it into my server so that my server can check the request it received against its table of valid requests and figure out which response to send back?
3) How can one modify the app from using HTTP web requests and responses to using sockets?
If you have any questions/clarifications that you need in order to better answer this, please don't hesitate to ask me.
Thanks!
What you're describing is a web service. Unfortunately, his advice to change a setting in an .ini file make it sound like they have a proprietary system for doing this, rather than using a standard ASMX (which requires IIS) or WCF (which can either run in IIS or as a standalone service, which it sounds like is what you'd want) service.
Without more information about what they're using, I don't know that you'll be able to get much help here.
In response to question #3:
HTTP is a protocol that already runs on a specific socket (normally using port 80).
An internet socket is an endpoint that is used to transport data between processes. If you want to run your own protocol, you will need to create a new socket (with TCP or UDP) on a specific port.
This will however require you to create your own client and server in order to exchange data between them.
To get started, here is a very simple client-server example in C# using a custom socket.
Good luck!
Ask your boss if this client communicates with soap, if so then just go to MSDN and find tutorials on implementing an ASMX webservice, follow the tutorial through and you'll have a shell to start with.
First I'd like to say that it sounds like you have some unclear requirements that you should probably clarify with your boss. If you're not exactly sure what he means you should find out because nothing sucks more than having to support someone's creative interpretation of requirements.
1) It sounds like your boss just wants a way to easily change associations for testing without having to rebuild the app so he's asking you to store those associations in an xml/ini file that can easily be modified. In c# you can easily go between XML and DataSet objects so this should be trivial. I would create the data structure in a DataSet first and then use the GetXml method of the DataSet to output the xml format.
2) In .NET you can store objects in Cache and create a Cache Dependency that is a file association. Thus whenever the file is modified the Cache is purged. Whenever your program handles a request it pulls the object from Cache, if the object isn't in Cache then you have a condition block rebuild it from the xml/ini file on disk. I would have that condition block call out to a function that then loads the above mentioned xml format into a dataset that is then stored in the Cache with a Cache Dependency.
3) If you are trying to test an applications i/o, modifying it to use a different transport layer sounds like a bad idea. If the app currently works over HTTP to send requests then just route the HTTP request. I would suspect that the app probably has a configuration somewhere defining the path of the webservice it currently calls out to, once you know what that path is you can either change it, or if that's not possible setup a DNS rule on the server running the app to route it to the location of your application. On windows this is as simple as adding a line to the hosts file.
I'm using c# to design a client-server application. I'm still a beginner, and am learning the ropes of c# and OO. Right now, I wrote on a piece of paper a few ideas. Essentially, I would create a class "client", which contains all the details (sockets, etc). The client class would be created and stored in an array which would be used by the server in a loop. If 100 clients are connected, would the memory used be significant?
I guess the server would loop through every client in the array checking for a "dataSend" flag that would then flag the server to create a NetworkStream object to the client.
Should I create a networkstream object upon connection of the client and close on connection?
If anyone could point me in the direction of writing my own client-server software, it would be appreciated.
Cam, what you've described isn't quite real client/server design, as the two sides are tightly coupled in your scenario, sharing an array of objects. Think about it instead in terms of requests and responses. The client makes a request to the server over the network, and the server returns a response over the network to the client. They share two things: a common network connection and knowledge of the interface that the server exposes.
The Web is a great, familiar instance of this pattern. The client, your browser, composes an HTTP Request and sends it over a network connection to the server. The server interprets the request and sends an HTTP response back to client. Each knows how to interpret the HTTP standard. That is the link between them, nothing else.
I'd suggest starting out with implementing a very simple request/response. For instance, the client sends a request of 'TIME' and the server responds back with the current time, and the request 'DATE' responds back with the current date. By having a simple protocol to implement, you can concentrate on learning the mechanics of .NET's networking classes.
An array of client classes representing each client connected to the server is a good way to handle this. You might also want to have a member class representing the actual socket and network code, its keeps it cleaner.
Pro tip: Check out the source code to some MUDs.
Cam, we need a bit more detail about what you are trying to achieve to give you a really good answer. Generally, I'd suggest you make use of WCF. You simply need to create a service, define an interface for your operations, and then as many clients can consume that interface as you wish. It's pretty easy in practice.
Something like this would be appropriate:
Like you said, a class Named client to hold client socket.
Maintain a table on server with client's ip:port as key, and client object as value. This will help you keep track of connected clients.
Use asynchronous send and receive for clients. So rather then you iterating through clients, every client will receive data, do the job and respond back to the connected client.