PureBasic Interface to WinDivert
Re: PureBasic Interface to WinDivert
Updated:
- updated folder: services
-- WindowsServices.pbi
-- BlockService_x86.pb
-- RedirectService_x86.pb
- added folder: services/executables
-- WinDivertService_EXE.pb
-- WinDivertBlock_EXE.pb
-- WinDivertRedirect_EXE.pb
I've extended the service improvements made in the post Services, Stuff, and Shellhook to the service examples in this post.
Added an additional service example.
- RedirectService_x86.pb: redirects all http traffic to: http://duckduckgo.com (https traffic not affected)
- run the file a second time to delete the service
NB*: If the URL being redirected includes a sub-domain, a byproduct of redirecting to a search page is that the sub-domain may become the search parameter.
------------------------------------------------------------------------------
The following only applies to the previous update:
Fixed a path issue in the file WinDivertRedirect_EXE.pb : WinDivertRedirect.exe.
- may need to reboot your system to delete the incorrect WinDivert service (file not found message)
- updated folder: services
-- WindowsServices.pbi
-- BlockService_x86.pb
-- RedirectService_x86.pb
- added folder: services/executables
-- WinDivertService_EXE.pb
-- WinDivertBlock_EXE.pb
-- WinDivertRedirect_EXE.pb
I've extended the service improvements made in the post Services, Stuff, and Shellhook to the service examples in this post.
Added an additional service example.
- RedirectService_x86.pb: redirects all http traffic to: http://duckduckgo.com (https traffic not affected)
- run the file a second time to delete the service
NB*: If the URL being redirected includes a sub-domain, a byproduct of redirecting to a search page is that the sub-domain may become the search parameter.
------------------------------------------------------------------------------
The following only applies to the previous update:
Fixed a path issue in the file WinDivertRedirect_EXE.pb : WinDivertRedirect.exe.
- may need to reboot your system to delete the incorrect WinDivert service (file not found message)
Last edited by JHPJHP on Sat Dec 20, 2014 6:36 pm, edited 1 time in total.
Re: PureBasic Interface to WinDivert
I've optimized the scripts with an improvement pointed out by Thunder93.
- I was allocating / freeing memory within a Repeat / Loop, but it wasn't necessary because the Function: WinDivertRecv handled the memory once it was allocated
Thank you Thunder93.
-------------------------------------------
Updated:
- updated the WinDivert binaries
-- from v1.1.6 to v1.1.7
- I was allocating / freeing memory within a Repeat / Loop, but it wasn't necessary because the Function: WinDivertRecv handled the memory once it was allocated
Thank you Thunder93.
-------------------------------------------
Updated:
- updated the WinDivert binaries
-- from v1.1.6 to v1.1.7
Last edited by JHPJHP on Sat Dec 13, 2014 10:32 pm, edited 1 time in total.
Re: PureBasic Interface to WinDivert
Updates ... music to my ears!
You certainly welcome. You doing great interesting work!
You certainly welcome. You doing great interesting work!
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley
Re: PureBasic Interface to WinDivert
The 3 "replace" examples have been rewritten to improve stability and packet integrity.
There are still a couple issues that need to be addressed:
- combining multiple packets to form a webpage; there's a gap of 1460 spaces
-- HTML for the most part handles this visually
- at times packet corruption occurs and the page is in a perpetual state of loading
-- close the page and re-run the example
NB*: All other examples / services have been updated with minor improvements.
--------------------------------------------------
Updated:
- added: Constants
- added Procedure: UnsignedLong
- I'll update the 3 "replace" examples in the next few days
- still need to figure out the gap of 1460 spaces
--------------------------------------------------
Some minor changes have been made to the examples, most notably extending the timeout parameter.
There are still a couple issues that need to be addressed:
- combining multiple packets to form a webpage; there's a gap of 1460 spaces
-- HTML for the most part handles this visually
- at times packet corruption occurs and the page is in a perpetual state of loading
-- close the page and re-run the example
NB*: All other examples / services have been updated with minor improvements.
--------------------------------------------------
Updated:
- added: Constants
- added Procedure: UnsignedLong
Packets needs to be sorted before assembling them.- at times packet corruption occurs and the page is in a perpetual state of loading
-- close the page and re-run the example
- I'll update the 3 "replace" examples in the next few days
- still need to figure out the gap of 1460 spaces
--------------------------------------------------
Some minor changes have been made to the examples, most notably extending the timeout parameter.
Last edited by JHPJHP on Sat Dec 06, 2014 3:48 pm, edited 2 times in total.
Re: PureBasic Interface to WinDivert
Updated
- deleted: wd_replace3.pb
-- example was referencing: http://reqrypt.org/windivert.html, but the site is now using CloudFlare and the current method won't work
---------------------------------------------------------
Updated the 2 "replace" examples to sort the packets first.
- includes numerous changes to the other examples, but nothing worth documenting
NB*: Still need to figure out the gap of 1460 spaces where packets are merged.
---------------------------------------------------------
Updated the 2 "replace" examples.
- fixed the issue of 1460 spaces where packets are merged
Thanks to a suggestion by Thunder93 I was pointed in a direction that led to the solution.
- deleted: wd_replace3.pb
-- example was referencing: http://reqrypt.org/windivert.html, but the site is now using CloudFlare and the current method won't work
---------------------------------------------------------
Updated the 2 "replace" examples to sort the packets first.
- includes numerous changes to the other examples, but nothing worth documenting
NB*: Still need to figure out the gap of 1460 spaces where packets are merged.
---------------------------------------------------------
Updated the 2 "replace" examples.
- fixed the issue of 1460 spaces where packets are merged
Thanks to a suggestion by Thunder93 I was pointed in a direction that led to the solution.
Last edited by JHPJHP on Tue Dec 02, 2014 10:09 pm, edited 1 time in total.
Re: PureBasic Interface to WinDivert
Good stuff JHPJHP! Keep it coming!
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley
Re: PureBasic Interface to WinDivert
Updated:
- Address-Direction, Control-Bits
- BuildPayload Procedure
I'm in the process of figuring out when the last fragmented packet was sent without having to reassemble first. This should speed up the injection process by removing the need for the current timeout method, which will remain as a fail-safe.
NB*: Waiting for packets with the "Fin" bit set is not feasible for injection.
-----------------------------------------------------------------------
Solved (last fragmented packet):
- wd_inflate.pb
- wd_replace1.pb
- wd_replace2.pb
Requirements:
- webpage was compressed using gzip
- the header packet includes "Content-Length"
-- transfer encoding is not Chunked
- Address-Direction, Control-Bits
- BuildPayload Procedure
I'm in the process of figuring out when the last fragmented packet was sent without having to reassemble first. This should speed up the injection process by removing the need for the current timeout method, which will remain as a fail-safe.
NB*: Waiting for packets with the "Fin" bit set is not feasible for injection.
-----------------------------------------------------------------------
Solved (last fragmented packet):
- wd_inflate.pb
- wd_replace1.pb
- wd_replace2.pb
Requirements:
- webpage was compressed using gzip
- the header packet includes "Content-Length"
-- transfer encoding is not Chunked
Last edited by JHPJHP on Thu Dec 04, 2014 11:47 am, edited 3 times in total.
Re: PureBasic Interface to WinDivert
Updated:
- added 2 examples
-- wd_htmfile1.pb
-- wd_htmfile2.pb
- added folder: htmfiles
-- iTunes.htm
-- PureBasic.htm
To create additional *.htm files: Load the desired site to your browser (Internet Explorer), from the Page menu-option choose Save as... Webpage, HTML only.
The following restrictions may apply:
- packet size (use additional injections)
- https not supported (possible work around)
NB*: Update also includes numerous improvements to various examples.
- added 2 examples
-- wd_htmfile1.pb
-- wd_htmfile2.pb
- added folder: htmfiles
-- iTunes.htm
-- PureBasic.htm
To create additional *.htm files: Load the desired site to your browser (Internet Explorer), from the Page menu-option choose Save as... Webpage, HTML only.
The following restrictions may apply:
- packet size (use additional injections)
- https not supported (possible work around)
NB*: Update also includes numerous improvements to various examples.
Re: PureBasic Interface to WinDivert
Updated:
- moved Procedure: EndPacketLoop (from examples)
- added Structure: BROWSER_INFO
- added Procedure: LoadBrowser
- added 6 examples
-- wd_htmdata1.pb
-- wd_htmdata2.pb
-- wd_htmfile3.pb
-- wd_htmfile4.pb
-- wd_replace3.pb
-- wd_replace4.pb
All examples have been updated improving stability and functionality.
I've tested and applied 3 separate methods for loading a webpage to memory:
- DataSection (embedded): Used PureDataConverter by Thomas Schulz (ts-soft)
-- wd_htmdata1.pb, wd_htmdata2.pb
- DataSection (include): HTML file will be auto-created if missing
-- wd_htmfile1.pb, wd_htmfile2.pb
- ReadFile: HTML file will be auto-created if missing
-- wd_htmfile3.pb, wd_htmfile4.pb
The new examples demonstrate a better understanding of how to use WinDivert to handle packet-injection, as well as proof-of-concepts to vulnerabilities in "Browser Security". The examples take into consideration the relatively new HSTS protocol used by some browsers to enhance security.
- HSTS isn't currently supported by Internet Explorer, but is scheduled to be included in its next release
HTTP Strict Transport Security
- answer to SSLStrip (Moxie Marlinspike), and MITM attacks
Additional Documentation:
- https://www.chromium.org/hsts
- https://tools.ietf.org/pdf/rfc6797
- https://hstspreload.appspot.com/
See HSTS in action by running one of the following new examples:
- wd_htmdata1.pb, wd_htmdata2.pb, wd_htmfile3.pb, wd_htmfile4.pb
Run the example a second time, first changing the following parameter from "iexplore" to "chrome":
- Google Chrome must be installed (includes the HSTS protocol)
You should have noticed on the first run using the parameter "iexplore", a fake webpage was injected in place of the real page. But on the second run using the parameter "chrome", the real webpage was loaded and the injection denied; HSTS forcing HTTPS using the Browsers built-in predefined list.
With the advent of HTTPS and now HSTS the user is conditioned to trust secured (HTTPS) webpages as legitimate. Run the example: wd_htmdata1.pb changing the following 2 parameters:
- did you notice the spelling of "Twitter" in the URL, neither would've the average user
Here the intended address was redirected to a URL that closely matched the original, but because the site was HTTP and not HTTPS the injection was successful.
NB*: For educational purposes only, please use responsibility.
- moved Procedure: EndPacketLoop (from examples)
- added Structure: BROWSER_INFO
- added Procedure: LoadBrowser
- added 6 examples
-- wd_htmdata1.pb
-- wd_htmdata2.pb
-- wd_htmfile3.pb
-- wd_htmfile4.pb
-- wd_replace3.pb
-- wd_replace4.pb
All examples have been updated improving stability and functionality.
I've tested and applied 3 separate methods for loading a webpage to memory:
- DataSection (embedded): Used PureDataConverter by Thomas Schulz (ts-soft)
-- wd_htmdata1.pb, wd_htmdata2.pb
- DataSection (include): HTML file will be auto-created if missing
-- wd_htmfile1.pb, wd_htmfile2.pb
- ReadFile: HTML file will be auto-created if missing
-- wd_htmfile3.pb, wd_htmfile4.pb
The new examples demonstrate a better understanding of how to use WinDivert to handle packet-injection, as well as proof-of-concepts to vulnerabilities in "Browser Security". The examples take into consideration the relatively new HSTS protocol used by some browsers to enhance security.
- HSTS isn't currently supported by Internet Explorer, but is scheduled to be included in its next release
HTTP Strict Transport Security
- answer to SSLStrip (Moxie Marlinspike), and MITM attacks
Additional Documentation:
- https://www.chromium.org/hsts
- https://tools.ietf.org/pdf/rfc6797
- https://hstspreload.appspot.com/
See HSTS in action by running one of the following new examples:
- wd_htmdata1.pb, wd_htmdata2.pb, wd_htmfile3.pb, wd_htmfile4.pb
Run the example a second time, first changing the following parameter from "iexplore" to "chrome":
- Google Chrome must be installed (includes the HSTS protocol)
Code: Select all
dwUser1\Browser = "iexplore"
With the advent of HTTPS and now HSTS the user is conditioned to trust secured (HTTPS) webpages as legitimate. Run the example: wd_htmdata1.pb changing the following 2 parameters:
- did you notice the spelling of "Twitter" in the URL, neither would've the average user
Code: Select all
dwUser1\Browser = "chrome"
dwUser1\URL = "-private http://twittter.com/"
NB*: For educational purposes only, please use responsibility.
Re: PureBasic Interface to WinDivert
Tested the examples on Windows 8:
- added the Complier option: Request Administrator mode for Windows Vista and above
- examples in the "services" folder not currently working (Windows Vista, Windows 7 not affected)
Read the previous post for a review of changes and some general information.
Additional Information (to previous post):
- the example: wd_redirect.pb works for sites that are not redirected internally
- some sites are hosted by a third party that share an IP address across multiple domains, and redirect based on the URL
- the example / service rely on a single-site IP address for the injection to work
- added the Complier option: Request Administrator mode for Windows Vista and above
- examples in the "services" folder not currently working (Windows Vista, Windows 7 not affected)
Read the previous post for a review of changes and some general information.
Additional Information (to previous post):
- the example: wd_redirect.pb works for sites that are not redirected internally
- some sites are hosted by a third party that share an IP address across multiple domains, and redirect based on the URL
- the example / service rely on a single-site IP address for the injection to work
Last edited by JHPJHP on Tue Dec 23, 2014 1:21 pm, edited 1 time in total.
Re: PureBasic Interface to WinDivert
Updated the service section of the package to work in Windows 8.
- added executable: WinDivertElevated_EXE.pb | WinDivertElevated.exe
- may not run correctly with UAC enabled
Information: http://mfctips.com/2013/01/04/createpro ... -manifest/
-----------------------------------------------------------
Updated:
- added file: services/SetManifest_x86.pb
- added folder: services/manifests
-- WinDivertBlock.manifest
-- WinDivertRedirect.manifest
SetManifest_x86.pb: was an exercise to see if it made a difference from what PureBasic handles internally when the following Compiler-option was set:
- Request Administrator mode for Windows Vista and above
*** not currently being used, but would become useful when creating a signed binary: [ uiAccess="true" ] ***
Information: http://msdn.microsoft.com/en-us/library ... 85%29.aspx
-- tool to view manifest in binary: http://www.angusj.com/resourcehacker/
-----------------------------------------------------------
Updated:
- fix an issue with the Include files, should now run in PureBasic 5.24 LTS (x86 / x64)
- added executable: WinDivertElevated_EXE.pb | WinDivertElevated.exe
- may not run correctly with UAC enabled
Information: http://mfctips.com/2013/01/04/createpro ... -manifest/
-----------------------------------------------------------
Updated:
- added file: services/SetManifest_x86.pb
- added folder: services/manifests
-- WinDivertBlock.manifest
-- WinDivertRedirect.manifest
SetManifest_x86.pb: was an exercise to see if it made a difference from what PureBasic handles internally when the following Compiler-option was set:
- Request Administrator mode for Windows Vista and above
*** not currently being used, but would become useful when creating a signed binary: [ uiAccess="true" ] ***
Information: http://msdn.microsoft.com/en-us/library ... 85%29.aspx
-- tool to view manifest in binary: http://www.angusj.com/resourcehacker/
-----------------------------------------------------------
Updated:
- fix an issue with the Include files, should now run in PureBasic 5.24 LTS (x86 / x64)
Re: PureBasic Interface to WinDivert
Updated:
- updated the WinDivert binaries
-- from v1.1.7 to v1.2.0 RC
I skipped over v1.1.8 (stable release), see changelog and documentation for more information:
- https://www.reqrypt.org/windivert-changelog.txt
- https://www.reqrypt.org/windivert-doc-v1.2.html
NB*: Update also includes various bug fixes and modifications to accommodate the new binaries and Windows 10.
------------------------------------------------------------
Updated the DataSections, HTM files, and URLs.
Update allows the examples to work with the latest browser changes, mainly the inclusion of the HSTS protocol in Internet Explorer.
- see this earlier post for additional information: http://www.purebasic.fr/english/viewtop ... 76#p457376
- updated the WinDivert binaries
-- from v1.1.7 to v1.2.0 RC
I skipped over v1.1.8 (stable release), see changelog and documentation for more information:
- https://www.reqrypt.org/windivert-changelog.txt
- https://www.reqrypt.org/windivert-doc-v1.2.html
NB*: Update also includes various bug fixes and modifications to accommodate the new binaries and Windows 10.
------------------------------------------------------------
Updated the DataSections, HTM files, and URLs.
Update allows the examples to work with the latest browser changes, mainly the inclusion of the HSTS protocol in Internet Explorer.
- see this earlier post for additional information: http://www.purebasic.fr/english/viewtop ... 76#p457376
Re: PureBasic Interface to WinDivert
Updated:
- renamed 1 example
-- wd_redirect.pb to wd_redirect2.pb
- added 1 example
-- wd_redirect1.pb: redirects a webpage to an alternate address by modifying the (header) packet
*** removed the service examples ***
A couple limitations to the original redirect example (wd_redirect2.pb) was working with subdomains and only supporting redirection to an IP address...
I noticed if I wanted to redirect from:
- www.reqrypt.org to www.purebasic.com
It worked as expected.
But if I wanted to redirect from:
- www.reqrypt.org/windivert.html to www.purebasic.com
It failed.
But testing redirection from:
- www.reqrypt.org/windivert.html to duckduckgo.com
It worked, but was adding the subdomain to the redirected URL: duckduckgo.com/windivert.html
( the search-engine allowed for the added subdomain otherwise loading the page would have failed )
References:
- https://en.wikipedia.org/wiki/List_of_H ... der_fields
- https://en.wikipedia.org/wiki/HTTP_301
NB*: Update also includes numerous improvements to various examples.
- renamed 1 example
-- wd_redirect.pb to wd_redirect2.pb
- added 1 example
-- wd_redirect1.pb: redirects a webpage to an alternate address by modifying the (header) packet
*** removed the service examples ***
A couple limitations to the original redirect example (wd_redirect2.pb) was working with subdomains and only supporting redirection to an IP address...
I noticed if I wanted to redirect from:
- www.reqrypt.org to www.purebasic.com
It worked as expected.
But if I wanted to redirect from:
- www.reqrypt.org/windivert.html to www.purebasic.com
It failed.
But testing redirection from:
- www.reqrypt.org/windivert.html to duckduckgo.com
It worked, but was adding the subdomain to the redirected URL: duckduckgo.com/windivert.html
( the search-engine allowed for the added subdomain otherwise loading the page would have failed )
References:
- https://en.wikipedia.org/wiki/List_of_H ... der_fields
- https://en.wikipedia.org/wiki/HTTP_301
NB*: Update also includes numerous improvements to various examples.
Re: PureBasic Interface to WinDivert
Updated:
- added 1 example
- added 1 htm file
- added 1 icon file
wd_session.pb:
- creates an HTTP block or redirect session
- threads are used to manage the sessions through a GUI
Block Session:
- only HTTP sites can be blocked
- blocked packet information saved to the binaries folder: BlockedSites.txt
Redirect Session:
- only HTTP sites can be redirected
- redirected packet information saved to the binaries folder: RedirectedSites.txt
NB*: Stopping the redirect session or closing the window while the redirect session is running takes a few seconds.
- added 1 example
- added 1 htm file
- added 1 icon file
wd_session.pb:
- creates an HTTP block or redirect session
- threads are used to manage the sessions through a GUI
Block Session:
- only HTTP sites can be blocked
- blocked packet information saved to the binaries folder: BlockedSites.txt
Redirect Session:
- only HTTP sites can be redirected
- redirected packet information saved to the binaries folder: RedirectedSites.txt
NB*: Stopping the redirect session or closing the window while the redirect session is running takes a few seconds.
Last edited by JHPJHP on Fri Sep 25, 2015 11:39 pm, edited 3 times in total.
Re: PureBasic Interface to WinDivert
looks a lot more fun than winpcap, thanks for sharing!