PureBasic Interface to WinDivert

[JHPJHP]

Hi Keya,

You're welcome and thank you for commenting; definitely fun working with WinDivert.

-------------------------------------------------------------

Updated:
- fixed a problem with the example wd_session.pb running in a 64 bit environment
- included the x86 / x64 link files to the example wd_block.pb (accidentally deleted)

NB*: Update includes a subtle, but important change to various examples that addressed an invalid memory buffer.

-------------------------------------------------------------

Updated:
- removed example: wd_redirect2.pb
- renamed: wd_redirect1.pb to wd_redirect.pb
- renamed: wd_session.pb to wd_app_session.pb
- fixed a connection issue: wd_app_session.pb
- refreshed the htm files

NB*: Updated the examples to be Unicode compliant (enabled by default).

[JHPJHP]

Updated:
- fixed the example: wd_htmfile3.pb
- updated the zlib routines used in the following examples
-- wd_inflate.pb, wd_replace1.pb, wd_replace2.pb, wd_replace3.pb, wd_replace4.pb

Changes to the zlib routines were based on updates to the thread Services, Stuff, and Shellhook.
- Stuff\InflateDeflate\InflateDeflate.pb

NB*: See the first post in this thread for notes describing each example.

[boyoss]

Error (429)
This account's links are generating too much traffic and have been temporarily disabled!

[JHPJHP]

Hi boyoss,

I've updated the download link, replacing Dropbox with OneDrive.

[boyoss]

This roject can be used for restricting internet connection from computer ? Let's say, if i want to allow only a few ip to connect ?


Envoyé de mon iPhone en utilisant Tapatalk

[boyoss]

Thanks for sharing, i love the example wd_app_session.pb, but is it possible to do it also for secured sites?

[JHPJHP]

Hi boyoss,

See the following: http://stackoverflow.com/questions/2315 ... naged-code

...is it possible to do it also for secured sites?

HTTPS uses encryption to stop third parties intercepting and modifying the HTTP stream. So the short answer is "no".

Thank you for your answer. I found a solution to my problem, I changed the code of webfilter to intercept DNS queries (udp.DstPort == 53) ...

NB*: Basil is the creator of WinDivert.

[AndyMK]

Hi JHPJHP,

This is fantastic and i want to use this in a slightly different way. I would like your opinion. I run a small WISP in Cyprus with around 600 customers. I want to pass my network traffic "inline" through 2 network cards, sort of like a bridge so that i can analyse or police packets as they go through. Is this possible with your interface?

Regards

[JHPJHP]

HI AndyMK,

For a programming start Windivert is a good solution, but I am sure you know there are numerous prebuilt utilities already available i.e. Wireshark.

If you are determined to go the programming route, start with the example wd_sniffing.pb...

... Setup your test environment, modify the script to act more like a service (indefinite loop, no pre-set URL), adjusting the filter to return the desired result.

In addition, look at wd_app_session, it should provide additional information to providing a continuous filter.

NB*: If you have questions along the way, both Thunder93 and I are good with the interface.

[AndyMK]

Many thanks for the quick response. I already stripped the browser stuff and played with the filter. As far as i can tell, to emulate a bridge, i need to read packets incoming from both interfaces and relay them to the opposite interface where they came from. Is this correct? I just want a simple passthrough at the moment.

Regards

[JHPJHP]

Hi AndyMK,

The following information has not been tested (Network Tap).

If you are only using WinDivert then that sounds correct, but I would think, first setting up a bridge through the OS would be easier.

After setting up a pass-through bridge, the host computer will lose internet access, but WinDivert should still be able to read the packets, and when necessary filter them.

[AndyMK]

Why didnt i think of that!

[AndyMK]

That didnt work. It wont read packets unless its on the pc running the program. The other ethernet interface is connected to a router. Is there a way to select the interface to read from?

[JHPJHP]

Hi AndyMK,

The following should work for monitoring packets, not sure about manipulating packets.
- you may have to go back to your original solution

Just to confirm...

The sniffer computer with the two interfaces is running WinDivert.
The two interfaces are bridged.
Your router is connected to one interface.
The LAN switch is connected to the other interface.
Sniffing traffic on either of the interfaces should work for at least monitoring.

Another option is to purchase a cheap switch that has Port Mirroring.
Plug the switch between your router and LAN switch, sniffing the mirrored port.

Sorry I cannot be of more help, but I do not have the hardware to test the above assumptions, nor the patience to setup a virtual environment.
- information is based on the use of Wireshark (monitoring), but I would think WinDivert (manipulating) would also be a viable solution

[JHPJHP]

Updated:
- v1.2.0 RC to v1.4.0 RC
- modified Structures and Functions
- updated reference files
- removed a couple examples
- optimized parts of the code
- squashed a couple bugs

---------------------------------------------------------

Updated:
- v1.4.0 RC to v1.4.1
- updated reference files