0

Situation: I am trying to intercept TCP (not HTTP) traffic on a Windows machine using Python. I am posting this question as most answers I was able to find teaches how to sniff traffic.

Normal operation:-
Machine A ===> Machine A's TCP/IP stack ===> Machine B

What I am trying to do:-
Machine A ===> Intercept + modify packet ===> Machine A's TCP/IP stack ===> Machine B

Problem: Most common answers point to using scapy module in Python to modify the traffic. However scapy only sniffs the traffic from Machine A, and does not stop the original copy from being dispatched. As a result Machine B will receive two copies of traffic

What scapy does:-
Machine A ===> Machine A's TCP/IP stack ===> Machine B
           ||                                       /\
           \/                                       || (2nd copy)
   Scapy sniffing ===> Scapy modifications ===> Machine A's TCP/IP stack

Question: Is there any way I am able to intercept the traffic instead of sniffing it? The end goal is to have Machine B only receive one copy of the packet, which will the modified one.

Additional information 1: All modules used will need to be able to be contained within one EXE file (a la PyInstaller) for Windows.

Additional information 2: I cannot place a third machine between A and B, so I cannot perform ARP poisoning (which was a considered option).

Additional information 3: if I were to use a proxy, it must be able to intercept traffic from ports other than standard HTTP (80, 443, 8080).

Improve this question
7
  • 1
    You have to redirect the outgoing traffic of the local machine to your program. There is no universal OS independent way but you don't provide any information about the OS you are using and the permissions you have on this OS. See for example here for MacOS or here for Linux. Commented Aug 19, 2019 at 12:11
  • 1
    I just see two options for your case: 1. use the python binding of netfilter (pypi.org/project/NetfilterQueue), 2. Use a proxy in python (twistedmatrix.com). I With both cases you can modify the packet or the payload. Commented Aug 19, 2019 at 12:12
  • Sorry forgot to mention I needed to do this on a Windows machine. But nevertheless, if I use the proxy, that means that I need to edit the system proxy settings? Commented Aug 19, 2019 at 12:18
  • @Steffen got a Windows way? I'm not really a Windows person, that's why I'm stuck Commented Aug 19, 2019 at 12:19
  • 1
    @TimothyWong: My guess is that you need to use the Windows Filtering Platform for this. Based on this it looks like it can be used with Python but likely not trivial. Anyway, only the mechanism for interception might be a security topic. Details on how to do it in a specific programming language are not a security question but a plain programming question, i.e. off-topic here. Commented Aug 19, 2019 at 12:36

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.