I need to make some small modification to incoming traffic from a known tcp host:port before the process handling the connection get the stream.
For example, let 192.168.1.88 be a remote host which runs a web server.
I need that, when a process on my local host receives data from 192.168.1.88:80 (e.g. the browser), the data is first changed replacing text-A with text-B, like this:
- 127.0.0.1:… connects to 192.168.1.88:80
-
127.0.0.1:… sends to 192.168.1.88:80:
GET / -
192.168.1.88:80 sends to 127.0.0.1:…:
HTTP/1.0 200 OK Content-Type: text/plain Some text-A, some other text -
That data is somewhat intercepted by the system and passed to a program whose output is:
HTTP/1.0 200 OK Content-Type: text/plain Some text-B, some other text -
the system gives the so changed data to the process handling 127.0.0.1:…, like if it comes from 192.168.1.88:80.
Assuming I have a stream-based way to make this changes (using sed for instance), what is the easiest way to pre-process the incoming tcp stream?
I guess this would involve iptables, but I'm not very good at it.
Note that the application should feel to deal with the original host, so setting up a proxy is not likely a solution.
Best Answer
Use netsed and iptables proxying.
Then run:
NetSED is a small and handy utility designed to alter, in real time, the contents of packets forwarded through your network. It is really useful for network packet alteration, forging, or manipulation. NetSED supports:
black-box protocol auditing - whenever there are two or more proprietary boxes communicating using some undocumented protocol. By enforcing changes in ongoing transmissions, you will be able to test if the examined application can be claimed secure.
fuzz generating experiments, integrity tests - whenever you do stability tests of an application to see how it cares for data integrity;
other common use-cases: deceptive transfers, content filtering, protocol conversion - whatever best fits your task at hand.