public static IPv4Packet CreateIpV4Packet(IPAddress sourceIpAddress, IPAddress destinationIpAddress,
TcpPacket payloadPacket)
{
var result = new IPv4Packet(sourceIpAddress, destinationIpAddress) { PayloadPacket = payloadPacket };
payloadPacket.UpdateTCPChecksum();
result.UpdateIPChecksum();
result.UpdateCalculatedValues();
return result;
}
// process packet
public bool ProcessPacket(Packet rawPacket, TcpPacket packet)
{
if (packet.ParentPacket == null) return true;
if (packet.PayloadData == null) return true;
var sourceIP = ((IpPacket) packet.ParentPacket).SourceAddress.ToString();
var destIP = ((IpPacket) packet.ParentPacket).DestinationAddress.ToString();
var payload = packet.PayloadData;
var data = encodingUtf8.GetString(payload);
if (data != string.Empty)
{
var changed = new List<string>();
var matches = SimpleRegex.GetMatches(regexType, data);
// HTTP request
if (matches.Count > 2)
{
// check for images - stop further processing
if (matches[2].Contains(".png") || matches[2].Contains(".jpg") || matches[2].Contains(".gif")) return true;
// check for Accept-Encoding and replace it to prevent unreadable data
if (data.Contains("Accept-Encoding:"))
{
var diff = data.Length - regexEncoding.Replace(data, "Accept-Encoding: \r\n").Length;
var extra = string.Empty;
for (int i = 0; i < diff; i++)
{
extra += " ";
}
data = regexEncoding.Replace(data, "Accept-Encoding: "+ extra +"\r\n");
changed.Add("Accept-Encoding");
}
// check for If-Modified-Since and replace it to prevent caching
if (data.Contains("If-Modified-Since:"))
{
var time = new DateTime(2000, 1, 1);
data = regexModified.Replace(data, "If-Modified-Since: "+ time.ToString("R") +"\r\n");
changed.Add("If-Modified-Since");
}
// check for cookies and strip them if necessary
if (stripCookies && data.Contains("Cookie:"))
{
data = data.Replace("Cookie:", "C00kie:");
changed.Add("Cookies");
}
}
// HTTP response
else
{
// check for html tags - stop further processing
if (!(data.Contains("<form") || data.Contains("<input") || data.Contains("<a ") || data.Contains("</a>") || data.Contains("</div>") || data.Contains("<meta") || data.Contains("javascript"))) return true;
var cmatches = SimpleRegex.GetMatches(regexCType, data);
// check for images - stop further processing
if (cmatches.Count > 1 && cmatches[1].Contains("image")) return true;
// HTTP 302 redirect stripping
foreach (var item in stripRedirects)
{
if (data.Contains("Location: " + item))
{
data = data.Replace("Location: https://", "Location: http://");
changed.Add("HTTPS (302 redirect)");
}
}
// other links, actions...
if (data.Contains("\"https://") || data.Contains("'https://"))
{
data = data.Replace("\"https://", "\" http://");
data = data.Replace("'https://", "' http://");
changed.Add("HTTPS");
}
}
if (changed.Count > 0)
{
// change packet data to stripped one
var bytes = encodingUtf8.GetBytes(data);
var diff = packet.PayloadData.Length - bytes.Length;
packet.PayloadData = bytes;
packet.UpdateTCPChecksum();
// checksum fixes for IPv4 packets (IPv6 packet doesn't have a checksum)
if (packet.ParentPacket is IPv4Packet)
{
var ip = (IPv4Packet)packet.ParentPacket;
ip.TotalLength = ip.HeaderLength + packet.Bytes.Length;
ip.PayloadLength = (ushort)packet.Bytes.Length;
ip.Checksum = (ushort)(ip.Checksum + diff);
}
Stripped(sourceIP, destIP, changed);
}
}
return true;
}