简体繁体 English

在Windows上拦截/重定向传出的HTTP连接

[英]Intercepting / Redirecting outgoing http connections on windows

原文 2013-06-03 14:25:58 2 1 c#/ c++/ http/ winsock/ easyhook

i am looking to redirect outgoing http connections (which do not use the system proxy) on a windows machine. 我想重定向Windows计算机上的传出http连接（不使用系统代理）。

Background: 背景：

I have some legacy software that interacts with a now defunct web service. 我有一些旧软件可以与现已失效的Web服务交互。 I have emulated that service in a simple desktop application, and would like to reroute the outgoing http requests to this app. 我已经在一个简单的桌面应用程序中模拟了该服务，并希望将传出的http请求重新路由到该应用程序。

Experimentally i have used the windows hosts file to redirect to localhost successfully, but this is impractical as i have other services that need to listen on default http port 80, and i do not want to setup another physical server just for this 实验上我已经使用Windows主机文件成功重定向到localhost，但这是不切实际的，因为我还有其他需要在默认http端口80上侦听的服务，并且我不想为此设置另一个物理服务器

The legacy software does not use the system proxy, so solutions like FiddlerCore wont work (unfortunately, because this is awesome!) 旧版软件不使用系统代理，因此像FiddlerCore之类的解决方案将无法工作（不幸的是，因为它很棒！）

I have noticed EasyHook mentioned in similar questions, in conjunction with winsock, but my experiance of lower level programming is extremely limited, and before i embark on a long and confusing journey, i would like to check i am on the correct path! 我注意到在与Winsock结合使用的类似问题中提到的EasyHook，但是我对低级编程的经验非常有限，在我踏上漫长而混乱的旅程之前，我想检查一下我是否在正确的道路上！

So, is it theoretically possible to intercept and redirect outgoing http traffic that does not use the system proxy by hooking winsock (preferably with easyHook in c#)? 因此，从理论上讲，是否有可能通过钩住winsock来拦截和重定向不使用系统代理的出站http通信（最好使用c＃中的easyHook）？

A simple yes / no answer will be fine, some reasoning, or even better documentation would be fantastic 一个简单的是/否答案就可以了，有些推理，甚至更好的文档都很棒

1 个解决方案

I've done it many times so it is absolutely possible. 我已经做过很多次了，所以这绝对有可能。 Use the following steps to get started. 使用以下步骤开始。

Have your program launch the target application with CreateProcess and pass CREATE_SUSPENDED to the dwCreationFlags argument. 让您的程序使用CreateProcess启动目标应用程序，然后将CREATE_SUSPENDED传递给dwCreationFlags参数。 This will start the target application but won't start execution. 这将启动目标应用程序，但不会开始执行。
Inject the DLL that contains your "trampoline" functions. 注入包含您的“蹦床”功能的DLL。
Hook the Winsock function gethostbyname . 挂钩Winsock函数gethostbyname 。
Call ResumeThread on the target processes main thread to start execution. 在目标进程主线程上调用ResumeThread以开始执行。
In your hook function call the real gethostbyname Winsock function when it returns a valid pointer to a hostent structure change the address data to make it point to your loopback device (localhost). 在挂钩函数中，当它返回指向hostent结构的有效指针时，调用真正的 gethostbyname Winsock函数，更改地址数据以使其指向您的回送设备（localhost）。

Depending on how the target application works you may need to hook additional Winsock functions but hooking gethostbyname is usually sufficient for this scenario. 根据目标应用程序的工作方式，您可能需要挂钩其他Winsock函数，但是挂钩gethostbyname通常对于这种情况就足够了。

You will want to write the hook functions that are in your DLL in C++ or C. Using C# is probably not an option here plus it will pull in a lot of dependencies that may cause conflicts with the target application. 您将需要编写C ++或C中DLL中的钩子函数。在这里使用C＃可能不是一种选择，而且它会引入很多依赖关系，这些依赖关系可能导致与目标应用程序发生冲突。