TCP Connection Hijacking

7
votes

I have a small project that I've been working on in C++, and due to the nature of what it does, I need to insert packets in to a live TCP stream. (The purpose is innocent enough, http://ee.forumify.com/viewtopic.php?id=3299 if you MUST know) I'm creating a level editor for a game, and due to the nature of the handshakes, I can't simply establish a new connection with a high level library such as WinSock. Until now, it has relied on Winsock Packet Editor to do the dirty work, but if I were to let the application handle it all, it would make everyone happy.

So my question is this: Is there an API somewhere that will allow me to take control of a live TCP stream, and preferably one that keeps it valid after it finishes? And I would prefer to not have to inject any DLLs. Also, Detours is a no-no as I'm using GCC/Mingw.

I've toyed around with WinPCap and I have some working code (I can collect a packet, and from that generate a proper packet to send) but since it operates at such a low level, I cannot anticipate all of the potential protocols that the end user might use. Yes, chances are that they'll be using IPv4 over Ethernet, but what about those people who still use PPP, or some other obscure protocol? Also, the connection gets dropped by the client application after mine is done with it, as the latest ID values in the packets have changed and the client assumes that it has disconnected.

So, if anyone could provide a high-level TCP stream manipulator, I would be very happy. If not, I'll just continue tinkering with WinPCap and tell all the dial-up users to go get better internet.

Target platform: Microsoft Windows XP through Windows 7

3
c++tcpwinpcapraw-sockets
You should read Hackish C++: Pranks and Tricks by Michael Flenov. It sounds like just a computer-oriented practical joking book, but he has a lot of great examples of networking which would apply to this projectNate Koppenhaver
Is there anywhere I can read that online for free? My local library system doesn't have a copy of that, sadly.Kaslai
i don't know... maybe you could find something with google. i have typed up some of that code somewhere, if i find the relevant file i'll post some codeNate Koppenhaver
well, i don't appear to have typed up the entry im thinking of. Sorry i can't be mor help, but i would suggest that you look up the Winsock2 library. I'm pretty sure that will allow for that. I do know for sure that it supports RAW socketsNate Koppenhaver
I have looked at Winsock2, but raw socket compatibility is awful due to security reasons. It would limit my user-base to XP professional Edition or older.Kaslai

3 Answers

2
votes

Create a separate process to bind to a local port. When the initial tcp stream is created, proxy it through that process, which can then forward it on to the network. When you need to 'inject' into the stream you can have this proxy process do it. Just a thought.

1
votes

you should look at the source code of ettercap http://ettercap.sourceforge.net/ or hunt, tcp hijacker http://packetstormsecurity.org/files/view/21967/hunt-1.5.tgz

Those 2 softs do what you're after.

0
votes

I don't think there's any sensible API that will allow you to hijack a TCP stream. Such a thing would, inherently, be a security problem.

Can you insert your program as a proxy for the connection in question? That is, get the program that opens the connection to open it to your program, then have your program open the connection to the real target.

The idea is that if all the packets pass through your program anyway, then modifying the TCP stream becomes relatively trivial.