On-the-fly altering of payload under Linux

[Rene <secmailinglist () googlemail com>]

Hi everyone,

I'm looking for possibilities to change the payload of packets sent with
TCP or UDP on the fly. It would be great if it worked like a
transparent proxy, but that would be a bonus, it's not a must-have.

I created a small application layer protocol, that sends messages in the
form of packets. Every packet header starts with 0xAA 0xAA, followed by
a 16 bit packet length. Now I want to capture these packets, alter their
content (like replace every 0x49 with 0x59, or always set the 20th bit
to zero, while ignoring the packet header info) and send the changed
ones. I know I could write a program that does this, but I want to see
if there are ways to do it using existing programs.

What I tried so far:

I made netcat listen for incoming packets, then piped the received data
to sed. The problem is that sed only really works with text, not with
binary data, and it waits for a linefeed character before actually doing
anything. I tried to replace sed with a little program I found, called
replace, which can explicitly replace binary data. Didn't work like I
wanted, too, because, like I said, I want to exclude the protocol header
from this.

I also tried netsed, but I wasn't able to let it run in UDP mode, which
is a must (I had a look at the source, but I'm not a good C programmer.
I think I figured out what's wrong, but I don't know enough C to fix it).

I found tons of different programs to generate packets, but none so far
that let me alter them. I hope somebody here has some ideas how I could
accomplish this.
It doesn't matter if it's a single application that does it, or if it's
a clever combination of different programs.

One last thing: English is not my native language, so if I said
something that doesn't make sense or needs clarification please tell me.

Thanks in advance,
Rene