Can Wireshark be used to change the content of packets

networking wireshark sniffer
16,088

Solution 1

At least on Unices and -like where raw sockets are used, this is not possible, since the packet is copied to userspace and you only work on that copy. Furthermore, sending a packet back through the raw socket may be considered an "outgoing" packet so that it is, in fact, not reinjected to the input path where it should be. Raw sockets were — according to the Linux manpage — designed to implement new protocols, IOW, raw sockets are an "endpoint", not a "passthrough station".

For packet modification in the input path (passthrough-like), each OS has its own set of interfaces. In Linux (you were sort of unspecific as to which you target), that would be the nfqueue mechanism, usable through libnetfilter_queue. And of course, that is how wireshark, if it wanted to (I don't see it doing packet alteration last time I checked), would go about doing this.

Solution 2

Please give Burp Suite a try. It includes a repeater that let's you modify HTTP requests.

Solution 3

No wireshark won't let you change the contents of the packets and place them back on the line. However there are ways to change packets as they pass through the machine. Typically the host is setup with two nics bridged together. One nic is connected to one network and the other nic to the other network. Then as packets pass through this point the host can see them. Now you can use iptables/netfilter and write a module that changes data in the packet. For example you can write something that can remap source ip addresses. It's been a while since I've used netfilter/iptables, so I can't provide anymore details, but I have used it in a previous job to do some neat things with packets while they were inflight. It does mean you need a host machine sitting at network junction points though.

Share:
16,088
Admin
Author by

Admin

Updated on June 12, 2022

Comments

  • Admin
    Admin almost 2 years

    Wireshark doesn't seem to be able to change the content of filtered packets in real time.

    Does anyone know a symilar software which can change packet content that is filtered.

    Finding something like this will really be a life saver

    Thanks.

  • Vercingatorix
    Vercingatorix almost 2 years
    Newer versions of wireshark don't support this, unfortunately. See golinuxcloud.com/packet-editing-wireshark-examples

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Wireshark filter for filtering both destination-source IP address and the protocol
Packet sniffer in Python
TCP Server sends [ACK] followed by [PSH,ACK]
How to decrypt https
How to see full HTTPS URL in wireShark
what does this wireshark info refer to
How to enable Wireshark without running as root in Trusty 14.04
How can I capture network traffic of a single process?
Windows 7 PC sends a lot of NetBIOS Name Queries for non-existent computer names
SSL (imap) doesn't work from some machines - ssl handshake failure - how to narrow down further?