Redirect connection

codehelp123 · April 10, 2024, 12:42pm

hello, i am trying to redirect connection to local proxy using wfp but code is not able to redirect it. so anyone can take look and suggest me improvement.

	UINT64 classifyHandle=0;

	ULONG PIP = 0x0a00020f;
	USHORT Rport = 8080;
	
	DWORD loacalRedierectTarPID = inMetaValues->localRedirectTargetPID;
	NTSTATUS status = FwpsAcquireClassifyHandle0(
		(void*)classifyContext,
		(UINT32)0,
		&classifyHandle
	);

	if (!NT_SUCCESS(status))
	{
		
		return;
	}
	FWPS_CONNECT_REQUEST0* writableLayerData = NULL;//filter->filterId

	status = FwpsAcquireWritableLayerDataPointer0(
		classifyHandle,
		filter->filterId,
		0,
		(PVOID*)&writableLayerData,
		classifyOut
	);
	if (!NT_SUCCESS(status))
	{
		
		goto Exit;
	}

	


	SOCKADDR_IN* RemoteAddress = (SOCKADDR_IN*)(&(writableLayerData->remoteAddressAndPort));

	RemoteAddress->sin_port = RtlUshortByteSwap(Rport);
	writableLayerData->localRedirectTargetPID = loacalRedierectTarPID;
	RemoteAddress->sin_addr.S_un.S_addr = RtlUlongByteSwap(PIP);
	UINT8 protocol = inFixedValues->incomingValue[FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_PROTOCOL].value.uint8;
	

	if (inFixedValues->layerId == FWPS_LAYER_ALE_CONNECT_REDIRECT_V4)
	writableLayerData->localRedirectHandle = gRedirectHandle;

	ULONG* array = (ULONG*)ExAllocatePoolWithTag(NonPagedPool, 4 * sizeof(ULONG), 'WFP1');

	UINT32 localAddrIndex = inFixedValues->incomingValue[FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_LOCAL_ADDRESS].value.uint32;
	UINT32 remoteAddrIndex = inFixedValues->incomingValue[FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_REMOTE_ADDRESS].value.uint32;//;
	UINT32 localPortIndex = (UINT32)inFixedValues->incomingValue[FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_LOCAL_PORT].value.uint16;
	UINT32 remotePortIndex = (UINT32)inFixedValues->incomingValue[FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_REMOTE_PORT].value.uint16;
	
	KdPrint(("Remote Address Index: %u\n", remoteAddrIndex));
	
	KdPrint(("Remote Port Index: %u\n", remotePortIndex));

	if (array != NULL) {
		array[0] = remotePortIndex;
		array[1] = remoteAddrIndex;
		array[2] = localPortIndex;
		array[1] = localAddrIndex;

		writableLayerData->localRedirectContext = (PVOID)array;
		writableLayerData->localRedirectContextSize = sizeof(array);
		//ExFreePool(array);
	}
	else {
		writableLayerData->localRedirectContext = NULL;
		writableLayerData->localRedirectContextSize = 0;
	}


	
	FwpsApplyModifiedLayerData0(
		classifyHandle,
		(PVOID)writableLayerData,
		0
	);

	classifyOut->actionType = FWP_ACTION_PERMIT;
Exit:
	FwpsReleaseClassifyHandle(classifyHandle);

Peter_Viscarola_OSR · April 10, 2024, 1:33pm

[Mods: Editing the post so that the code segment was shown properly. OP: Please post using markdown.]

NNT · April 30, 2024, 1:57am

Are you making proxy software? You can refer to my project. I successfully redirected all data packets to 127.0.0.1:9870