Intercepting web requests from an application and modifying response
 

Hi there,

I'm working with this windows application that sends a request to an http address periodically to check the validity of the license.

I've identified the assembly code where this is happening and have extracted the web address as well and I know where the code jumps to if the correct response is received.

Now normally I would just patch this and it would work fine, but just for the sake of it, I was wondering if there is an easier way to intercept the http request and send an html page with some text in it.

I've never done this before and a cursory search revealed tools like Fiddler etc, but I wanted to reach out to this group to see if anybody had a simpler way this could be done?

Sailor_EDA

Hi,
Fiddler is fine, you can put 'breakpoint' on request to intercept them before response or even after, and then edit the content (return content or query)

Thanks for your suggestion JMP-JECXZ.

Would you also happen to know if there any generic tools that would allow me to "automate" this so I don't have to intercept the call everytime and could just code my response whenever a request is done to that address?

You can force redirection to localhost with windows host file and then recreate the path/file to the file called and give him a dummy response with your dummy file using xamp or similar for making the local server.

You might want to edit your hosts file to redirect the traffic and then run the webserver part on your computer. If it's a simple webcheck with static requests there are many tiny webservers or networks tools available which can serve the requests.

If it's more complicated you might need to switch to some script language to process and serve the requests.

But if it's just a simple patch you already know the location to I would prefer patching over running a webserver. You might have redirected other addresses in your hosts file which would get served with unknown data and might behave differently.

try this http://www61.zippyshare.com/v/mUgeUdRJ/file.html

The harder sometimes is to know what the response should "look like" from a valid licence check, before you can recreate it ;)

You might receive a full embedded class with objects and data etc...

cloud license emulator?

That's true. In my case, the program submits the email and lic key via php to an http address and then parses the response. I disassembled the code in IDA and I can clearly see that it's expecting a string response back.

But I can see how some programs might be expecting more than just a basic string, in which case it could get quite complicated.