问题
I'm looking to make a "small" firewall that can intercept HTTP traffic, it should then modify or drop the packet according to its ip address and the content(text) of the packet.
I googled several times before I created this question. Im afraid it'll take a long time, also, I do not have any experience in developing a driver kernel-mode.
Recently though, I came across a library for python (scapy), and from the documentation, it is able to sniff as well as forge traffic.
However I have a few questions about scapy:
What does it mean to "forge network packets?" Does it forge a copy of the packets?
Thanks in advance.
PS: Also since I'm not experienced in developing drivers in kernel-mode, is there any alternative library in user-mode? The programming language used is not my goal, my goal is to accomplish this task in a short period of time and as simply as it can be done.
回答1:
Also since I'm not experienced in developing drivers in kernel-mode, is there any alternative library in user-mode?
Yes, have a look at my project called WinDivert. WinDivert lets you capture/modify/drop packets from a user-mode application (no kernel programming required).
来源:https://stackoverflow.com/questions/10808097/is-it-possible-to-write-simple-firewall-with-python-scapy-for-windows