Thread-topic: FYI: Echo Mirage: A Generic Win32 Network Communications Proxy
> -----Original Message-----
> From: listbounce@xxxxxxxxxxxxxxxxx
> [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Dave
> Sent: Saturday, September 23, 2006 1:53 PM
> To: binaryanalysis@xxxxxxxxxxxxxxxxx
> Subject: Echo Mirage: A Generic Win32 Network Communications Proxy
>
>
>
> Echo Mirage is a generic network proxy. It uses DLL injection
> and function
> hooking to redirect network related function calls so that
> data transmitted
> and received by local applications can be observed and modified.
>
> Think of it as Odysseus (or Burp, if you prefer) that will
> proxy (almost)
> anything...
>
> Windows encryption and OpenSSL functions are also hooked so
> that the plain
> text of data being sent and received over an encrypted session is also
> available.
>
> Echo Mirage tries to be smart with the OpenSSL calls by monitoring
> ssl_set_fd() and ssl_connect() to determine when SSL is in use on a
> particular socket. When SSL is in use the encrypted stream
> is ignored and
> only the unencrypted data is processed. This doesn't work
> for the windows
> SSL stuff because that functions in an entirely different way...
>
> Traffic can be intercepted in real-time, or manipulated with regular
> expressions and action scripts.
>
> --
> Two fish are in a tank.
> One turns to the other and says 'I'll man the guns. You drive.'
>
