search

microsoft / Windows-driver-samples

This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.
Microsoft Public License
6.88k stars 4.92k forks source link

FWPM_LAYER_ALE_CONNECT_REDIRECT_V4: Can't redirect to local proxy #979

Open darind opened 1 year ago

darind commented 1 year ago

Hi all, I am trying to develop a WFP driver which can be used to redirect outgoing TCP connections to a local proxy server. To better understand the different components involved, I tried running WFPSampler project on a new Windows 11 installation:

WFPSampler -clean all
WFPSampler.exe -s PROXY -l FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 -iprp 443 -ipp TCP -pra 127.0.0.1 -prp 8866 -plspid 13220 –v

After running this command, it seems that the WFPSampler service is successfully invoked through RPC:

INFO:  ProxyScenarioExecute : RpcInvokeScenarioProxy() [status: 0]

and I can see that the following filter is registered at the ALE_CONNECT_REDIRECT_V4 layer:

Screenshot 2023-04-21 at 17 33 50

Unfortunately, no traffic is ever reaching the locally running proxy server. If I make an HTTP connection to a remote server, it simply succeeds as if there are no WFP rules.

I am new to kernel development and not sure how can I further debug this and whether the callout function is ever invoked. I never managed to get TraceView working.

Any pointers would be greatly appreciated.

keith-horton commented 3 months ago

Sorry, this Connect/Redirect does not work between loopback addresses :(

I'm trying to get this fixed.