Easy way to "edit" the traffic coming from a tcp host (linux)

Solution 1:

Use netsed and iptables proxying.

iptables -t nat -D PREROUTING -s yourhost -d desthost -p tcp --dport 80 -j REDIRECT --to 10101

Then run:

netsed tcp 10101 desthost 80 s/text-A/text-B

NetSED is a small and handy utility designed to alter, in real time, the contents of packets forwarded through your network. It is really useful for network packet alteration, forging, or manipulation. NetSED supports:

• black-box protocol auditing - whenever there are two or more proprietary boxes communicating using some undocumented protocol. By enforcing changes in ongoing transmissions, you will be able to test if the examined application can be claimed secure.

• fuzz generating experiments, integrity tests - whenever you do stability tests of an application to see how it cares for data integrity;

• other common use-cases: deceptive transfers, content filtering, protocol conversion - whatever best fits your task at hand.

Solution 2:

You can do exactly this by using iptables to transparently proxy connections through a squid proxy, and then having squid re-write the http content for you.

Solution 3:

iptables + the use of libnetfilter_qu is another option that will do what you wish:

"...[reinject] altered packets to the kernel nfnetlink_queue subsystem."

It likely will give you most extensibility as it's up to you to code software.

There's a python wrapper available as well.