Echo Mirage

Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified.

Windows encryption and OpenSSL functions are also hooked so that plain text of data being sent and received over an encrypted session is also available.

Traffic can be intercepted in real-time, or manipulated with regular expressions and action scripts

Several screen shots are available.

Change Log

Changes In 1.2

• Implemented RegexReplace() in action scripts.
• Implemented PCap logging (in a somewhat limited fashion).
• Implemented numerically incrementing log files (%n or %N in any log filename).
• Implemented hot-keys.
• Added default processing rules so that Echo Mirage intercepts all traffic by default.
• Added append option for all log files.

Changes In 1.1

• Hooked RecvFrom, SendTo, WSAConnect, WSASend, WSASendTo and WSARecvFrom.
• Fixed intermittent crash on uninject.
• Fixed intermittent crash in thread termination.

Download

The latest release of Echo Mirage can be obtained from:

• EchoMirage-1-2.exe (md5sum: 1b25fc6dcc8d030482283d184795b1ce)
• EchoMirage-1-2.zip (md5sum: 97e1e7b5d7566cc43630314b9824bdfb)

Author

Dave Armstrong <dave@bindshell.net>