Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified.
Windows encryption and OpenSSL functions are also hooked so that plain text of data being sent and received over an encrypted session is also available.
Traffic can be intercepted in real-time, or manipulated with regular expressions and action scripts
Several screen shots are available.
Changes In 1.2
- Implemented RegexReplace() in action scripts.
- Implemented PCap logging (in a somewhat limited fashion).
- Implemented numerically incrementing log files (%n or %N in any log filename).
- Implemented hot-keys.
- Added default processing rules so that Echo Mirage intercepts all traffic by default.
- Added append option for all log files.
Changes In 1.1
- Hooked RecvFrom, SendTo, WSAConnect, WSASend, WSASendTo and WSARecvFrom.
- Fixed intermittent crash on uninject.
- Fixed intermittent crash in thread termination.
Echo Mirage is now available from http://www.wildcroftsecurity.com/echo-mirage.
Dave Armstrong <firstname.lastname@example.org>