A KCP packet sniffer + visualizer in one.
No, pancake fiddler doesn't work anymore.
- Bring your
packetIds.json
andproto/
to thedata/
folder.
½. npm i
-
node . main
ornpm run main
From there, you can either start a proxy or read a .pcap file filtered with udp.port == 22101 or udp.port == 22102
.
Proxy captures will be saved to captures
folder in a .gcap format and can also be read with this tool.
-ignoredProtos: //ignored packets
-ProtosToDump: // add proto names hereto dump them
-dumpAll : //false by default, will write all packets to json (recommended to not enable this unless you really need it)
startFrontend
: launches the frontend on http://localhost:1984/index.html
displayPacket
: sends an abstract packet to frontend
iridium.displayPacket({
source: 0=server, 1=client
packetID: numerical ID,
protoName: name of the proto,
object: decoded packet contents/any info to display in the frontend
})
decodePacket
: queues a packet to be decoded by mtxor -> protobuf
iridium.decodePacket({
ip: {
address: src_addr,
address_dst: dst_addr,
port: port_src,
port_dst: port_dst
} - this is used to construct the kcp ingest object and determine direction
crypt: if "uncrypt" is missing: the buffer containing only the data bytes of the raw udp packet (usually offset 28),
overrideKey: if crypt is used, you can supply your own key to XOR with, per-packet.
uncrypt: if "crypt" is missing: a buffer containing the already-dexored datagram to feed into protobuf decoder, must start with packet id at offset 2,
})
If uncrypt
is supplied, ip
object only needs either port
or port_dst
set to 22101
to determine direction.
updateProxyIP(ip, port)
: Set remote IP and port of the server the proxy should connect to. This is usually determined automatically when the client makes the request to the cur.
While you can just drop in a sniffed pcap, the proxy allows you to see traffic realtime. You will need to reach logged-in state, point the dispatch hosts to localhost and activate the Iridium frontend along with the proxy. The dispatch will be running on localhost:80 and localhost:443 - make sure the ports are succesfully bound, you usually need admin access to do that and if there's svchost taking those up, it won't work and you need to kill it first.
After that, you click into the client and it should request the cur - the response cur will point the client to 127.0.0.1 in terms of UDP. If you are using Fiddler to redirect the hosts, you will have to put your own cur.json
into www
folder, as it becomes impossible to make a request for the real cur. It will work if you're just using the hosts file.
After you click again (the door), the UDP connection should start being monitored.
- Alg