If you're a Linux user, this is fairly easy and straightforward to do using Netfilter. Packets can be stolen from the kernel using a standard iptables rule, which are then modified by a userspace program that you write and then reinjected back into the network stack.