I have used a lot of parent control software but none of them is perfect. I am thinking to write my own. I want to use either C++ or java or combination of two. My main issue is how to capture all traffic originating from browser.
I want to do it in a way hack proof way.
I appreciate greatly any help on this.
Thanks in advance.
You can't intercept data transfers from your http/https connections
You will have to build a Packet sniffer and find a way to filter out the packages you are looking for, To my suprise im not getting any solid results when i try to google C++ packet sniffer tutorials, but thats defeneteley the way to go.
For windows you need create filter driver for network adapter. Under linux you can use raw sockets for this purpose. Unfortunately, windows not support full row socket functionality.
Related
I am trying to write a minifilter that more or less captures everything that happens in the kernel and was wondering if I could also capture "URLs"/network information; I stumbled upon windivert which seems to be using a .sys driver and also another thread which says we cannot get URLs in driver mode which leaves me a bit confused. If it is true then how does windivert do it?
I understand there is something called network redirect under minifilters on learn.microsoft.com which uses a dll and .sys file (same as windivert), but I could not find any resources that can help make me one.
Is there a better way to capture all visited URLs in real time?
Thanks in advance for any help or directions.
You're looking for Windows Filtering Platform and Filtering Platform Callout Drivers, which WinDivert is utilizing. This gives you the data that goes out over the wire, so for plain old HTTP over port 80 you can parse the requests to obtain the URL. This won't work for HTTPS since you're getting encrypted data over the wire; you'd have to implement some kind of MITM interception technique to handle that.
I've got a proprietary BMS language that is sending it's info over a specific UDP port on the network. The existing interface is not very well made or maintained, and functions poorly.
I have access to the stack for the code, and don't mind creating some interpretation functionality
My question is what is the best way that I should be receiving these raw packets in my program to be interpreted? I'm not finding any good documentation on how to do this, and I wanted to try and do it in a reasonably appropriate way.
Do I basically need to make my program constantly sniff a specific port? and will this be cumbersome to the network or program to be doing this?
You tagged this BACnet. Why don't you try Wireshark, with a capture filter "udp port 47808" and see if wireshark exposes the packets in a way that makes sense to you. (or have you done this). If it is bacnet, then normal UDP sockets, bound to port 47808 is the way to go. Note, that 47808-47823 are the most common BACnet "default" ports. Use cports or something to see exactly what port(s) your application is bound to.
You could use a packet-capture library - but that has security connotations, so instead you can probably (for most part) get away with using a .NET 'UdpClient'.
But! The real challenge is the breaking-down & interpretation of the BACnet packets, which is the hard part.
There is (now!/finally) a NuGet package for BACnet - not that I've used it, but that might be one of the best choices for your case.
But I also suggest you experiment with the (advanced & free) VTS (Visual Test Tool) too.
You could also try using the BACnet stack that YABE uses too.
im looking for a way to detect, and capture data being sent TO and FROM a specific program, ive attempted to use something like wireshark but it all seems to be a bunch of nonsense to me, so i was wondering if anybody could help me get the data, translate it into text, to allow for editing, and then to resend the new edited information on its way.
Look for Capture TCP stream feature/menu item in Wireshark.
Edit: It's actually Follow TCP Stream.
Wireshark is definitely the way to go. It'll capture the data going to a specific port (which you can probably correlate to a the program fairly easily). I hope this isn't happening over SSL though (wireshark isn't going to help you much if it is).
But if you have to reverse engineer the server's communication protocol, capturing the network packets is the least of your problems. Reverse engineering is difficult and can be fairly error prone as it's often based on guess work. My suggestion is to do this as a last resort: if the server is intended to communicate with the outside world, there's probably some protocol documentation floating around somewhere that will be much more reliable than a wireshark trace.
In testing certain network device driver receive features, I need to send special packets on the wire. I know I need to open a raw socket and push the bytes out. Is there some well-known example (C, perl, whatever) code already available for playing at this level?
(added later) I would prefer non-platform-specific answers, they'll be the most useful for everyone.
Look at the documentation for packet. Basically, you create a socket with SOCK_RAW or SOCK_DGRAM, then write to the socket using normal socket i/o. However, the data you send will be put directly on the line, rather than automatically getting the headers that are necessary for most network interop.
http://www.codeproject.com/KB/IP/sendrawpacket.aspx
There's already an existing project that may be able to help you with this.
Check out http://tcpreplay.synfin.net/wiki/tcprewrite#RewritingLayer2
and http://tcpreplay.synfin.net/
Seems to me you are looking for a tool to generate your own packets, Scapy is such a tool often used in the security industry (such as pentesters).
Demo is available: http://www.secdev.org/projects/scapy/demo.html
I can't think of any examples. But you should just be able to open up a UDP socket to any IP address you like and start writing data to it. Make sure its UDP or this will not work.
I found that there's a good C example here at Security-Freak, which only needed a little modification for flexibility. I'm hoping there are more answers in other languages.
What is a good strategy for sniffing/tracing function calls between a Flex application and a ColdFusion-based backend running on ColdFusion server? I understand they use AMF protocol.
I'm used to using Fiddler to sniff transactions between HTTP clients and servers, and it works great as long as you're using plain text or XML HTTP requests and responses (including those over SSL) but it isn't much help for binary protocols like AMF over HTTP.
In my case, I do have access to the source code for the client and server, but I'm looking for an easy way to passively sniff traffic in any Flex + ColdFusion situation, without having to tweak anything on the server.
Wireshark: sniffing the glue that holds the internet together
http://www.wireshark.org/
http://www.charlesproxy.com/
Although not free, will decode AMF binary data and allows to trace SSL connections too.
ServiceCapture is another option. It decodes the binary AMF for you, if I remember correctly.
http://kevinlangdon.com/serviceCapture/
Firebug with the Flashbug plugin will show all decoded AMF messages both to and from a Flash app. Works well over HTTPS too.
https://addons.mozilla.org/en-us/firefox/addon/amf-explorer/.
The simple and poor man's trick. Create one cfc to log calls to the different cfc's and pages as you need. Dump it all to a table. Filter and sort at will. I have done this in the past and it has worked great. It's like putting in little fish hooks anywhere you want to know. This would likely give you the most application relevant data. If you need an example let me know.
ditto for wireshark (the artist formerly known as Ethereal). you can sniff at every protocol layer, and stitch together traffic streams.