I have a C++ program which I want to use on my clients machines. However, some of my clients are behind proxies. Therefore, I want my program to automatically detect these proxies.
I have tried many solutions, such as reading the registry for the proxy settings, trying the Windows API's, etc.
However none of them have worked out well. E.g. the registry sometimes holds the url for the PAC-file and sometimes the actual proxy-address itself. Besides that, I haven't been able to find any username and password related to the proxy if it is set on the client machine (which some users say they have).
So, basically my question is:
How can I automatically determine the proxy settings of my clients in C++ so I can use the proxy-settings in my LibCurl requests later on regarding:
Proxy-address
Proxy-port
Proxy-User
Proxy-Password
I can't get it to work and I have been trying it for two weeks now without any improvement...
You can not read proxy setting in a generic way, since every application is free to store it in any way it wants. You should be able to read Internet Explorer proxy by using WinHttpGetIEProxyConfigForCurrentUser function, and it would also work for users browsers which use this setting, like Google Chrome.
How can I automatically determine the proxy settings of my clients in C++ so I can use the proxy-settings in my LibCurl requests?
libproxy is the answer!
Libproxy home page on GitHub
Libproxy repo on GitHub
It has these features according to the home page:
support for all major platforms: Windows, Mac and Linux/UNIX (see upcoming 0.4 release)
extremely small core footprint
no external dependencies within libproxy core (libproxy plugins may have dependencies)
only 3 functions in the stable-ish external API (1.0 will offer full stability)
dynamic adjustment to changing network topology
a standard way of dealing with proxy settings across all scenarios
a sublime sense of joy and accomplishment
Related
I am looking for a way to block certain websites using C++.
The agent is installed in the End-User, and if an unauthorized site is accessed, it must be redirected to an error page.
The hosts file is not used because the user can modify it arbitrarily.
Here is a list of possible searches.
(I prefer blocking through hooking rather than developing a network driver.)
Windows Filtering Platform
Send FIN packet to server using WinPCAP
DNS Query control
Browsers target IE, Chrome, and Edge.
What are the pros and cons of the above list?
Or, Is there any possible way other than the above list?
Since there is not enough development time, there is not much learning time.
If you know the API, documentation, or code snippets you can refer to, please respond.
Thankds.
I want to be able to type www.mydomain.com into my web browser but have the actual traffic go to something.mydomain.com. I thought to, maybe inject a dll into the process browser(firefox.exe). I tried to use some methods like hooking, dll injection using create remote thread etc. But, since I'm a newbie, especially when it comes to C++ or Assembly level languages, I coudn't understand much about it. The one's I could understand are no longer compatible with Win 7 or higherCould someone help me by directing me in the right path.
All I want is know how to intercept/manipulate an outgoing URL request from the browser. I found that TCP/IP first creates some socket using socket() function and then connect() function. I sthere a way to intercept that?
I want this to be easy, simple and compatible with windows XP to 10. If it's not easy I'm okay with building different codes for different versions. If the script is cross platform, it would be even more awesome.
I don't think what you want to do (or more precisely the way you want to do it) is possible without being the owner of the domain and setting a HTTP redirect on the server.
Modifying the hosts file or setting up your own DNS server and having the machine or its router use that to resolve DNS queries is really the only way but...
Dependant on the browser this may not be possible. Current versions of firefox and chrome implement dns prefetching which essentially means that they come preloaded with a bunch of popular dns entries for faster page loading times.
I'm in the process of creating a utility to backup user's media files. The media isn't being shared etc its only a backup utility.
I'm trying to think of the best way to protect users from ISPs accusing them of downloading illegal media files by using some sort of secure connection.
The utility is written in C++ using the Qt lib and so far I've only been able to find the QtSslSocket component for secure connections. The domain already has a valid SSL certificate for the next few years.
Can anyone suggest the best way to go about implementing this from both the server and client side. i.e what does the server need to have in place and is there anything in particular the backup utility needs to implement from the client side to ensure secure transactions?
Are there any known, stable sftp or ftps servers available etc?
As far as I know, Qt doesn't have support for secure FTP transfers.
Not sure what other info. would be useful to make the question any clearer but any advice or help pointing me in the right direction will be most welcomed.
EDIT I'm also Java competent so a Java solution will work just as well...
As Martin wrote, you can wrap client. But if you don't want to do that, you can use libssh.
I searched for some sort of solution to this for a couple days and then forgot about the problem. Then today I stumbled across this little gem in the Qt-Creator source Utils::ssh, includes support for SFTP, plain-old SSH, and all sorts of goodies.
Disentangling stuff from Qt-Creator can be a pain, but having gone through this process it amounts to grabbing Botan (one of the other libs in QT-Creator) + Utils.
When it rains, it pours, I find two solutions to this problem in an hour - http://nullget.sourceforge.net/ (Requires Chinese translation), but from their summary:
NullGet is written with Qt, runs on
multiple platforms, the GUI interface
of the multi-threaded multi-protocol
HTTP download software. Use NullGet
can easily download a variety of
network protocol data stream, faster
download speeds, support for HTTP, the
protocol currently supported are:
HTTP, HTTPS, FTP, MMS, RTSP. And it
can run on most current popular
operating systems including Windows,
Linux, FreeBSD and so on.
Easiest way would be to just wrap a commandline sftp client with a Qt front end.
On the server any ftp server should do sftp pretty much out of the box.
As Synthesizerpatel says Qt Creator implements SFTP. So I have isolated the library that contains SSH and SFTP and I have created a new project named QSsh in Github (https://github.com/lvklabs/QSsh). The aim of the project is to provide SSH and SFTP support for any Qt Application.
I have written an example on how to upload a file using SFTP in examples/SecureUploader/
I hope it might be helpful
What would be the simplest way for an application I'm writing to block all Internet access on a Windows machine?
More details:
Windows: XP or higher
Application: A basic Win32 app written in C/C++.
Blocking: It needs to be able to block and unblock at will, ideally in a way that the user can't easily reverse. (By, say, right clicking on a network connection icon in the system tray.) Also, ideally, I'd like the method it uses to allow access to be restored should the user restart Windows or reset the machine, though I'd also be willing to have the app auto launch with Windows and unblock access upon startup if the machine was reset while in a blocked state.
Internet access: Primarily, I'd like to block conventional browsers from hitting conventional http/https sites. Secondarily, it would be nice to block IM clients and client-side social networking apps. It would also be nice, but not required, to still allow local networking for file sharing, etc. (Note that only the first requirement is absolute.)
Final notes: This is not meant to be a security utility, nor will its relationship to the user be adversarial (as, for example, with a parental control utility) so it's not important for it to use a scheme that can't be worked around by a determined user. (Consider that I intend for a reboot or reset to clear the blocking. This means that any workaround a user might discover that would take more effort than this is okay.)
Thanks!
p.s. I suspect that the Windows Firewall API won't work for me because this needs to work for users that haven't enabled the firewall or don't have admin privileges, but I'll be thrilled if I'm corrected on this.
It sounds like you're intending to run applications that you don't want to access the internet. Perhaps you could run them inside a virtual machine such as VirtualBox with networking disabled.
You could do it with a Winsock SPI. The Windows SDK has a sample (under Samples\netds\winsock\lsp) which implements what is called a layered service provider which allows you to hook all the user mode functions provided by Winsock and reject/modify the calls to block network access or redirect traffic to different locations. All installed winsock applications will be affected, so in your code you could have policys for what applications can go out and the like and disabled/enable on the fly. Now a determined person could find ways around this but it would be a pain.
That said this isn't trivial to do but the sample should get you most of the way there.
You cannot effectively or practically write your tool with only a user mode application.
What you need to write is a network I/O stack filter driver. This done by writing a Windows Driver. This is different from a Windows Win32 application. Drivers run in kernel mode and applications run in user mode.
On Windows Vista and later, the kernel mode Network Programming Interface (NPI) is designed for this. This is the same API that Windows Firewalls use. These are sometimes called the Winsock kernel (WSK) APIs.
In effect, you are writing a network firewall (more or less)
here are some links
Introduction to Winsock Kernel (WSK)
Windows Core Networking Blog
The Network Programming Interface Docs on MSDN
Note, your will likely need at least two components
Your driver
A Graphical application that a person can use to control your tool
If you want to do any monitoring, you will likely need a user mode service that collects data from your driver. This works better than trying to do this in the driver. In general, you should do the minimal amount of work in the driver.
A few notes:
You need to be very conscious of security when writing this kind of software. This is very much non trivial. Software that is network facing has the highest security requirements.
Be cognizant of performance.
Your driver and/or service must be aware of the context of a calling application. This is also a security boundary. For example, an application not running as administrator should not be able to control your driver.
take a look at firewall sourcecodes
I want to have an application or service that is running that, on some schedule, can disable access to the internet for all applications except for specific ones.
I'm trying to create a filter that can be turned on or off under programmatic control. Not just IP addresses and ports, but I want to be able to block specific applications as well, much like Zone Alarm and other software firewalls let you block.
For example, iexplore.exe, skype.exe, firefox.exe, aim.exe. But still need to allow other applications to connect as needed.
It has to work on Vista as well as XP, but I kind of expect that the method will be different on each of those platforms.
Basically, the filter has to tie the network communication back to the executable that is making the request and then allow or deny it.
Update:
On Vista at least, it looks like I want to use filters in the ALE layers of the WFP.
On XP, I'm still looking for the best way to do it. Do I really need to be writing device drivers and dealing with kernel stuff? I'm just a lowly application developer. Kill me now.
Update 2:
Currently looking at the PfCreateInterface and related Pf* API's for pre-Vista systems.
You can change both Vista and XP's firewall policies dynamically using the INetFwAuthorizedApplications interface from the Windows Firewall API.
Also see this question.
You'll have to write a device driver that filters traffic based on the executable requesting the traffic.
by limiting its access to internet using firewall. go to firewall setting advanced tab (win 7)
and do that
I'm not sure, but I think you'd need to do it by getting the program to run as a user that has limited permissions, the question is, can you make a user account that stops such things?
You'll need to redirect all (or at least many) calls to the WinSock API functions of any running program to your own replacement functions. That means getting into the memory of each running program and hijacking those functions, which is an... interesting... exercise. :-)
That might be enough of a pointer to get you started, or at least to suggest some more specific questions to ask.
Could you move aside (ie rename) the system's winsock DLL and replace it with your own ?
Yours should provide the same API, but check the the process name of incoming requests... return an error code to blocked applications and forward the calls from allowed apps onto the real DLL.