(I Use Ubuntu)
I'm looking for some pointers for writing a firewall program which denies every port/ip at first and creates rules by asking you whenever a program wants to access the internet, much like the discontinued product Kaspersky Anti Hacker for Windows. I especially want to use it on web browsing. So if my web browser wants to access stackoverflow.com the program should ask me if it should make a connection to stackoverflow.com's ip address, or when torrent client wants to connect a peer It should ask to either allow that port or allow that ip/port only.
I have used gufw but I have to know the port/ip before adding the rules so it isn't as I want it to be. I'm also trying to stay out of Firestarter since the last release was in 2005. So I have decided to write my own.
I just need some pointers on this subject. It can be a terminal command to see the connections I make with other computers, or a way to prompt before making connections, an open source project that sounds like this, or a c++ library/shell program that I can use to write a program for this... Any lead at all would suffice.
If you could point me in the right direction, I would appreciate it.
PS. I am familiar with c++ and shell and php but that's irrelevant.
Hmm, you seem to be interested in Windows only. If so, you might wish to look at Windows Layered Socket Providers (LSP) infrastructure.
In short, you can write DLL, which would be automatically loaded into any application that uses Winsock. This DLL can intercept calls to any Winsock function like connect(), send() and etc. When such call is intercepted you can show user some window asking if he wish to connect to this address.
So, this can be used to build such firewall application you are thinking of.
There should be a lot of documentation on how to create LSP's on Microsoft site, but i remember especially nice example by Komodia company - http://www.komodia.com/lsp/lsp-sample.
Related
I am penning down the features that a remote logging
library might need when built from scratch.
I looked up this: http://www.aggsoft.com/serial-data-logger.htm
I wish to know that what differences can be between a
remote logging library and a remote logger software.
Few things that I thought of:
1. The library can be used in C++ programs to log error messages on the fly.
2. The library will require programming knowledge on the end user's part.
3. The software cannot be used "inside" a C++ program, so we won't be able to log the error messages on the fly? Not sure about this one.
I would like to know that besides logging error messages, what are the things for which it makes sense to use the remote logging library? Sharing big files? Anything else than these two things?
Secondly which is better in what way out of a library and a software - in the current case?
As I mentioned in the my comments to your question, I would think that a logging library would provide some sort of an API/SDK, whereas remote software would not. The same would hold true if its sending messages via TCP/UDP or a serial port. The difference between the 2 options would be how much coding you would have to do. That is, how much would you have to reinvent the wheel?
IMHO, nearly all debug environment/tools support redirect the console output the serial port (using print, or other API). It usually not a a task of Application programmer.
There are other methods for "remote logging":
1) syslog, syslog-ng 's remote service
2) save log local, fetch using ftp
Im looking for code that connects to another computer via remote desktop connection and checks if the connection was successful or not.
I packet logged and found out there was a galaxy worth of packets so i was wondering if there was some easy code out there.
There really isn't anything easy about RDP, that protocol stack is huge and builds on the ITU OSI protocols, which includes a fair amount of ASN.1/BER.
Your best bet is the code that's in FreeRDP.
A bit of terminology: you want a "RDP client library for C++".
As others have mentioned, look into the "FreeRDP" and "rdesktop" projects.
With FreeRDP, you're going to get a suite of libraries (each one doing it's thing). With rdesktop, you're going to get a client app (which you have to break the C code out of, and "build" your C++ api around).
If this is a new project, I'd pick FreeRDP over rdesktop, as they have libraries available with your C++ interface already in place.
Do you need to check if an RDP server is present, but not authenticate? In this case all you'd need are the first couple of packets used to negotiate protocol security. You can find the code in FreeRDP in libfreerdp-core/nego.c.
#Blanker1231 : You should have look on rdesktop code , its in c but can be very easily modified to be used in a C++ code , all you have to do is bridge their Struct Stream effectively .
moreover I have worked on a Rdp 7+ implementation ages ago in qt/c++ for a , so recently just for fun of it i used all of my experience and wrote a RDP parser and code generator and open sourced it on https://github.com/shashanksingh/Code-Generator-for-RDP
Right now it dead simple and i am still working on it more intelligent . Word of caution it doesn't generate everything . Examples includes demo.def which on compilation will generate all the class os ms-fscc used in ms-rdp
#Blanker1231 if you ever feel like , just fork the implementation and start pushing stuff in
My main goal is to create an advanced program for manipulating the packets that route within my network via the router. Let my program have total control over the router. Set the download/upload speeds to my inputs, apply the effect to certain devices within in my network. Block upload or download traffic. Set second delay for either the upload or download speed. Specify % of loss packets, and the list goes on.
The problem is that I don't know where to start. I know most languages at the very most basic level. I'd like to create this program in either C, C++ or C# but I don't know yet. What else do I need to know before creating this program? Winsock or something? Winpcap APIs?
This goal is my motivation to learn programming to the extreme, and I'm really looking forward to it.
Thanks in advance!
Hmmm I guess you would want to look at pcap(?):
pcap
Check out:
http://beej.us/guide/bgnet/html/multi/index.html
'Beej's Guide to Network Programming
Using Internet Sockets'
All you could possibly need to know about programming sockets for capture and manipulation.
If I were you I'd write it in C, I'm writing a similar project at the moment in C++ and it's hell but too late to stop and start again.
Hope that helps.
Bear in mind that you either need a router that you can re-program or you need to use your PC as a router to do this.
Either way you want to look into how IPTABLES are implemented.
I've never seen Desktop Windows used as a router only Windows Server, though it may still be possible. libpcap is for packet capture, but not interception as I understand it. Programs like Wireshark use it to monitor copies of packets, but not to modify them. If you want to attempt this, my impression has been that there is a lot more documentation and tools for doing something like this with NetFilter/IPTables on Linux. You can even install something like OpenWRT on a compatible router and get a small, cheap Linux router, though having Desktop Linux will probably help for development. The NetFilter QUEUE library can be used with some IPTables firewall rules to redirects specific (or all) packets to a regular user program. That program can then read the packet and modify it or even request it to be dropped.
http://www.netfilter.org/projects/libnetfilter_queue/
If you want to manipulate network traffic on a Windows machine (as you mentioned), you will need some extra software. This operating system wont give you the full control over itself, which is fine for some reasons.
I think what you want to do, should be done with either winpcap or win10pcap if you are using Win10. These packages contains a windows driver and the libpcap user space library.
Is there a way to kill off an existing connection??
For example, 192.168.1.120 is connected to be via port 8080.
I would like to know how to terminate that connection?
Many thanks!
Since this question is tagged C++ (and I had the same question), I presume that the OP wanted an example that uses the Windows API. I've done this using the GetTcpTable2 and SetTcpEntry APIs. You'll need to call GetTcpTable2 and filter the results to the connection you want to terminate, then pass it to SetTcpEntry. Note that I took a bit of a shortcut with allocating memory for GetTcpTable2, so if you're writing production code, you'll want to read the Microsoft documentation on how best to correctly use the API.
Feel free to use the code I wrote and published under the MIT licence on Github:
TcpConnectionKiller.cpp
Easiest way (without external software) is to kill and/or restart the process that's watching that port. That'll kill off every connection used by that process, though, so it's not something you normally want to do on a server.
To find out which process is handling the connection on your side, you can say netstat -anp in Linux, or netstat -anb in Windows. Note, in Windows, netstat can be quite slow in backtracking from a socket to a process.
If you're using Windows, and don't mind downloading something, check out SysInternals' TCPView. Lets you see what ports are open, and what's using them. It can even kill connections, IIRC, though i forget whether it's by simply resetting the connection or by killing the process using it.
i would like to develop a c++ application that would list all url accessed with its response time within the pc. this probably would be transparent to the user, so it would be a dll.
can anyone gve me some sample codes or tutorials on th said matter.
or any tips and suggestion?!..
thanks alot:))
You should take a look at the fiddler plug-ins. This is not a trivial exercise. You need to do dependency injection to capture the wininet calls. Even so not all apps use the high level windows api to initiate connections. Applications that make TCP connections might last for a long time since not all TCP calls are simple web requests.
As Byron has said, this is a non-trivial exercise. You could do it using libpcap http://sourceforge.net/projects/libpcap/ having installed http://www.winpcap.org/ on Windows. Tutorials for using libpcap are around and you'd need to learn to filter out everything but http/https traffic, although once you've got to that stage it shouldn't be too hard. Try http://yuba.stanford.edu/~casado/pcap/section1.html for starters or http://systhread.net/texts/200805lpcap1.php. Both tutorials look reasonable.
I also feel I should point out that "transparent to the user" and "dll" are not equivalent ideas. A DLL is a set of library functions separate from an application that can be used by many applications - see http://en.wikipedia.org/wiki/Dynamic-link_library. A "standard" executable file (i.e. file ending in .exe) can still be transparent to the user if run, for example, as a Windows Service, which might be more what you are looking for.