I want to set system wide proxy settings on my windows machine. I know about the settings from Internet Explorer but dont want to do it that way. Is there a way to set up a proxy which will be used by all the applications on my machine(especially firefox, I dont want to have to set Use System proxy Settings in the Firefox options menu)?
In windows, that is the preferred way to set up the proxy settings.
But you can have a look at this for command line options
https://superuser.com/questions/419696/in-windows-7-how-to-change-proxy-settings-from-command-line
How can this be achieved theoretically
I am going to provide a somewhat unusual answer, because I've noticed that this particular 'way' of solving this problem has (for some reason) not crossed people's minds so far.
If you want to really make all apps without exception send internet traffic through your proxy, you are going to have to use a special technology known as TUN/TAP devices.
In short, these are special drivers, which when installed appear to a system as a network adapter (just like your local Ethernet or Wireless card), but they are in fact built in such a way so as to be easy to control from a software level.
Basically, when you install such a driver on the system, the system now regards that device as a fully functional Network Adapter. Therefore, if you now set this network adapter as the default gateway, all apps (without knowing it or being able to prevent it) will automatically pass through it, the same way as all apps pass through a generic Wireless Adapter / Ethernet.
Practical ways of achieving this / How can I use this with proxies?
Now that you have a basic idea of what redirecting system traffic through a TAP/TUN device means, there are a couple of ways of doing this.
Before I start, I really recommend that even if you stray from the suggested resources here, you stick to using OpenVPN's open source TAP device, since it has been extensively tested and confirmed to work on many systems, and is very widely used now (Some basics are available at https://openvpn.net/tuntap, and I trust you should find it embedded in any latest version of OpenVPN, the only files you need are the compiled drivers (.inf), you don't need to have the entirety of OpenVPN installed to use them).
The project that instantly comes to mind when thinking of using SOCKS proxies as the endpoint of a TAP device is badvpn/tun2socks. The project basically does exactly what is outlined here, so I definitely recommend you read the source code, or use it as a standalone utility (If you need some help with usage, I suggest you check out this wiki page.
What if any are the drawbacks of using this approach?
First of all, speaking of compatibility, performance and bugs, there are no drawbacks of using this approach at all, it is if anything more reliable and easier to use then even the ways of doing this provided by the system.
The only two drawbacks I can see at this point would be:
You have to be careful to make sure whatever proxy/intermediate host you are using, it is capable of handling at least the majority of system traffic, because if an app sends incompatible internet traffic, it will still be redirected through the TAP device (that is it's purpose).
The code base may be larger than in other cases
An alternative, 'unclean' way of doing this for Firefox in particular
If you are interested in only setting this proxy for Firefox, there are a couple of unclean ways of doing this: For instance, via the command line. It is, however (in my opinion), a very cheap and dirty way of achieving this, as this does not provide any compatibility whatsoever (basically a hack).
Conclusion
While implementing this may take a while, and the code base may be large:
It is not really possible, through any other means to achieve the same effect as VPNs achieve when they tunnel the entirety of your machine's traffic through the OpenVPN server.
If you want to achieve this kind of behavior, it is recommended that you use the approach outlined above, as it is a lot cleaner then 'alternative' methods of doing so (e.g. Socksifying traffic by intercepting it at a software level)
Related
I've been having a very confusing discussion with a colleague about the use of Network Direct in Windows to provide RDMA, and Linux where we have a working implementation using the verbs api and rdmacm.
Said collegue developed his Network Direct implementation after he couldn't get the verbs one to work. I did the rdmacm implementation under Linux. We both got them talking linux=>linux and windows=>windows but never got around to testing Linux=>windows or windows=>linux. During the development there was some hint of it possibly working, they appeared to start talking but of course things were still in development.
The project was put on hold for months and the framework that it was built into has had significant redesign. I'm left with pulling what was working from the Windows side into the new framework and I'm having a hard time getting it working or seeing any part of it connect from Linux.
My understanding is that at the lower layer they will both talk verbs. But I'm now not so sure with colleague saying things like "Remember this is not verbs", just to add to the confusion.
So the question is. will an application that uses rdmacm be able to establish a connection to an app that uses Windows NetworkDirect interface or are the two completely different and incompatible?
According to Mellanox support, Network Direct should be compatible with InfiniBand verbs. We've had good luck doing RDMA transfers using rdmacm Linux-Linux and Windows-Linux. We used the windows libraries available at open fabrics alliance (look for ofed_sdk). It was not easy to figure out what libraries to get in order to do the Windows part.
However, Microsoft does not want people to use the ibverbs approach on MS-Windows any more. If you are having trouble getting ND on Windows to talk to Linux, are you sure that you are putting the values in network order before shipping them over?
I need to write an SNMP agent on Windows for our company product.
SnmpApi.lib - It's my understanding that SnmpApi.lib allows you to create a full agent from scratch and probably requires more work. This, however, takes over the SNMP port and doesn't allow other agents to run and will take longer to code.
MgmtAPI.lib - This lib will allow one to create an extension to the already running Windows SNMP service and seems a more elegant approach to creating an Windows agent. However, I'm findining very little official MS documentation/examples on how to code such an agent. I've also read on another forum that this might be deprecated.
I've seen an Oreilly book out in the wild called "Windows NT SNMP" but I heard it uses deprecated libs or techniques. I don't know if this is true or not.
I've also seen libraries like SNMP++ that use the SnmpAPI.lib to create an agent, but again, this isn't as elegant as letting multiple sub-agents on the system via MgmtAPI.lib, it seems.
A few questions:
I heard that MgmtAPI.lib is legacy/deprecated. Is this true?
What's the best practice for creating a Windows SNMP agent?
What library should i be using?
Any other suggestions?
Thank you!
The default windows SNMP stack and framework is very limited in its ability. Unfortunately, your best solutions are probably found elsewhere (of which there are a number of external libraries and stacks). If you want one that is modular and allows sub-agents, then look into a stack that supports the AgentX protocol. That's a standardized SNMP subagent protocol and will let multiple sub-agents attach to a master agent.
But whatever you do, please pick a stack that supports SNMPv3 and use the security in it.
If you want a random stack example that is known to work well on windows, try Net-SNMP which is fairly popular among the "replace the SNMP stack on windows" crowd. But I'm also biased and associated with the project, so I'll end with saying: "it doesn't matter too much; pick any stack that supports both AgentX and SNMPv3".
I know blocking a website is a popular question but none of the answers I've seen address my particular situation:
I want to block a website (to be selected by the user, which must also have Admin rights, on Windows XP), without forcing her to restart her browser.
The well known technique of modifying the hosts file requires some browsers to be restarted. I want to accomplish that in a way that is browser-independent (e.g. Content Advisor works in IE but not in FF) and which doesn't require the user to restart his browser.
Please note that I am interested in knowing how to do this programmatically, so http://superuser.com or http://serverfault.com aren't really the right places for this question, as they mostly suggest tools and services, while I am interested in the underlying knowledge so that I can implement it myself.
Ideas?
Thanks.
Please note that I am interested in
knowing how to do this
programmatically, so
http://superuser.com or
http://serverfault.com aren't really
the right places for this question, as
they mostly suggest tools and
services, while I am interested in the
underlying knowledge so that I can
implement it myself.
Such tools would filter traffic by implementing a NDIS Intermediate Driver. See also this other question.
I am doing a research on how someone can detect whether another machine is running Windows or Linux, if it runs inside a virutal machine, if it's behind NAT\proxy\VPN and what not.
I saw some interesting tools like p0f, which does passive detection.
Basically, I know there are implementation differences in TCP and other underlying protocols, not to mention application level stuff that exist on Windows and not Linux, but I can't find any, and worse still, I really do not know what terms to look for in Google.
Do you have links or tutorials explaining what to detect to differentiate Linux and Windows?
This is not a subject about which I have a great depth of knowledge but try looking for "TCP stack fingerprinting" and also have a look at nmap's source code. I believe nmap is capable of using stack fingerprinting which involves testing for differences in TCP implementation in order to attempt to determine the environment on a host.
I've not used nmap to any great extent so I can't vouch for the quality or accuracy of it's implementation, but source code is available.
For the web, the differences between web browsers are fairly extensively documented. One example of a difference between browsers is the way in which an XmlHttpRequest object is created. By trying to instantiate an XmLHttpObject in different ways and testing which ones succeed, you may be able to determine the browser or JavaScript engine running the code.
here - http://nmap.org/book/osdetect.html
It's all been done before. How about starting with nmap?
Nmap -O is great for detecting systems operating systems by probing.
p0f is another tool that can be set in listener mode, and detects the operating system on systems that make connections to you.
I'd like to write a packet sniffer and editor for Windows. I want to able to see the contents of all packets entering and leaving my system and possibly modify them. Any language is fine but I'd like it to run fast enough that it won't burden the system.
I've read a little about WinPcap but the documentation claims that you can't use WinPcap to create a firewall because it can't drop packets. What tools will help me write this software?
Been there, done that :-) Back in 2000 my first Windows program ever was a filter hook driver.
What I did was implementing the filter hook driver and writing a userspace application that prepared a filter table on what to allow and what to disallow. When you get around your initial set of blue screens (see below for my debug tip in kernel mode) the filter mode driver is quite easy to use ... it gives each packet to a function you wrote and depending on the return code drops it or lets it pass.
Unfortunatley packets at that level are QUITE raw, fragments are not reassembled and it looks more like the "network card" end of things (but no ethernet headers anymore). So you'll have quite a bad time decoding the packets to filter with that solution.
There also is the firewall hook driver, as discussed in this codeproject article.
If you are on Vista or Server 2008 you'd better have a look at WFP (Windows Filtering Platform) instead, that seems to be the mandated API of the day for writing firewalls.
I don't know about it other than google turing it up some minutes ago when I googled for the filter hook driver.
Update: Forgot the debug tip:
Sysinternals DbgView shows kernel-mode DbgPrint output, and more important - it can also read them from the dump file your last blue screen produced. So sprinkle your code with dbgprint and if it bluescreens just load the dump into dbgview to see what happened before it died ... VERY useful. Using this I managed without having a kernel debugger.
I'm pretty sure you'd need to write a filter driver. http://en.wikipedia.org/wiki/Filter_driver I don't know much more than that :). It would definitely be a C/C++ Win32 app and you'd likely being doing some kernel side work. Start by downloading the DDK and finding some of the sample filter drivers.
If you just want to monitor what goes in and out of IIS, consider an ISAPI filter. Still C/C++ in Win32, but relatively easier than writing a device driver.
C# code to do this is here
I actually did this, several years ago. I'm hazy on the details at this point, but I had to develop a filter/pass-thru/intermediate driver using the Windows DDK. I got a lot of good information from pcausa. Here's a url which points to their product that does this: http://www.pcausa.com/pcasim/Default.htm
If you're doing this for practical reasons, and not just for fun, then you should take a look at Microsoft Network Monitor. The home page talks about the version 3.3 beta, but you can download version 3.2 from the Downloads page. There is also an SDK for NM, and the ability to write parsers for your own network protocols.
There's a question you need to ask which you don't know you need to ask; do you want to know which applications sockets belong to? or are you happy to be restricted to the IP:port quad for a connection?
If you want to know applications, you need to write a TDI filter driver, but that makes handling the receive almost impossible, since you can't block on the receive path.
If you're happy with IP:port, go in at the NDIS level, and I believe you can block on receive to your hearts content.
A word of warning; if you have no prior kernel experience, writing either of these drivers (although TDI is significantly harder) will take about two years, full time.
this:
TdiFw is a simple TDI-Based Open Source Personal Firewall for Windows NT4/2000/XP/2003
http://tdifw.sourceforge.net/
may help you