How to build local web proxy without configuring the browsers - installation

How does Netnanny or k9 Web Protection setup web proxy without configuring the browsers?
How can it be done?

Using WinSock directly, or at the NDIS or hardware driver level, and
then filter at those levels, just like any firewalls soft does. NDIS being the easy way.
Download this ISO image: http://www.microsoft.com/downloads/en/confirmation.aspx?displaylang=en&FamilyID=36a2630f-5d56-43b5-b996-7633f2ec14ff
it has bunch of samples and tools to help you build what you want.
After you mount or burn it on CD and install it go to this folder:
c:\WinDDK\7600.16385.1\src\network\ndis\

I think what you need is a transparent proxy that support WCCP.
Take a look at squid-cache FAQ page
And the Wikipedia entry for WCCP
With that setup you just need to do some firewall configuration and all your web traffic will be handled by the transparent proxy. And no setup will be needed on your browser.

netnanny is not a proxy. It is tied to the host machine and browser (and possibly other applications as well. It then filters all incoming and outgoing "content" from the machine/application.
Essentially Netnanny is a content-control system as against destination-control system (proxy).
Easiest way to divert all traffic to a certain site to some other address is by changing hosts file on local host

You might want to have a look at the explanation here: http://www.fiddlertool.com/fiddler/help/hookup.asp
This is how Fiddler2 achieves inserting a proxy in between most apps and the internet without modifying the apps (although lots of explanation of how-to failing the default setup). This does not answer how NetNanny/K9 etc work though, as noted above they do a little more and may be a little more intrusive.

I believe you search for BrowserHelperObjects. These little gizmos capture ALL browser communication, and as such can either remote ads from the HTML (good gizmo), or redirect every second click to a spam site (bad gizmo), or just capture every URL you type and send it home like all the WebToolBars do.

What you want to do is route all outgoing http(s) requests from your lan through a reverse proxy (like squid). This is the setup for a transparent web proxy.
There are different ways to do this, although I've only ever set it up OpenBSD and Linux; and using Squid as the reverse proxy.
At a high level you have a firewall with rules to send all externally bound http traffic to a local squid server. The Squid server is configured to:
accept all http requests
forward the requests on to the real external hosts
cache the reply
forward the reply back to the requestor on the local lan
You can then add more granular rules in Squid to control access to websites, filter content, etc.
I pretty sure you can also get this functionality in different networking gear. I bet F5 has some products that do some or all of what I described, and probably Cisco as well. There is probably other proxies out there besides Squid that you can use too.
PS. I have no idea if this is how K9 Web Protection or NetNanny works.

Squid could provide an intercept proxy for HTTP and HTTPs ports, without configuring the browsers and it also supports WCCP.

Related

931107 - configuring squid

i'm too beginner in squid. i want a way to remain anonymous over the net. i also want to be able to access the contents of the internet which are filtered. my Windows computer is beyond firewall (filtered). my server (CentOS 5) is not. for example, when i enter http://facebook.com in the browser url, it redirects to an intranet ip which tells me to avoid going to this site!
now i've installed squid on server and traffic is propagated through this server. but this redirection occurs. so still i can't open filtered sites.
what can i do? a friend of mine told that the only way is to use https. ie. the connection between browser (Firefox) and the server must use this protocol. is it right? and how can i do that?
what's your suggestion? i don't want necessarily to use squid. besides, https protocol gets banned or decreased in speed in my country sometimes. so i prefer the protocol remain http. i thought also about writing a code in client and server to transform, compress/decompress and packetize as hoax binary http packets to be sent as much speed and success as possible. but i'm not an expert in this context and now i prefer more straightforward ways.
i respect any help/info.
I assume you are located in Iran. I would suggest using TOR if you mainly access websites. The latest release works reasonably well in Iran. It also includes an option to obfuscate traffic so it is not easily detectable that you are using TOR.
See also this question: https://tor.stackexchange.com/questions/1639/using-tor-in-iran-for-the-first-time-user-guide
A easy way to get the TOR package is using the autoresponder: https://www.torproject.org/projects/gettor.html
In case the website is blocked, it works as follows:
Users can communicate with GetTor robot by sending messages via email.
Currently, the best known GetTor email address is gettor#torproject.org.
This should be the most current stable GetTor robot as
it is operated by Tor Project.
To ask for Tor Browser a user should send an email to GetTor robot
with one of the following options in the message body:
windows: If the user needs Tor Browser for Windows.
linux: If the user needs Tor Browser for Linux.
osx: If the user needs Tor Browser for Mac OSX.

what is the difference between a proxy server like tor and a proxy tool like paros?

it seems to be a big difference between them but eventually, both of them use a proxy
but paros can modify an intercept HTTP and HTTPS request , and tor just "make me invisible" ?
how does it work ?
Paros and Tor serve different purposes. The first is a vulnerability scanner which might take your input, modify it and send it to the target website. Tor on the other side doesn't modify your requests, but wraps around encryption layers and send the requests over some servers until it reaches the target.
If you have Paros installed locally and send your requests through the software, the target website will see your IP address. Tor's purpose is to hide your IP address. So the target website will see some other address than your.
For specific questions on Paros you might want to have a look at security.SE site. Questions about Tor are handled at tor.SE.

See useragent in an https connection?

I have an app, and it makes an https connection to a server. Is it possible to use something like wireshark or charlesproxy to just see the useragent that it's connecting with? I don't want to see any of the actual data, just the useragent - but I'm not sure if that is encrypted as well? (and if it's worth trying)
Thanks
Is it possible to...
No. Browser first establishes secure connection with server, then use it for transfer all data including requests' data, various headers etc.
Too late for the original inquirer, but the answer is that it may be possible in some cases, depending on application implementation.
You can use fiddler, and by turning on the 'decrypt https traffic' you also have visibility to the HTTPS content in some cases.
What fiddler does (on windows at least) is register itself within the wininet as system proxy. It can also add certificates (requires your approval when you select to decrypt https traffic) and generates on the fly certificates for the accessed domains, thus being MitM.
Applications using this infrastructure will be 'exposed' to this MitM. I ran fiddler and ran a few applications and was able to view https traffic related to office products (winword, powerpoint, outlook) other MS executables (Searchprotocolhost.exe) but also to some non-microsoft products such as apple software update, cisco jabber)

operate in internet gateway mode to relay data - windows

I want to write a general solution to relay data that comes from different application protocols to a proxy (socks and or/http) in order to do web filtering. Are there any open source projects for windows that do that ?
Check out cntlm. Here's the link:
http://cntlm.sourceforge.net/
It's main selling point is that it does NTLM authentication, but it also works well as a general-purpose proxy. It also has a gateway mode that allows it to proxy network traffic to another proxy server.

How can I locally intercept and respond to browser requests?

I want to set something up on my computer where if something (program, browser, whatever) makes a request (to a certain domain, I guess) I can send my own response to the request. I once saw a program that did that, and I was wondering how it did it. How would it be done?
How about just editing hosts file? Popular operating systems have it. Just use it to redirect to whereever you want. To me it looks like the simplest solution to this question.
You can build a HTTP proxy that will intercept all requests from the browser. But you have to configure the browser to use the proxy.
What mikerobi said, but you can also set up your computer or gateway machine to act as a transparent proxy. (You need this if you either don't want to configure your browser, or you're working with an application that uses HTTP but doesn't allow for configuration of a proxy.)
On a FreeBSD or Linux machine (I'm sure there are other OSes that can do this; I mention the ones I use), you can set up your own firewall rules to intercept particular traffic (say, all port 80 traffic, or all port 80 traffic to a particular domain, or whatever) and forward the traffic to your own special proxy, which can return whatever you want.

Resources