Filtering Internet traffic

Just starting out? Need help? Post your questions and find answers here.
boyoss
User
User
Posts: 74
Joined: Fri Feb 05, 2016 10:11 am

Filtering Internet traffic

Post by boyoss »

Hello everybody
I went back to my old project, which I never finished ...

So here it is, the goal is to create software that restricts computer access to the Internet and only allows certain sites and programs. To be more precise, this program is intended for secretaries in the office, and must allow them Microsoft Outlook (to see the mails), and some websites. The job site, the Gmail site, Wikipedia, and that's it.

Last year I did a lot of work on it, I made a program that use the Windows firewall, so as to block the Internet of all programs on the computer, and only allow Microsoft Outlook and Google Chrome, and in Google Chrome I put a proxy that allows some sites, and it worked pretty well.
The problem is that if the ESET antivirus is installed on the computer, or any other antivirus that manages the firewall, the entire computer opens to the Internet, and the settings of the Windows firewall no longer work. In addition I prefer not to use the windows firewall, but something native, that I combine in my program (since one can always make changes in the Windows firewall, and my program must always check that nothing has changed ).

In short, I saw the work of JHPJHP about WinDivert, it seems to suit me, but the problem is that it does not manage HTTPS sites.
My question is, is there a way to make a program that would run all the time in background, and allow or deny internet connections, based on a white list of domains? it's not about making changes to sites, just about allowing or denying connections.

Otherwise, another solution would be to find a way to block the internet connection of programs, without going through the windows Firewall.

A third option would be to find a way to put the proxy for the entire computer. but for the moment I only managed to put it on browsers (and not on uTorrent, for example)

I specify that the rights of administrators are not a problem.

Thank you
User avatar
CELTIC88
Enthusiast
Enthusiast
Posts: 154
Joined: Thu Sep 17, 2015 3:39 pm

Re: Filtering Internet traffic

Post by CELTIC88 »

the easy way is to :
get all connection tcp with "GetExtendedTcpTable" and close the selected connection with "SetTcpEntry" , but is not guaranteed!

you need to create a driver.

or hacker mode :twisted: inject shellcode!

Code: Select all


InitNetwork()

Structure MIB_TCPTABLE_OWNER_PID 
  dwStats.l 
  dwLocalAddr.l 
  dwLocalPort.l 
  dwRemoteAddr.l 
  dwRemotePort.l 
  dwOwningPid.l 
EndStructure 

Structure MIB_TCPTABLE 
  dwNumEntries.l 
  table.MIB_TCPTABLE_OWNER_PID[0] 
EndStructure 

Structure MIB_TCPROW
  dwState.l
  dwLocalAddr.l
  dwLocalPort.l
  dwRemoteAddr.l
  dwRemotePort.l
EndStructure

Prototype SetTcpEntry(pTcpRow)
Prototype GetExtendedTcpTable(pTcpTable,pdwSize,bOrder,ulAf,TableClass,Reserved = 0)
OpenLibrary(0, "iphlpapi.dll") 
Global GetExtendedTcpTable.GetExtendedTcpTable = GetFunction(0,"GetExtendedTcpTable")
Global SetTcpEntry.SetTcpEntry = GetFunction(0,"SetTcpEntry")

Procedure CloseRemoteConnectionIP(IpNum)
  Protected *tcpTable.MIB_TCPTABLE,dwSize ,TcpRow.MIB_TCPROW
  GetExtendedTcpTable(0 , @dwSize, #True,#AF_INET,5) 
  If dwSize = 0
    Debug " [-] Error 1"
    End 1
  EndIf
  *tcpTable = AllocateMemory(dwSize)
  If GetExtendedTcpTable(*tcpTable , @dwSize, #True,#AF_INET,5) <> 0
    Debug " [-] Error 2"
    End 2
  EndIf
  With *tcpTable
    For i = 0 To \dwNumEntries - 1 
      If \table[i]\dwRemoteAddr = IpNum
        Debug " [+] Connection detected"
        TcpRow\dwLocalAddr = \table[i]\dwLocalAddr
        TcpRow\dwLocalPort = \table[i]\dwLocalPort
        TcpRow\dwRemoteAddr = \table[i]\dwRemoteAddr
        TcpRow\dwRemotePort = \table[i]\dwRemotePort
        TcpRow\dwState  = 12; MIB_TCP_STATE_DELETE_TCB
        If SetTcpEntry(TcpRow) <> 0
          Debug " [-] Error 3"
          End 2
        EndIf
        Break
      EndIf
    Next 
  EndWith
  FreeMemory(*tcpTable)
EndProcedure

Procedure TcpNameToIpNum(sHost.s)
  Protected *ip = Ascii(sHost)
  Protected IpNum = inet_addr_(*ip)
  If IpNum = #INADDR_NONE
    Protected *PeekL.Long
    Protected *hostentry.hostent = gethostbyname_(*ip)
    If *hostentry <> 0 
      *PeekL=*hostentry\h_addr_list
      *PeekL=*PeekL\l
      IpNum = *PeekL\l
    EndIf
  EndIf
  FreeMemory(*ip)
  ProcedureReturn IpNum
EndProcedure

Ipnum = TcpNameToIpNum("www.purebasic.fr")
If Ipnum = #INADDR_NONE
  Debug " [-] Error 0"
EndIf



While 1
  Delay(10)
  CloseRemoteConnectionIP(Ipnum) ;Ip https://www.purebasic.fr/
Wend
Last edited by CELTIC88 on Tue Jun 19, 2018 1:57 pm, edited 1 time in total.
interested in Cybersecurity..
boyoss
User
User
Posts: 74
Joined: Fri Feb 05, 2016 10:11 am

Re: Filtering Internet traffic

Post by boyoss »

The code is not working.. i can still access the purebasic site.

What do you mean create a driver, is iy possible with Purebasic? Ot is there maybe an open source that i can use (and combine it with Purebasic)

Thanks
User avatar
CELTIC88
Enthusiast
Enthusiast
Posts: 154
Joined: Thu Sep 17, 2015 3:39 pm

Re: Filtering Internet traffic

Post by CELTIC88 »

in my pc work perfectly! "window 7 32 admin mode"
i have modified the code
please can you retest the code and tell me the type of error
for driver, I think is possible with this addition
viewtopic.php?f=14&t=53460
. but is not easy to make it ...!
interested in Cybersecurity..
Marc56us
Addict
Addict
Posts: 1477
Joined: Sat Feb 08, 2014 3:26 pm

Re: Filtering Internet traffic

Post by Marc56us »

You say you have ESET antivirus then update it to ESET Internet Security.
It has all the functions you need (whitelist, blacklist, password lock configuration, and many other functions)

Stop tinkering with solutions that will disrupt the normal operation of the PC and especially make programs made with PB look like a suspicious program.
User avatar
CELTIC88
Enthusiast
Enthusiast
Posts: 154
Joined: Thu Sep 17, 2015 3:39 pm

Re: Filtering Internet traffic

Post by CELTIC88 »

@Marc56us,

Where is the suspicious code you are talking about?

I think he's looking for a #PB programming solution!

:)
interested in Cybersecurity..
Marc56us
Addict
Addict
Posts: 1477
Joined: Sat Feb 08, 2014 3:26 pm

Re: Filtering Internet traffic

Post by Marc56us »

Where is the suspicious code you are talking about?
Many topics launched by boyoss go in this direction (and have therefore been locked)
Example:
viewtopic.php?f=13&t=67630
viewtopic.php?f=13&t=67548
...
Look at Fred's answer at the end of each topic

And no, installing an antivirus, even simple does not disable the firewall.

As for restricted access to certain sites (for normal users) you can do this by modifying the local hosts file and not giving admin rights.

So please don't give codes to change the system here. Not all readers are well-intentioned and the community has enough trouble getting rid of the bad reputation set up by some anti-viruses

Thanks
Post Reply