Hi, i would like to write proxy in vc++, which blocks some http requests. Can you please advice me, how to intercept and examinate these requests. What do i need to do this?
A:
Most people would use Winsock for this. There is a load of socket libraries you can check out for alternatives. Qt might be a good option, as well as libcurl, and further a google search for c++ socket library will turn up loads.
On HTTP parsing, there is not so much to choose from I think. There is ry's parser that has some users it seems. Personally I use a modification of this one, which is good for my purpose, but not very robust for security and there is also Wininet, which is probably to basic for firewal purposes.
ufotds
2010-06-25 11:29:06
can you be more specific? Is there any open source project with same result? Didnt find anything
Roar
2010-06-25 11:32:06
how it is possible technicaly to block request?
Roar
2010-06-25 11:33:26
About technically blocking a request, well, if you are a proxy and you ignore a packet, I would consider it blocked...;-)
ufotds
2010-06-25 11:50:19
yes, but i have to make my program acting as proxy. Do you think LSP is bad idea?
Roar
2010-06-25 11:59:19
A Layered Service Provider would be great for a **firewall**, if that is what you are writing.
ufotds
2010-06-25 12:10:08
i am trying to write proxy that blocks some web sites. Is that good?
Roar
2010-06-25 12:22:22
Just to make sure, could you tell me the difference between a proxy and a firewall...
ufotds
2010-06-25 12:28:11
:D, the proxy acts as firewall, yes!
Roar
2010-06-25 12:30:16
No seriously, it are two different things. Depending on what you want to do, you need to choose one. For a proxy to drop a packet is equal to blocking it. LSP is not suitable for a proxy (well, you could use it if you really want, but not advisable), but it is very suitable for making a custom firewall. Do not underestimate the challenge in writing either. If you have no experience with C++, do something else first. Think of the most simple piece of program you can use in your daily life and no-one else has written, and make it. You will be surprised about the difficulty.
ufotds
2010-06-25 12:34:45
I am expirienced in c++, but havent written anythink similar. So my goal is to make PROXy, which would examinate http sites and its content. I want proxy, not "just" firewall, becouse of ssl. If you want to see encrypted sites, you have to make proxy. When the browser wants to establish secure connection, you have to catch this and block, send the browser your own certificate. So yes, it has to be proxy. So any usefull ideas?
Roar
2010-06-25 12:43:26
Ok, so are you it's only user? or does it need to be secure? Does it only need http, because in that case there is WinHttp which can do most of the work for you, including support for SSL. http://msdn.microsoft.com/en-us/library/aa384080%28v=VS.85%29.aspx
ufotds
2010-06-25 12:53:50
it has to be secure, the connection between the client proxy and server has to be encrypted considering ssl. Is there any problem with winhttp then?
Roar
2010-06-25 12:59:30
But my first issue is to intercept the traffic and block SSL handshakes. I think that winhttp doesnt support this. I am not interesting right know resolving other problems. Why is LSP not good?
Roar
2010-06-25 13:09:15
Well, the sky is the limit. Don't let me stop you from writing a proxy using lsp, but the thing is proxy's and firewalls (software that normally uses lsp) receive their network packets in a totally different way. A proxy listens on a specific port for incoming connections, and then relays them, whereas lsp lets you put a filter on the tcp/ip stack this filter will get all network packets that pass through this windows tcp/ip stack. Feel free to combine both if that makes sense to you, it doesn't really to me... greets
ufotds
2010-06-25 14:36:35