Windows过滤平台,用于从托管代码中过滤HTTPS [英] Windows Filtering Platform to filter HTTPS from managed code
问题描述
我想为Windows开发基于主机的防火墙主要是为了过滤以HTTPS开头的URL!我知道微软正在推出WFP,以替代已弃用的旧技术,如防火墙/过滤器挂钩,NDIS,TDI,WSA和Winsock 2(LSP)。但WFP目前不支持使用主机名或URL的过滤器。此外,WFP仅在C / C ++中,并且.NET中没有可用的C#包装器。
I want to develop a host-based firewall for Windows mainly to filter URLs starting with HTTPS ! I know that Microsoft is presenting WFP as a substitution to the deprecated old techniques such as firewall/filter hooks, NDIS, TDI, WSA and Winsock 2 (LSP). But WFP does not currently support filters with hostname or URL. Also, WFP is only in C/C++ and there is no available C# wrappers in .NET.
我试过@basil的 WinDivert 演示app webfilter,用于解析TCP端口80(默认HTTP)上的IPv4出站流量中的数据包,重置服务器连接(TCP RST)并向客户端(浏览器)发送HTML响应,然后发送TCP FIN,以防URL匹配任何在文本文件中作为命令行参数给出的列入黑名单的条目,否则重新注入它们...
I tried @basil 's WinDivert demo app webfilter which parses packets in outbound traffic for IPv4 on TCP port 80 (default HTTP), reset server connection (TCP RST) and send a HTML response to the client (browser) followed by a TCP FIN in case the URL matches any of the blacklisted entries given in a text file as command line argument and re inject them otherwise...
handle = WinDivertOpen(
"outbound && " // Outbound traffic only
"ip && " // Only IPv4 supported
"tcp.DstPort == 80 && " // HTTP (port 80) only
"tcp.PayloadLength > 0", // TCP data packets only
WINDIVERT_LAYER_NETWORK, priority, 0
);
我的问题是:我可以更改此代码以支持HTTPS(将端口更改为默认值443)以及IPv6?如果是这样,我愿意编写一个P\Invoke包装类来从托管C#代码中调用它。
My question is : can I change this code to support HTTPS (change port to default 443) and also IPv6 ? If so, I'm willing to write a P\Invoke wrapper class to call it from managed C# code.
额外:可以使用SSH隧道绕过此解决方案,是否有其他方法可以绕过它?
Extra : This solution can be bypassed using SSH tunneling, is there another way to bypass it ?
推荐答案
HTTPS使用加密来阻止第三方拦截和修改HTTP流。所以简短的回答是不。
HTTPS uses encryption to stop third parties intercepting and modifying the HTTP stream. So the short answer is "no".
原则上你可以使用WinDivert发起中间人攻击以获得对未加密的HTTP流的访问。但是,这将被检测到,并且网络浏览器将严厉警告用户他们受到攻击而不能继续。
In principle you could use WinDivert to launch a man-in-the-middle attack to gain access to the unencrypted HTTP stream. However, this will be detected, and the web browser will sternly warn the user that they are under attack and not to continue.
这篇关于Windows过滤平台,用于从托管代码中过滤HTTPS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
