Question

Monitoring URLs visited

Asked by: rettiseert

Hello

I'm working on an application where I need to keep track of all visited WebPages (URLs).

My first approach is to use a sniffer library to monitor IP packages and catch the GET requests as suggested at http://www.codeproject.com/KB/IP/URLLogger.aspx.

This works fine for HTTP because it's easy to find the GET word at the beginning of the HTTP frame, but it is not the same for HTTPS. When I analyze the network traffic for HTTPS packages I see everything encrypted and I can't even see the URL of the page that is being requested.

Do you know how to find this information in a HTTPS package? Or do you have any other idea to accomplish this task? (I'm working in a Windows environment).

Thanks!

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-08-12 at 10:57:21ID24647305
Tags

monitor internet usage url sniffer package network

Topics

Networking Protocols

,

.NET

,

C++ Programming Language

Participating Experts
4
Points
200
Comments
24

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Free 802.11b sniffer
    Where can I find a free 802.11b sniffer?
  2. packet analyzer most visited websites
    Hi guys. MRTG graphs traffic but is there a tool that can tell me exactly where packets are going to based on serial interfaces on a router or by monitoring traffic on a switch connecting two routers? I'd like to know which are the most visited websites and such from my netw...
  3. Packet Sniffer/Network Analyzer
    Can anyone recommend a very good Commercial Sniffer/Analyzer that works well on a Switched Network... It should be able to : 1. Collect all traffic from various switched and routed networks onto a central consolse.. 2. Alert triggers 3. Network Analyzer ETC ETC ETC... Any...
  4. Windows XP WLAN sniffer
    Do you know/recommend a bug free Windows XP WLAN sniffer? Thanks in advanced.
  5. Sniffer for localhost on Windows
    Hi All I need a sniffer that can sniff for traffic passing through the localhost ..i.e. sniff 127.0.0.1 I need to sniff the traffic between a program I have and the proxy I am running on my local computer before that traffic leaves the proxy encrypted. Wireshark can only d...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: TBK-ConsultingPosted on 2009-08-12 at 11:01:59ID: 25081130

you can use a Squid box in linux to intercept all network traffic and determine the URLs visited, or you can always setup a proxy server as well and redirect all traffic thru the proxy server which then tracks the requests.

 

by: abelPosted on 2009-08-12 at 11:02:54ID: 25081144

The answer is simple: it's impossible.

If it were possible, then the purpose of HTTPS would be void. You don't want to send an encrypted package knowing that anybody can read it. Attempts to break HTTPS so far have failed and are estimated (last time I looked) to take a fast PC a couple of millennia. No joke, really.

The question itself is on the brink of what EE allows. We are not allowed to help you with decrypting, decyphering or reverse engineering secured connections, protocols or SSL certificates.

-- Abel --

 

by: gtworekPosted on 2009-08-12 at 11:04:16ID: 25081155

You should use proxy, deny all outside web traffic except proxy and get data you need from proxy logs.
Or perform host-based reporting.

 

by: TBK-ConsultingPosted on 2009-08-12 at 11:04:42ID: 25081160

Not exactly true - it depends on where the encryption for the HTTPS originates from at the box or from the proxy server ... if you request an https site from a proxy server it'll be able to log the request and tally the page ...

 

by: stefanxPosted on 2009-08-12 at 11:09:02ID: 25081204

Here is a transparent HTTPS proxy:

http://www.ssl-inspector.com/pages/appliance

 

by: abelPosted on 2009-08-12 at 11:10:51ID: 25081215

> if you request an https site from a proxy server it'll be able to log the request and tally the page

true, but then the end-to-end protection required for SSL to work correctly (sender knows receiver) becomes void. It's like sending a secured letter to a whole office: until the office it is safe, then everybody can see it. Normally, the secured letter is supposed to be delivered to one person only.

 

by: gtworekPosted on 2009-08-12 at 11:12:03ID: 25081226

Most modern proxies can intercept SSL traffic.

 

by: gtworekPosted on 2009-08-12 at 11:13:23ID: 25081236

abel: If you need to monitor it - you cannot secure it internally. You just have to choose but it's possible without any problem.
BTW there's also possibility of 'repackaging' https on proxy.

 

by: TBK-ConsultingPosted on 2009-08-12 at 11:16:37ID: 25081256

Got to love these discussions - everything's readable as far as the computer is concerned -- sometimes it's a matter of permissions, sometimes it's a matter of where the security is placed, etc ... but it's all bits and bytes in the end and can be read by someone with the proper tools to decode the info properly - nothing is safe on computers no matter what anyone tells you, it's a matter of the morals of the people that do have access at the proper level to the data streams as to whether or not your stuff is "secure" or not.

 

by: abelPosted on 2009-08-12 at 11:21:39ID: 25081296

Interesting, as this is against the idea of SSL. HTTPS traffic can be intercepted with a man in the middle attack, which can only succeed if the certificate issued has the special domain "*". The RFC 2818 forbids issuing such certificates. That means you need your own CA. Not that hard, but your browser will (correctly) not recognize them.

In other words: "yes you may listen in" is possible if the client is so nice to help you and allow your "open ended" certificate. This has little to do with security, other then making it a bit harder to intercept.

Interesting link btw. Haven't read it through, but I don't believe that "just placing a proxy" somewhere would allow listening in. That would mean that any ISP, without consent of any client (or issuer) could control your HTTPS traffic. Don't think that's a good thing for security, but if it is true, they'll have to rewrite a whole bunch of books ;-)

-- Abel --

 

by: abelPosted on 2009-08-12 at 11:23:57ID: 25081328

Ah, I see it goes to reading it from the client's computer. Sorry, if that's the case, the story is different. Of course, on the client's computer you can access the certificate so you can decipher the traffic that uses a certain certificate.

If you don't have this access, the best thing you can do is (afaik) inspect the TCP/IP packages to trace the end to end points. That is: the IP, not the full URL.

 

by: TBK-ConsultingPosted on 2009-08-12 at 11:27:00ID: 25081356

The goal was not to "listen in" on the traffic for SSL (yes it's possible given the right tools and time and proper physical access to the right spots, etc.) but rather to just know what websites were being visited via HTTPS and a proxy server will serve that purpose ... as the client still has to request DNS from somewhere to get to the site it just doesn;t need to tell everyone what it's saying  -- you just need to know where not what ...

 

by: gtworekPosted on 2009-08-12 at 11:29:15ID: 25081378

If you need listen to your trafic - you can. It's your choice.
Your first answer was "it's impossible". This is not true at all. Maybe it's insecure maybe bad maybe not very common. But it's perfectly possible and system owner can make such decision if believes it's better for his organization.

 

by: rettiseertPosted on 2009-08-12 at 11:32:38ID: 25081404

Hello TBK-Consulting, the idea is to program this application myself.

Hi abel, of course this is possible and I'm NOT asking for anything ilegal or against EE rules, the idea is to keep track of the websites visited by employees (just the URLS, not the actual contents). Applications like http://www.ematrixsoft.com/website-spy-monitor-software.htm can do it and I think is not that complex.

 

by: TBK-ConsultingPosted on 2009-08-12 at 11:33:58ID: 25081421

I'd suggest looking at the squid server code for linux then and getting the ideas for coding the application yourself from that - yay! open source

 

by: abelPosted on 2009-08-12 at 11:43:12ID: 25081507

> Hi abel, of course this is possible and I'm NOT asking for anything ilegal or against EE rules

Ok. In my country it is, unless the user/employee knows about it and has given written consent. But I won't bug you with this illegal/legal discussion (earlier, something similar, I got called back by EE for helping someone to do http sniffing).

> Your first answer was "it's impossible". This is not true at all.

Point taken. I answered from the view of "from anywhere in the network". But the text "where I need to keep track of all visited WebPages" in the original q. does not say from where, so you are absolutely right that in a controlled environment, with the right tools and from the right spot, it is possible. Which again (imho) defies the idea of using SSL. But hey, that's just me: I thought security was for securing your data from others viewing it. lol


Interesting discussion though, learned something today: I always thought that only criminals and governments were interested in reading encrypted data, apparently that group is much larger.

-- Abel --

 

by: TBK-ConsultingPosted on 2009-08-12 at 11:50:46ID: 25081594

Corporations have always taken this discussion from the point of view that all data on it's own (internal) networks belongs to them, and NOT to the individual user - this includes email, web traffic, etc ... this is why you hear about people being fired for surfing porn, or for spending too much time on non-work related websites, or too much personal email, etc ... the data simply belongs to them on their networks ... this is in a corporate network, not an ISP-related thing ... ISPs have different standards to uphold, and yes they can do it as well, but only if asked by the feds to do so and with proper court documentation, etc ... but as for corporations the courts have upheld their right to own the data time and time again ...

 

by: abelPosted on 2009-08-12 at 12:24:11ID: 25081922

> but as for corporations the courts have upheld their right to own the data time and time again

though I said I wouldn't take this discussion further, you raise an interesting point. I happen to know lawyers that have dealt with such cases and depending on country, region, local law, internal company rules and regulations and whether or not you have been given something to sign for when you joined the company that says "anything you do in this company can and will be monitored, including your internet traffic, whether secure or not" you may or may not get your right in court.

What I'm trying to say: in general (and in my country: most often) monitoring of internet usage is allowed, monitoring data is not, but indeed: "all you do in the company belongs to the company".

This is a point of conflicting interests: your right of privacy and the right of the company to protect itself against abuse of means and time.

(In The Netherlands, within reason, employees are allowed to use computers of the company for private matters (say: up to about 5-10 min/day) and the company is only allowed to monitor the anonymous traffic and only take action when high traffic occurs or illegal domains are visited and then issue a warning. This privacy at work is protected by Dutch law.)

Like I said: a very interesting point and I'm sure a vibrant discussion in many countries (it sure is here, not all companies like that act).

 

by: TBK-ConsultingPosted on 2009-08-12 at 12:57:38ID: 25082251

no not all companies act like that at all ... in the US there are a few that are very aggressive about it and some that are not so aggressive as well ... it is a major privacy issue to some people here and to others it is more about the company's right to their profitability and by monitoring employee access if it offends some but keeps profits up - then so be it .... But you also have issues between husbands and wives that checkup on each other as well, there's so much to the arguments and so much to be said for each side of it as well - personally I just mind my P's and Q's and don't go to far out of the box - but it's probably a good thing I own my own company tho or maybe I should fire myself - I do waste a lot of time on sites like icanhascheeseburger.com !!!

 

by: abelPosted on 2009-08-12 at 15:04:39ID: 25083547

haha, same here. I'd have myself fired long ago if I were me!

So, back on topic. The OP has an excellent option if using the squid box you suggested and expanding from there, or the option of buying and installing a monitoring proxy like ssl inspector as stefanx mentioned. Not sure if other proxies might be worth looking into. Someone suggested that all modern proxies can do that, but I doubt that strongly.

 

by: rettiseertPosted on 2009-08-12 at 17:36:18ID: 25084668

Hi

I'm a little lost here... Let me rewrite the question...

I need to write an application like this: http://www.ematrixsoft.com/website-spy-monitor-software.htm
The goal is to log all the navigated URLs by any browser inside a Windows desktop.

I can work with code in VB6, VB.NET or VC++ (although I'm not very experienced with VC++), and I can use an external library (free or not) if needed.

Currently I started to work with a sniffer library doing something like the project posted at  http://www.codeproject.com/KB/IP/URLLogger.aspx but had problems logging HTTPS URLS.

I'm also considering hooking functions with the wonderful madCodeHook library (http://madshi.net/madCodeHookDescription.htm), but I don't know if there is a Windows API function used by all browsers that takes the URL as a parameter.

Any ideas?

Thanks!

 

by: rettiseertPosted on 2009-08-17 at 07:33:05ID: 25114760

Hi

I have found a library that can do what I need:
http://www.komodia.com/index.php?page=interceptor.html

I think this will work for me.

Thanks everyone.

Is it ok with you if I ask to delete this question?

 

by: abelPosted on 2009-08-17 at 07:39:04ID: 25114842

Deletion is not a good option, because this thread received excellent coverage. If you don't feel that any of the experts have helped or tried to help you in any way and you found the answer yourself (which you did) you can select your own comment as an answer. If nobody objects within four days, the question will automatically be PAQ'ed (archived).

http://www.experts-exchange.com/help.jsp?hi=407

-- Abel --

 

by: abelPosted on 2009-08-17 at 07:40:06ID: 25114857

PS: if you feel that some experts did point you in the right direction, you can select comments of others alongside your accepted answer. They will then show up as assists.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...