We help IT Professionals succeed at work.

Monitor HTTP traffic with C#

Nargzul
Nargzul used Ask the Experts™
on
Hi!

Is it possible for a program that runs with admins rights, to act like a proxy and capture every HTTP exchange between a web browser(FF, IE, Opera, chrome ...) and a web server in in c#?

If yes with what? How easily?

Thank you!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Dear,

The simplest way would be to create a web proxy server, and set-up the browser to go to that proxy created.

You could have a look a this example :

http://support.microsoft.com/kb/307023

or this one :

http://www.c-sharpcorner.com/UploadFile/psingh/web_proxy11162005001036AM/web_proxy.aspx

Best Regards

Author

Commented:
I'm sorry, but I've some requirements, for this project:

-No installation has to be done
-No changes of browser have to be done

It has to be an USB dongle that we plug and only start.
Use burp suite or wire shark
Dear,

Wireshark could be a solution, but the program need WinpCap and this program not be "portable".

Without any modification on the system it would be very difficult. Also it will not be a proxy but more a "hack" tool that will capture all packet like wireshark does.

Best Regards

Author

Commented:
But is it possible to "listen" everything on the 80 port and put togethter pieces of a same request/response(it's more to know request than response)
Dear,

If you listen to the port 80 you will not see any web site request, because the browser will not go through your custom program but directly to the web. You will only see  requests to your own computer, if you try to browse for your local IP address.

Best Regards

Author

Commented:
So what are my possibilities?
Maybe this satisfy you  :

The program catch requests like this : http://localhost/request=http:/google.com

Then there is no modification needed.

Is that what you want ?
but you will only see requets like this whitout coding a driver or install one or setup a proxyi don't see any possiblity to catch all paquet in Windows.

Author

Commented:
In facts, to explain, the enterprise pay some people to view what are their habits for all media watching. Then we give an USB dongle with a service that have to save URL that are viewed in any browser, so we can't force to use url like yours.

I'm not even sure this is possible, this is why I come here to ask.
Ok. Yes now I understand what you want totally.  Sometimes it's not possible yes, but there is also possibility to do tricks, for example one idea would be to use a Windows on USB key or a Linux Live USB, then the computer will boot on the USB stick (if present on the boot) and they save all the url viewed on the key.

Best Regards

Author

Commented:
Okay, but we just can ask to a client to use an LIVE OS, he will not use the usb key if he can't use his usual other programs. And this has to be only a dll used by another program that check other things to(e.g. ,most used soft)
One other idea would be to read the history of the browser, the little problem is that you could miss some url if the user remove the history.

For the most used soft this is possible with the count in the control panel of the last days used, and how many time the software was used.

Author

Commented:
The most used soft is another problem and don't have to be managed here,  one problem at a time ;)

But your last proposition mean we have to develop this for every existing browser? Can't this be browser independant?

You know "Fiddler"? This is an application that permit to do HTTP debugging: http://www.fiddler2.com/fiddler2/ It works directly for all browser, doesn't need to configure anything on the browser
Yes unfortunately I don't see a method for all browser right now, but this is possible that every browser put the history in the registry of Windows, then we grab from here. Otherwise this will require more coding, each function for each browser.

I don't know "Fiddler", I have see it but this program require one installation. For the all browser "function" of "Fiddler" it seam to use different plugin and dll to do the work.

 

Author

Commented:
I don't think so because for another project, I've codded a spider that makes some HTTP exchanges and my request/response appears then. (and I'm sure that my c# application don't use any plugin ;))
There is some dll in a folder called Inspectors folder (I think these dll are use to capture the traffic) and a folder for some plug-ins called FiddlerHook. I don't think that the program "need" the plugin for do the capture of web traffic but it's for more control like remove the cookies in Firefox.

Author

Commented:
So how to do it without the cookies thing?
I have seached and fiddler seem to modify the registry value to force to use a proxy it's why they get the internet paquet. The program could modifiy the apropriate value when started and then write again the value back to original when the program quit.

I was thinking also to create a little virtual machine with qemu for this issue, and then grab the paquet from here because the virtual machine will "hack" the machine from where it will be started.

Author

Commented:
we can't use a virtual machine, because it has to be integrated into an existing c# program