Block file upload through Python application

Block file upload through Python application
Hi, I would like a  develop a python application, which will help to block file attachement via webmail.
how to start this project and we need to start this project.
So just my question is there for writing a project  in python which will protec data leakage detection.
first I want to block only via webemail.
s_raj93Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
Can you share what python-based webmail you need to be fixed?
Without that - a python script alone is not in position to help you.
0
btanExec ConsultantCommented:
actually this is very saying DLP is needed. writing code for that will be substantial efforts esp if re-inventing with codes...maybe need to reconsider again the effort. There is one sharing that may be useful

NAFT - http://blog.didierstevens.com/programs/network-appliance-forensic-toolkit/
NTOP - http://www.forensicswiki.org/wiki/Ntop & http://www.ntop.org/ntop/extending-ntop-using-python/

You will need some parser or equv to recognise the http (and https too) protocol and scrap out the attachment and also you need to be able to handle https session since most webemail is in https mode already. So some man-in-the-middle proxy or equv is required. some material for info

extraction from html - http://www.diveintopython.net/html_processing/extracting_data.html
scraping - http://blog.miguelgrinberg.com/post/easy-web-scraping-with-python


you can also check out the sharing of DLP policy to see the use case
http://www.symantec.com/connect/articles/dlp-policy-block-uploading-file-type-web-httphttps
0
s_raj93Author Commented:
Currently I would like to block system level.
ex. 1. opened gmail webmail.
        2. click on compose message then message box will open.
3. now when i will click on 'attachment icon'  Then in general term open dialog box will open.

Now what i am trying to do  while clicking on attachment icon from compose windows, block the open dialog box.
so what will happened , user will not able to attach any kind of file.

If any wrong in question pls suggest me and guide me.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

btanExec ConsultantCommented:
you need some sort of browser add in or control the browser proxy to direct to another device rather then at endpoint. what is suggested looks into the network layer which can be considered if the proxy setting in browser is locked to go through. I do note that user need not use only have that "hardened" PC to go webemail etc..nonetheless, the proxy lockdown is just one suggestion as writing plugin for such block action specific for webemail may need more effort

Burp is a proxy listener that can intercept web traffic and below is extension in python
http://labs.neohapsis.com/2013/09/16/burp-extensions-in-python-pentesting-custom-web-services/

more on Burp suite for info http://blog.nvisium.com/2014/01/setting-up-burpsuite-with-firefox-and.html
0
s_raj93Author Commented:
Please check this software function. how does this software not need any proxy. its directory block file attachment dialog box.
Please Please  sir advice me.
0
btanExec ConsultantCommented:
Burp is a proxy listener meaning browser need to configure to point to Burp. Pardon if it is not clear.
0
s_raj93Author Commented:
Software name- insta-lockdown
Www.copynotify.com

Please check this software function. how does this software not need any proxy. its direct block file attachment dialog box.
Please Please  sir advice me.
0
btanExec ConsultantCommented:
proxy is just one mean. if you have application listening to window messages or even have kernel driver written to hook into the network stack, you can of course still do what is stated. There many means to skin a cat, so dont get me wrong. Neither will there be the most perfect option. We are trying to balance the effort worth against the time deadline.

copynotify (or the personal edition is called InstaLockDown) is a DLP which I previously stated is probably what you are looking at. It does various data channel intercept which include the attachment block. I do not see it as proxy per se unless you saw upon its installtion the proxy setting in browser is changed. Eventually an DLP capable agent will need to be installed in the workstation to do this use case. There are various filtering schemes too http://en.wikipedia.org/wiki/Content-control_software#Types_of_filtering
0
s_raj93Author Commented:
I am agree with your suggestion . Could you please guide me how to start this project in python.
How client application agent will block attachments.

Please guide me to write this project in python. or suggest me is it possible in python to make this client application.

or need other programming language skill.
0
gheistCommented:
How do you hook python to your traffic? squid?
0
btanExec ConsultantCommented:
I was thinking of proxy so as not re-inventing the wheel and extend it to examine the intercepted packet. as mentioned the local proxy setting need to be configured to pass through this proxy installed...e.g. extend burp in python via IBurpExtender. However, I have not done that though
http://blog.ombrepixel.com/post/2010/08/30/Extending-Burp-Suite-in-Python

In fact there are other python proxy CherryProxy or python-proxy to filter the http/https transaction
http://www.decalage.info/python/cherryproxy
https://code.google.com/p/python-proxy/ 

maybe worth to just grab the agent readily as shared too since the programming aspects will still need exploring and time invest ...
0
gheistCommented:
Proxy does not intercept packets.
Stop reading about BURPing, just read on a bit on ISO-OSI model etc networking basics.
0
btanExec ConsultantCommented:
To clarify,  Burp is http proxy intercepting the HTTP request and response. Thanks for pointing out.
0
gheistCommented:
Well - you need some mechanism to intercept traffic.
Then you need some estabilished proxy like squid.
Then you can plug any scripts to filter requests, be it python, javascript, ruby or VBA.
0
s_raj93Author Commented:
What I am asking ,? For this thre  is no answer or comment,you guys are behind proxy. I don't want proxy,I want system level interruption,
0
btanExec ConsultantCommented:
If you are still of interest

Windows Packet Divert - https://reqrypt.org/windivert.html
(allows user-mode applications to capture/modify/drop network packets sent to/from the Windows network stack)

Pcapy - http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Pcapy
( enables python scripts to capture packets on the network )
Similarly, pypcap - https://code.google.com/p/pypcap/
0
gheistCommented:
System level - cool... How do you hook python into windows driver?
0
btanExec ConsultantCommented:
For the windivert case, it uses WinDivert.sys driver and have pydivert like an appls via the WinDivert.dll (etc) to interface with windivert driver.
0
s_raj93Author Commented:
I dint get answer till now
0
gheistCommented:
Answer is:
"NO IT IS NOT POSSIBLE"
How long it will it take to read it?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
you need a driver and i doubt you want to venture that to intercept the kernel network stack. else look at the available option stated. eventually there isnt a straightforward script to do all interception
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.