Solved

Block file upload through Python application

Posted on 2014-12-10
23
131 Views
Last Modified: 2016-02-10
Block file upload through Python application
Hi, I would like a  develop a python application, which will help to block file attachement via webmail.
how to start this project and we need to start this project.
So just my question is there for writing a project  in python which will protec data leakage detection.
first I want to block only via webemail.
0
Comment
Question by:s_raj93
  • 9
  • 6
  • 6
23 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40493232
Can you share what python-based webmail you need to be fixed?
Without that - a python script alone is not in position to help you.
0
 
LVL 62

Expert Comment

by:btan
ID: 40493366
actually this is very saying DLP is needed. writing code for that will be substantial efforts esp if re-inventing with codes...maybe need to reconsider again the effort. There is one sharing that may be useful

NAFT - http://blog.didierstevens.com/programs/network-appliance-forensic-toolkit/
NTOP - http://www.forensicswiki.org/wiki/Ntop & http://www.ntop.org/ntop/extending-ntop-using-python/

You will need some parser or equv to recognise the http (and https too) protocol and scrap out the attachment and also you need to be able to handle https session since most webemail is in https mode already. So some man-in-the-middle proxy or equv is required. some material for info

extraction from html - http://www.diveintopython.net/html_processing/extracting_data.html
scraping - http://blog.miguelgrinberg.com/post/easy-web-scraping-with-python


you can also check out the sharing of DLP policy to see the use case
http://www.symantec.com/connect/articles/dlp-policy-block-uploading-file-type-web-httphttps
0
 

Author Comment

by:s_raj93
ID: 40495521
Currently I would like to block system level.
ex. 1. opened gmail webmail.
        2. click on compose message then message box will open.
3. now when i will click on 'attachment icon'  Then in general term open dialog box will open.

Now what i am trying to do  while clicking on attachment icon from compose windows, block the open dialog box.
so what will happened , user will not able to attach any kind of file.

If any wrong in question pls suggest me and guide me.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 62

Expert Comment

by:btan
ID: 40495610
you need some sort of browser add in or control the browser proxy to direct to another device rather then at endpoint. what is suggested looks into the network layer which can be considered if the proxy setting in browser is locked to go through. I do note that user need not use only have that "hardened" PC to go webemail etc..nonetheless, the proxy lockdown is just one suggestion as writing plugin for such block action specific for webemail may need more effort

Burp is a proxy listener that can intercept web traffic and below is extension in python
http://labs.neohapsis.com/2013/09/16/burp-extensions-in-python-pentesting-custom-web-services/

more on Burp suite for info http://blog.nvisium.com/2014/01/setting-up-burpsuite-with-firefox-and.html
0
 

Author Comment

by:s_raj93
ID: 40495654
Please check this software function. how does this software not need any proxy. its directory block file attachment dialog box.
Please Please  sir advice me.
0
 
LVL 62

Expert Comment

by:btan
ID: 40495772
Burp is a proxy listener meaning browser need to configure to point to Burp. Pardon if it is not clear.
0
 

Author Comment

by:s_raj93
ID: 40496185
Software name- insta-lockdown
Www.copynotify.com

Please check this software function. how does this software not need any proxy. its direct block file attachment dialog box.
Please Please  sir advice me.
0
 
LVL 62

Expert Comment

by:btan
ID: 40496240
proxy is just one mean. if you have application listening to window messages or even have kernel driver written to hook into the network stack, you can of course still do what is stated. There many means to skin a cat, so dont get me wrong. Neither will there be the most perfect option. We are trying to balance the effort worth against the time deadline.

copynotify (or the personal edition is called InstaLockDown) is a DLP which I previously stated is probably what you are looking at. It does various data channel intercept which include the attachment block. I do not see it as proxy per se unless you saw upon its installtion the proxy setting in browser is changed. Eventually an DLP capable agent will need to be installed in the workstation to do this use case. There are various filtering schemes too http://en.wikipedia.org/wiki/Content-control_software#Types_of_filtering
0
 

Author Comment

by:s_raj93
ID: 40496381
I am agree with your suggestion . Could you please guide me how to start this project in python.
How client application agent will block attachments.

Please guide me to write this project in python. or suggest me is it possible in python to make this client application.

or need other programming language skill.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40496683
How do you hook python to your traffic? squid?
0
 
LVL 62

Expert Comment

by:btan
ID: 40497422
I was thinking of proxy so as not re-inventing the wheel and extend it to examine the intercepted packet. as mentioned the local proxy setting need to be configured to pass through this proxy installed...e.g. extend burp in python via IBurpExtender. However, I have not done that though
http://blog.ombrepixel.com/post/2010/08/30/Extending-Burp-Suite-in-Python

In fact there are other python proxy CherryProxy or python-proxy to filter the http/https transaction
http://www.decalage.info/python/cherryproxy
https://code.google.com/p/python-proxy/ 

maybe worth to just grab the agent readily as shared too since the programming aspects will still need exploring and time invest ...
0
 
LVL 62

Expert Comment

by:gheist
ID: 40497855
Proxy does not intercept packets.
Stop reading about BURPing, just read on a bit on ISO-OSI model etc networking basics.
0
 
LVL 62

Expert Comment

by:btan
ID: 40497907
To clarify,  Burp is http proxy intercepting the HTTP request and response. Thanks for pointing out.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40498189
Well - you need some mechanism to intercept traffic.
Then you need some estabilished proxy like squid.
Then you can plug any scripts to filter requests, be it python, javascript, ruby or VBA.
0
 

Author Comment

by:s_raj93
ID: 40498216
What I am asking ,? For this thre  is no answer or comment,you guys are behind proxy. I don't want proxy,I want system level interruption,
0
 
LVL 62

Expert Comment

by:btan
ID: 40498389
If you are still of interest

Windows Packet Divert - https://reqrypt.org/windivert.html
(allows user-mode applications to capture/modify/drop network packets sent to/from the Windows network stack)

Pcapy - http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Pcapy
( enables python scripts to capture packets on the network )
Similarly, pypcap - https://code.google.com/p/pypcap/
0
 
LVL 62

Expert Comment

by:gheist
ID: 40498637
System level - cool... How do you hook python into windows driver?
0
 
LVL 62

Expert Comment

by:btan
ID: 40498836
For the windivert case, it uses WinDivert.sys driver and have pydivert like an appls via the WinDivert.dll (etc) to interface with windivert driver.
0
 

Author Comment

by:s_raj93
ID: 40518594
I dint get answer till now
0
 
LVL 62

Accepted Solution

by:
gheist earned 250 total points
ID: 40518812
Answer is:
"NO IT IS NOT POSSIBLE"
How long it will it take to read it?
0
 
LVL 62

Assisted Solution

by:btan
btan earned 250 total points
ID: 40519144
you need a driver and i doubt you want to venture that to intercept the kernel network stack. else look at the available option stated. eventually there isnt a straightforward script to do all interception
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This code takes an Excel list of URL’s and adds a header titled “URL List”. It then searches through all URL’s in column “A”, looking for duplicates. When a duplicate is found, it is moved to the top of the list. The duplicate URL’s are then highlig…
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now