s_raj93
asked on
Block file upload through Python application
Block file upload through Python application
Hi, I would like a develop a python application, which will help to block file attachement via webmail.
how to start this project and we need to start this project.
So just my question is there for writing a project in python which will protec data leakage detection.
first I want to block only via webemail.
Hi, I would like a develop a python application, which will help to block file attachement via webmail.
how to start this project and we need to start this project.
So just my question is there for writing a project in python which will protec data leakage detection.
first I want to block only via webemail.
actually this is very saying DLP is needed. writing code for that will be substantial efforts esp if re-inventing with codes...maybe need to reconsider again the effort. There is one sharing that may be useful
NAFT - http://blog.didierstevens.com/programs/network-appliance-forensic-toolkit/
NTOP - http://www.forensicswiki.org/wiki/Ntop & http://www.ntop.org/ntop/extending-ntop-using-python/
You will need some parser or equv to recognise the http (and https too) protocol and scrap out the attachment and also you need to be able to handle https session since most webemail is in https mode already. So some man-in-the-middle proxy or equv is required. some material for info
extraction from html - http://www.diveintopython.net/html_processing/extracting_data.html
scraping - http://blog.miguelgrinberg.com/post/easy-web-scraping-with-python
you can also check out the sharing of DLP policy to see the use case
http://www.symantec.com/connect/articles/dlp-policy-block-uploading-file-type-web-httphttps
NAFT - http://blog.didierstevens.com/programs/network-appliance-forensic-toolkit/
NTOP - http://www.forensicswiki.org/wiki/Ntop & http://www.ntop.org/ntop/extending-ntop-using-python/
You will need some parser or equv to recognise the http (and https too) protocol and scrap out the attachment and also you need to be able to handle https session since most webemail is in https mode already. So some man-in-the-middle proxy or equv is required. some material for info
extraction from html - http://www.diveintopython.net/html_processing/extracting_data.html
scraping - http://blog.miguelgrinberg.com/post/easy-web-scraping-with-python
you can also check out the sharing of DLP policy to see the use case
http://www.symantec.com/connect/articles/dlp-policy-block-uploading-file-type-web-httphttps
ASKER
Currently I would like to block system level.
ex. 1. opened gmail webmail.
2. click on compose message then message box will open.
3. now when i will click on 'attachment icon' Then in general term open dialog box will open.
Now what i am trying to do while clicking on attachment icon from compose windows, block the open dialog box.
so what will happened , user will not able to attach any kind of file.
If any wrong in question pls suggest me and guide me.
ex. 1. opened gmail webmail.
2. click on compose message then message box will open.
3. now when i will click on 'attachment icon' Then in general term open dialog box will open.
Now what i am trying to do while clicking on attachment icon from compose windows, block the open dialog box.
so what will happened , user will not able to attach any kind of file.
If any wrong in question pls suggest me and guide me.
you need some sort of browser add in or control the browser proxy to direct to another device rather then at endpoint. what is suggested looks into the network layer which can be considered if the proxy setting in browser is locked to go through. I do note that user need not use only have that "hardened" PC to go webemail etc..nonetheless, the proxy lockdown is just one suggestion as writing plugin for such block action specific for webemail may need more effort
Burp is a proxy listener that can intercept web traffic and below is extension in python
http://labs.neohapsis.com/2013/09/16/burp-extensions-in-python-pentesting-custom-web-services/
more on Burp suite for info http://blog.nvisium.com/2014/01/setting-up-burpsuite-with-firefox-and.html
Burp is a proxy listener that can intercept web traffic and below is extension in python
http://labs.neohapsis.com/2013/09/16/burp-extensions-in-python-pentesting-custom-web-services/
more on Burp suite for info http://blog.nvisium.com/2014/01/setting-up-burpsuite-with-firefox-and.html
ASKER
Please check this software function. how does this software not need any proxy. its directory block file attachment dialog box.
Please Please sir advice me.
Please Please sir advice me.
Burp is a proxy listener meaning browser need to configure to point to Burp. Pardon if it is not clear.
ASKER
Software name- insta-lockdown
Www.copynotify.com
Please check this software function. how does this software not need any proxy. its direct block file attachment dialog box.
Please Please sir advice me.
Www.copynotify.com
Please check this software function. how does this software not need any proxy. its direct block file attachment dialog box.
Please Please sir advice me.
proxy is just one mean. if you have application listening to window messages or even have kernel driver written to hook into the network stack, you can of course still do what is stated. There many means to skin a cat, so dont get me wrong. Neither will there be the most perfect option. We are trying to balance the effort worth against the time deadline.
copynotify (or the personal edition is called InstaLockDown) is a DLP which I previously stated is probably what you are looking at. It does various data channel intercept which include the attachment block. I do not see it as proxy per se unless you saw upon its installtion the proxy setting in browser is changed. Eventually an DLP capable agent will need to be installed in the workstation to do this use case. There are various filtering schemes too http://en.wikipedia.org/wiki/Content-control_software#Types_of_filtering
copynotify (or the personal edition is called InstaLockDown) is a DLP which I previously stated is probably what you are looking at. It does various data channel intercept which include the attachment block. I do not see it as proxy per se unless you saw upon its installtion the proxy setting in browser is changed. Eventually an DLP capable agent will need to be installed in the workstation to do this use case. There are various filtering schemes too http://en.wikipedia.org/wiki/Content-control_software#Types_of_filtering
ASKER
I am agree with your suggestion . Could you please guide me how to start this project in python.
How client application agent will block attachments.
Please guide me to write this project in python. or suggest me is it possible in python to make this client application.
or need other programming language skill.
How client application agent will block attachments.
Please guide me to write this project in python. or suggest me is it possible in python to make this client application.
or need other programming language skill.
How do you hook python to your traffic? squid?
I was thinking of proxy so as not re-inventing the wheel and extend it to examine the intercepted packet. as mentioned the local proxy setting need to be configured to pass through this proxy installed...e.g. extend burp in python via IBurpExtender. However, I have not done that though
http://blog.ombrepixel.com/post/2010/08/30/Extending-Burp-Suite-in-Python
In fact there are other python proxy CherryProxy or python-proxy to filter the http/https transaction
http://www.decalage.info/python/cherryproxy
https://code.google.com/p/python-proxy/
maybe worth to just grab the agent readily as shared too since the programming aspects will still need exploring and time invest ...
http://blog.ombrepixel.com/post/2010/08/30/Extending-Burp-Suite-in-Python
In fact there are other python proxy CherryProxy or python-proxy to filter the http/https transaction
http://www.decalage.info/python/cherryproxy
https://code.google.com/p/python-proxy/
maybe worth to just grab the agent readily as shared too since the programming aspects will still need exploring and time invest ...
Proxy does not intercept packets.
Stop reading about BURPing, just read on a bit on ISO-OSI model etc networking basics.
Stop reading about BURPing, just read on a bit on ISO-OSI model etc networking basics.
To clarify, Burp is http proxy intercepting the HTTP request and response. Thanks for pointing out.
Well - you need some mechanism to intercept traffic.
Then you need some estabilished proxy like squid.
Then you can plug any scripts to filter requests, be it python, javascript, ruby or VBA.
Then you need some estabilished proxy like squid.
Then you can plug any scripts to filter requests, be it python, javascript, ruby or VBA.
ASKER
What I am asking ,? For this thre is no answer or comment,you guys are behind proxy. I don't want proxy,I want system level interruption,
If you are still of interest
Windows Packet Divert - https://reqrypt.org/windivert.html
(allows user-mode applications to capture/modify/drop network packets sent to/from the Windows network stack)
Pcapy - http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Pcapy
( enables python scripts to capture packets on the network )
Similarly, pypcap - https://code.google.com/p/pypcap/
Windows Packet Divert - https://reqrypt.org/windivert.html
(allows user-mode applications to capture/modify/drop network packets sent to/from the Windows network stack)
Pcapy - http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Pcapy
( enables python scripts to capture packets on the network )
Similarly, pypcap - https://code.google.com/p/pypcap/
System level - cool... How do you hook python into windows driver?
ASKER
I dint get answer till now
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Without that - a python script alone is not in position to help you.