?
Solved

Block file upload through Python application

Posted on 2014-12-10
23
Medium Priority
?
147 Views
Last Modified: 2016-02-10
Block file upload through Python application
Hi, I would like a  develop a python application, which will help to block file attachement via webmail.
how to start this project and we need to start this project.
So just my question is there for writing a project  in python which will protec data leakage detection.
first I want to block only via webemail.
0
Comment
Question by:s_raj93
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
  • 6
23 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40493232
Can you share what python-based webmail you need to be fixed?
Without that - a python script alone is not in position to help you.
0
 
LVL 64

Expert Comment

by:btan
ID: 40493366
actually this is very saying DLP is needed. writing code for that will be substantial efforts esp if re-inventing with codes...maybe need to reconsider again the effort. There is one sharing that may be useful

NAFT - http://blog.didierstevens.com/programs/network-appliance-forensic-toolkit/
NTOP - http://www.forensicswiki.org/wiki/Ntop & http://www.ntop.org/ntop/extending-ntop-using-python/

You will need some parser or equv to recognise the http (and https too) protocol and scrap out the attachment and also you need to be able to handle https session since most webemail is in https mode already. So some man-in-the-middle proxy or equv is required. some material for info

extraction from html - http://www.diveintopython.net/html_processing/extracting_data.html
scraping - http://blog.miguelgrinberg.com/post/easy-web-scraping-with-python


you can also check out the sharing of DLP policy to see the use case
http://www.symantec.com/connect/articles/dlp-policy-block-uploading-file-type-web-httphttps
0
 

Author Comment

by:s_raj93
ID: 40495521
Currently I would like to block system level.
ex. 1. opened gmail webmail.
        2. click on compose message then message box will open.
3. now when i will click on 'attachment icon'  Then in general term open dialog box will open.

Now what i am trying to do  while clicking on attachment icon from compose windows, block the open dialog box.
so what will happened , user will not able to attach any kind of file.

If any wrong in question pls suggest me and guide me.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 64

Expert Comment

by:btan
ID: 40495610
you need some sort of browser add in or control the browser proxy to direct to another device rather then at endpoint. what is suggested looks into the network layer which can be considered if the proxy setting in browser is locked to go through. I do note that user need not use only have that "hardened" PC to go webemail etc..nonetheless, the proxy lockdown is just one suggestion as writing plugin for such block action specific for webemail may need more effort

Burp is a proxy listener that can intercept web traffic and below is extension in python
http://labs.neohapsis.com/2013/09/16/burp-extensions-in-python-pentesting-custom-web-services/

more on Burp suite for info http://blog.nvisium.com/2014/01/setting-up-burpsuite-with-firefox-and.html
0
 

Author Comment

by:s_raj93
ID: 40495654
Please check this software function. how does this software not need any proxy. its directory block file attachment dialog box.
Please Please  sir advice me.
0
 
LVL 64

Expert Comment

by:btan
ID: 40495772
Burp is a proxy listener meaning browser need to configure to point to Burp. Pardon if it is not clear.
0
 

Author Comment

by:s_raj93
ID: 40496185
Software name- insta-lockdown
Www.copynotify.com

Please check this software function. how does this software not need any proxy. its direct block file attachment dialog box.
Please Please  sir advice me.
0
 
LVL 64

Expert Comment

by:btan
ID: 40496240
proxy is just one mean. if you have application listening to window messages or even have kernel driver written to hook into the network stack, you can of course still do what is stated. There many means to skin a cat, so dont get me wrong. Neither will there be the most perfect option. We are trying to balance the effort worth against the time deadline.

copynotify (or the personal edition is called InstaLockDown) is a DLP which I previously stated is probably what you are looking at. It does various data channel intercept which include the attachment block. I do not see it as proxy per se unless you saw upon its installtion the proxy setting in browser is changed. Eventually an DLP capable agent will need to be installed in the workstation to do this use case. There are various filtering schemes too http://en.wikipedia.org/wiki/Content-control_software#Types_of_filtering
0
 

Author Comment

by:s_raj93
ID: 40496381
I am agree with your suggestion . Could you please guide me how to start this project in python.
How client application agent will block attachments.

Please guide me to write this project in python. or suggest me is it possible in python to make this client application.

or need other programming language skill.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40496683
How do you hook python to your traffic? squid?
0
 
LVL 64

Expert Comment

by:btan
ID: 40497422
I was thinking of proxy so as not re-inventing the wheel and extend it to examine the intercepted packet. as mentioned the local proxy setting need to be configured to pass through this proxy installed...e.g. extend burp in python via IBurpExtender. However, I have not done that though
http://blog.ombrepixel.com/post/2010/08/30/Extending-Burp-Suite-in-Python

In fact there are other python proxy CherryProxy or python-proxy to filter the http/https transaction
http://www.decalage.info/python/cherryproxy
https://code.google.com/p/python-proxy/ 

maybe worth to just grab the agent readily as shared too since the programming aspects will still need exploring and time invest ...
0
 
LVL 62

Expert Comment

by:gheist
ID: 40497855
Proxy does not intercept packets.
Stop reading about BURPing, just read on a bit on ISO-OSI model etc networking basics.
0
 
LVL 64

Expert Comment

by:btan
ID: 40497907
To clarify,  Burp is http proxy intercepting the HTTP request and response. Thanks for pointing out.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40498189
Well - you need some mechanism to intercept traffic.
Then you need some estabilished proxy like squid.
Then you can plug any scripts to filter requests, be it python, javascript, ruby or VBA.
0
 

Author Comment

by:s_raj93
ID: 40498216
What I am asking ,? For this thre  is no answer or comment,you guys are behind proxy. I don't want proxy,I want system level interruption,
0
 
LVL 64

Expert Comment

by:btan
ID: 40498389
If you are still of interest

Windows Packet Divert - https://reqrypt.org/windivert.html
(allows user-mode applications to capture/modify/drop network packets sent to/from the Windows network stack)

Pcapy - http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Pcapy
( enables python scripts to capture packets on the network )
Similarly, pypcap - https://code.google.com/p/pypcap/
0
 
LVL 62

Expert Comment

by:gheist
ID: 40498637
System level - cool... How do you hook python into windows driver?
0
 
LVL 64

Expert Comment

by:btan
ID: 40498836
For the windivert case, it uses WinDivert.sys driver and have pydivert like an appls via the WinDivert.dll (etc) to interface with windivert driver.
0
 

Author Comment

by:s_raj93
ID: 40518594
I dint get answer till now
0
 
LVL 62

Accepted Solution

by:
gheist earned 1000 total points
ID: 40518812
Answer is:
"NO IT IS NOT POSSIBLE"
How long it will it take to read it?
0
 
LVL 64

Assisted Solution

by:btan
btan earned 1000 total points
ID: 40519144
you need a driver and i doubt you want to venture that to intercept the kernel network stack. else look at the available option stated. eventually there isnt a straightforward script to do all interception
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question