Low level HTTP filtering for Windows

Question

I would like to implement a parental control for all browsers in Windows. I am thinking in a .NET application.

My first thought was create a local HTTP proxy (like Fiddler), even use Fiddlers embeddable API. However this proxy easily can be workarounded even by a kid, just (re) setting the browsers not to use this local proxy.

So I've concluded I have to go deeper. My question, am I right? ...and how and where...

Thanks in advance

Answer 1

The "official" way to do this would be to build a filter atop the Windows Filtering Platform; it's designed for this sort of thing, and it's how Windows' own Parental Controls feature is built.

Having said that, you can build a Parental Controls application using FiddlerCore. You would then use Group Policy to control proxy settings (Create a REG_DWORD named ProxySettingsPerUser with value 0 inside HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\InternetSettings\) such that the settings cannot be changed by non-administrative users.

You could further bolster this by applying Firewall policies such that direct egress is blocked and only traffic going through Fiddler is permitted to leave the box.

Answer 2

You probably won't be able to do it with .NET. If you want to see all HTTP traffic regardless of the browser settings, you'll need to either hook into every process and override calls to the sockets API, or get into the network driver layer and see the communications there.

.NET is wrong for both - you don't want to attach a .NET DLL to non-.NET processes, and you don't want to create a .NET driver.

You'll also need to somehow override the DNS, because otherwise you'll have no way to prevent HTTPS access - you can't monitor HTTPS, you can only prevent it.