How to build local web proxy without configuring the browsers

StackOverflow https://stackoverflow.com/questions/4614834

  •  26-09-2019
  •  | 
  •  

Question

How does Netnanny or k9 Web Protection setup web proxy without configuring the browsers? How can it be done?

Was it helpful?

Solution

Using WinSock directly, or at the NDIS or hardware driver level, and then filter at those levels, just like any firewalls soft does. NDIS being the easy way.

Download this ISO image: http://www.microsoft.com/downloads/en/confirmation.aspx?displaylang=en&FamilyID=36a2630f-5d56-43b5-b996-7633f2ec14ff
it has bunch of samples and tools to help you build what you want. After you mount or burn it on CD and install it go to this folder: c:\WinDDK\7600.16385.1\src\network\ndis\

OTHER TIPS

I think what you need is a transparent proxy that support WCCP.

Take a look at squid-cache FAQ page

And the Wikipedia entry for WCCP

With that setup you just need to do some firewall configuration and all your web traffic will be handled by the transparent proxy. And no setup will be needed on your browser.

netnanny is not a proxy. It is tied to the host machine and browser (and possibly other applications as well. It then filters all incoming and outgoing "content" from the machine/application.

Essentially Netnanny is a content-control system as against destination-control system (proxy).

Easiest way to divert all traffic to a certain site to some other address is by changing hosts file on local host

You might want to have a look at the explanation here: http://www.fiddlertool.com/fiddler/help/hookup.asp

This is how Fiddler2 achieves inserting a proxy in between most apps and the internet without modifying the apps (although lots of explanation of how-to failing the default setup). This does not answer how NetNanny/K9 etc work though, as noted above they do a little more and may be a little more intrusive.

I believe you search for BrowserHelperObjects. These little gizmos capture ALL browser communication, and as such can either remote ads from the HTML (good gizmo), or redirect every second click to a spam site (bad gizmo), or just capture every URL you type and send it home like all the WebToolBars do.

What you want to do is route all outgoing http(s) requests from your lan through a reverse proxy (like squid). This is the setup for a transparent web proxy.

There are different ways to do this, although I've only ever set it up OpenBSD and Linux; and using Squid as the reverse proxy.

At a high level you have a firewall with rules to send all externally bound http traffic to a local squid server. The Squid server is configured to:

  • accept all http requests
  • forward the requests on to the real external hosts
  • cache the reply
  • forward the reply back to the requestor on the local lan

You can then add more granular rules in Squid to control access to websites, filter content, etc.

I pretty sure you can also get this functionality in different networking gear. I bet F5 has some products that do some or all of what I described, and probably Cisco as well. There is probably other proxies out there besides Squid that you can use too.

PS. I have no idea if this is how K9 Web Protection or NetNanny works.

Squid could provide an intercept proxy for HTTP and HTTPs ports, without configuring the browsers and it also supports WCCP.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top