DNSproxy - spy for yourself
DNSproxy - spy for yourself
Here is one more stuff I've played recently.
The idea was to made DNS proxy server and run it locally to collect all DNS queries made by Windows/programs using windows domain service.
So it's done. Currently it only logs requests (also resolves them using Google DNS and sends results back to a programs).
Further I'm going to add something like "DNS firewall" functionality, which will have some advantages over regular firewall.
Such stuff can be used to block access to any site by name (well not by IPs), so ad-blocking or even whole internet by whitelist can be made easily. Generally funny enough :3
Here is current test version, acts only as monitor:
http://geocities.ws/lunasole/data/dnsproxy/l
The idea was to made DNS proxy server and run it locally to collect all DNS queries made by Windows/programs using windows domain service.
So it's done. Currently it only logs requests (also resolves them using Google DNS and sends results back to a programs).
Further I'm going to add something like "DNS firewall" functionality, which will have some advantages over regular firewall.
Such stuff can be used to block access to any site by name (well not by IPs), so ad-blocking or even whole internet by whitelist can be made easily. Generally funny enough :3
Here is current test version, acts only as monitor:
http://geocities.ws/lunasole/data/dnsproxy/l
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
Re: DNSproxy - spy for yourself
Love it, thanks for sharing!
However it crashes on me after a few minutes, for no obvious reason. (Win 10 x64) Are you aware of the issue?
Tiny feature request: can you make the listview always show the bottom row, to avoid the need for scrolling down all the time?
However it crashes on me after a few minutes, for no obvious reason. (Win 10 x64) Are you aware of the issue?
Tiny feature request: can you make the listview always show the bottom row, to avoid the need for scrolling down all the time?
Re: DNSproxy - spy for yourself
Thank for reply. I have looked on code, it is even strange that it worked whole few minutes with that bug foundfirace wrote:Love it, thanks for sharing!
However it crashes on me after a few minutes, for no obvious reason. (Win 10 x64) Are you aware of the issue?
Tiny feature request: can you make the listview always show the bottom row, to avoid the need for scrolling down all the time?
Anyway should be fine now, also added auto-scrolling and exception handler
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
Re: DNSproxy - spy for yourself
Wow, that was fast! Awesome!Lunasole wrote:Thank for reply. I have looked on code, it is even strange that it worked whole few minutes with that bug foundfirace wrote:Love it, thanks for sharing!
However it crashes on me after a few minutes, for no obvious reason. (Win 10 x64) Are you aware of the issue?
Tiny feature request: can you make the listview always show the bottom row, to avoid the need for scrolling down all the time?
Anyway should be fine now, also added auto-scrolling and exception handler
It's working fine now, except for a small mystery: if I open http://www.reddit.com in my browser, I see some DNS lookups for a few related domains, but not for http://www.reddit.com itself... Any idea why? I did flush my DNS cache first.
Edit: same result in Nirsoft's DNSQuerySniffer - so at least it's not a bug in DNSproxy
Re: DNSproxy - spy for yourself
That's really strange. On my Win7 there is correct log (http://www.reddit.com query present) using 3 different browsers.firace wrote:
It's working fine now, except for a small mystery: if I open http://www.reddit.com in my browser, I see some DNS lookups for a few related domains, but not for http://www.reddit.com itself... Any idea why? I did flush my DNS cache first.
Edit: same result in Nirsoft's DNSQuerySniffer - so at least it's not a bug in DNSproxy
The only idea I have now -- "hosts" file. If some domain stored on it, there will be no DNS request for this domain (like http://localhost/ will not be displayed in log). Or maybe Win10 itself has some extra surprise with that ^^
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
Re: DNSproxy - spy for yourself
Lunasole wrote:That's really strange. On my Win7 there is correct log (http://www.reddit.com query present) using 3 different browsers.firace wrote:
It's working fine now, except for a small mystery: if I open http://www.reddit.com in my browser, I see some DNS lookups for a few related domains, but not for http://www.reddit.com itself... Any idea why? I did flush my DNS cache first.
Edit: same result in Nirsoft's DNSQuerySniffer - so at least it's not a bug in DNSproxy
The only idea I have now -- "hosts" file. If some domain stored on it, there will be no DNS request for this domain (like http://localhost/ will not be displayed in log). Or maybe Win10 itself has some extra surprise with that ^^
Problem solved! It turns out that Windows 10 has so-called "smart" DNS resolution, which spontaneously tries the "best" or fastest way to get a DNS response. See https://medium.com/@ValdikSS/beware-of- ... c5bfb4e3f1
In my case, the missing queries were in fact simply going over IPv6. After I disabled it, I started seeing *all* queries on the proxy.
By the way, just wondering, is DNSproxy entirely written in PB or is it using some 3rd party DLLs?
Re: DNSproxy - spy for yourself
Hah, they even DNS resolving made complicated and questionable in those newer Windows. Thank for link.firace wrote: Problem solved! It turns out that Windows 10 has so-called "smart" DNS resolution, which spontaneously tries the "best" or fastest way to get a DNS response. See https://medium.com/@ValdikSS/beware-of- ... c5bfb4e3f1
Yes, coded from scratch and mostly "for fun" ^^firace wrote: By the way, just wondering, is DNSproxy entirely written in PB
There is nothing complex btw, just UDP proxy with partially implemented DNS protocol. Maybe I'll post sources somehow later
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
Re: DNSproxy - spy for yourself
Is it using any win API or can you make a linux version?
WARNING: I dont know what I am doing! I just put stuff here and there and sometimes like magic it works. So please improve on my code and post your changes so I can learn more. TIA
Re: DNSproxy - spy for yourself
Nothing especial, should work fine on linux too (maybe with some changes).vwidmer wrote:Is it using any win API or can you make a linux version?
I've just uploaded version 1.0.0.2 + sources btw, you can try to build for linux.
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
Re: DNSproxy - spy for yourself
Yes it works fine on linux. I am not sure though I had to remove the /opengl ? and I comment out these lines but seems to work fine.
Code: Select all
;Protected LenT.GETTEXTLENGTHEX
;Protected S.CHARRANGE
;S\cpMin = SendMessage_(GadgetID(l), #EM_GETTEXTLENGTHEX, LenT, 0)
;S\cpMax = S\cpMin
;SendMessage_(GadgetID(l), #EM_EXSETSEL, 0, S)
WARNING: I dont know what I am doing! I just put stuff here and there and sometimes like magic it works. So please improve on my code and post your changes so I can learn more. TIA
Re: DNSproxy - spy for yourself
Nice then ^^vwidmer wrote:Yes it works fine on linux. I am not sure though I had to remove the /opengl ? and I comment out these lines but seems to work fine.
Code: Select all
;Protected LenT.GETTEXTLENGTHEX ;Protected S.CHARRANGE ;S\cpMin = SendMessage_(GadgetID(l), #EM_GETTEXTLENGTHEX, LenT, 0) ;S\cpMax = S\cpMin ;SendMessage_(GadgetID(l), #EM_EXSETSEL, 0, S)
/opengl makes no difference. Those lines too, that's just log scrolling
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"