DNSproxy - spy for yourself

Applications, Games, Tools, User libs and useful stuff coded in PureBasic
User avatar
Lunasole
Addict
Addict
Posts: 1091
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

DNSproxy - spy for yourself

Post by Lunasole »

Here is one more stuff I've played recently.
The idea was to made DNS proxy server and run it locally to collect all DNS queries made by Windows/programs using windows domain service.

So it's done. Currently it only logs requests (also resolves them using Google DNS and sends results back to a programs).
Further I'm going to add something like "DNS firewall" functionality, which will have some advantages over regular firewall.
Such stuff can be used to block access to any site by name (well not by IPs), so ad-blocking or even whole internet by whitelist can be made easily. Generally funny enough :3

Here is current test version, acts only as monitor:
http://geocities.ws/lunasole/data/dnsproxy/l
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
firace
Addict
Addict
Posts: 899
Joined: Wed Nov 09, 2011 8:58 am

Re: DNSproxy - spy for yourself

Post by firace »

Love it, thanks for sharing!

However it crashes on me after a few minutes, for no obvious reason. (Win 10 x64) Are you aware of the issue?

Tiny feature request: can you make the listview always show the bottom row, to avoid the need for scrolling down all the time?
User avatar
Lunasole
Addict
Addict
Posts: 1091
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

Re: DNSproxy - spy for yourself

Post by Lunasole »

firace wrote:Love it, thanks for sharing!

However it crashes on me after a few minutes, for no obvious reason. (Win 10 x64) Are you aware of the issue?

Tiny feature request: can you make the listview always show the bottom row, to avoid the need for scrolling down all the time?
Thank for reply. I have looked on code, it is even strange that it worked whole few minutes with that bug found :D
Anyway should be fine now, also added auto-scrolling and exception handler
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
firace
Addict
Addict
Posts: 899
Joined: Wed Nov 09, 2011 8:58 am

Re: DNSproxy - spy for yourself

Post by firace »

Lunasole wrote:
firace wrote:Love it, thanks for sharing!

However it crashes on me after a few minutes, for no obvious reason. (Win 10 x64) Are you aware of the issue?

Tiny feature request: can you make the listview always show the bottom row, to avoid the need for scrolling down all the time?
Thank for reply. I have looked on code, it is even strange that it worked whole few minutes with that bug found :D
Anyway should be fine now, also added auto-scrolling and exception handler
Wow, that was fast! Awesome! :shock: :D

It's working fine now, except for a small mystery: if I open http://www.reddit.com in my browser, I see some DNS lookups for a few related domains, but not for http://www.reddit.com itself... Any idea why? I did flush my DNS cache first.


Edit: same result in Nirsoft's DNSQuerySniffer - so at least it's not a bug in DNSproxy :)
User avatar
Lunasole
Addict
Addict
Posts: 1091
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

Re: DNSproxy - spy for yourself

Post by Lunasole »

firace wrote:
It's working fine now, except for a small mystery: if I open http://www.reddit.com in my browser, I see some DNS lookups for a few related domains, but not for http://www.reddit.com itself... Any idea why? I did flush my DNS cache first.


Edit: same result in Nirsoft's DNSQuerySniffer - so at least it's not a bug in DNSproxy :)
That's really strange. On my Win7 there is correct log (http://www.reddit.com query present) using 3 different browsers.
The only idea I have now -- "hosts" file. If some domain stored on it, there will be no DNS request for this domain (like http://localhost/ will not be displayed in log). Or maybe Win10 itself has some extra surprise with that ^^
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
firace
Addict
Addict
Posts: 899
Joined: Wed Nov 09, 2011 8:58 am

Re: DNSproxy - spy for yourself

Post by firace »

Lunasole wrote:
firace wrote:
It's working fine now, except for a small mystery: if I open http://www.reddit.com in my browser, I see some DNS lookups for a few related domains, but not for http://www.reddit.com itself... Any idea why? I did flush my DNS cache first.


Edit: same result in Nirsoft's DNSQuerySniffer - so at least it's not a bug in DNSproxy :)
That's really strange. On my Win7 there is correct log (http://www.reddit.com query present) using 3 different browsers.
The only idea I have now -- "hosts" file. If some domain stored on it, there will be no DNS request for this domain (like http://localhost/ will not be displayed in log). Or maybe Win10 itself has some extra surprise with that ^^

Problem solved! It turns out that Windows 10 has so-called "smart" DNS resolution, which spontaneously tries the "best" or fastest way to get a DNS response. See https://medium.com/@ValdikSS/beware-of- ... c5bfb4e3f1

In my case, the missing queries were in fact simply going over IPv6. After I disabled it, I started seeing *all* queries on the proxy. :)

By the way, just wondering, is DNSproxy entirely written in PB or is it using some 3rd party DLLs?
User avatar
Lunasole
Addict
Addict
Posts: 1091
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

Re: DNSproxy - spy for yourself

Post by Lunasole »

firace wrote: Problem solved! It turns out that Windows 10 has so-called "smart" DNS resolution, which spontaneously tries the "best" or fastest way to get a DNS response. See https://medium.com/@ValdikSS/beware-of- ... c5bfb4e3f1
Hah, they even DNS resolving made complicated and questionable in those newer Windows. Thank for link.
firace wrote: By the way, just wondering, is DNSproxy entirely written in PB
Yes, coded from scratch and mostly "for fun" ^^
There is nothing complex btw, just UDP proxy with partially implemented DNS protocol. Maybe I'll post sources somehow later
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
vwidmer
Enthusiast
Enthusiast
Posts: 282
Joined: Mon Jan 20, 2014 6:32 pm

Re: DNSproxy - spy for yourself

Post by vwidmer »

Is it using any win API or can you make a linux version?
WARNING: I dont know what I am doing! I just put stuff here and there and sometimes like magic it works. So please improve on my code and post your changes so I can learn more. TIA
User avatar
Lunasole
Addict
Addict
Posts: 1091
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

Re: DNSproxy - spy for yourself

Post by Lunasole »

vwidmer wrote:Is it using any win API or can you make a linux version?
Nothing especial, should work fine on linux too (maybe with some changes).

I've just uploaded version 1.0.0.2 + sources btw, you can try to build for linux.
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
vwidmer
Enthusiast
Enthusiast
Posts: 282
Joined: Mon Jan 20, 2014 6:32 pm

Re: DNSproxy - spy for yourself

Post by vwidmer »

Yes it works fine on linux. I am not sure though I had to remove the /opengl ? and I comment out these lines but seems to work fine.

Code: Select all

	;Protected LenT.GETTEXTLENGTHEX
		;Protected S.CHARRANGE
		;S\cpMin = SendMessage_(GadgetID(l), #EM_GETTEXTLENGTHEX, LenT, 0)
		;S\cpMax = S\cpMin
		;SendMessage_(GadgetID(l), #EM_EXSETSEL, 0, S)
WARNING: I dont know what I am doing! I just put stuff here and there and sometimes like magic it works. So please improve on my code and post your changes so I can learn more. TIA
User avatar
Lunasole
Addict
Addict
Posts: 1091
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

Re: DNSproxy - spy for yourself

Post by Lunasole »

vwidmer wrote:Yes it works fine on linux. I am not sure though I had to remove the /opengl ? and I comment out these lines but seems to work fine.

Code: Select all

	;Protected LenT.GETTEXTLENGTHEX
		;Protected S.CHARRANGE
		;S\cpMin = SendMessage_(GadgetID(l), #EM_GETTEXTLENGTHEX, LenT, 0)
		;S\cpMax = S\cpMin
		;SendMessage_(GadgetID(l), #EM_EXSETSEL, 0, S)
Nice then ^^
/opengl makes no difference. Those lines too, that's just log scrolling
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
Post Reply