FiddlerCore - Creating a proxy service

6 posts, 1 answers
  1. kris
    kris avatar
    8 posts
    Member since:
    Nov 2015

    Posted 15 Nov 2015 Link to this post

    Hi Eric,

    Thanks again for your helpful responses to my previous questions.  This is more of a 'pick-your-brain' type of question, and if you could offer thoughts to point me in the right direction I'd be very thankful.  And forgive me if my terminology isn't spot on, as I'm new to working with web traffic at this level.

    I've enjoyed getting to learn about and use FiddlerCore for a personal home project.  I'm building a web filter for my family, and I've had great results so far. So I'm ready to begin thinking ​what it looks like to deploy the application as a Windows service on my PC.   

    So my first question involves the proxy.  I see that when I use Fiddler the Windows ​proxy server settings are enabled and set to listen to the specified address and port.  So how might I go about setting up the proxy 'in the background', so to speak, and not have to worry ​my app needing to set the 'Manual Proxy Settings' in Windows?  I hope that makes sense.

    My goal is make the filter as fool proof as possible, where the proxy runs as a service that cannot be tampered with, suspended, or disabled (even by an Admin account).  The only way it could be disabled is via performing an uninstall.  This is not really Fiddler-related per se, but if you had any thoughts on this as well I'd gladly hear them.  Thanks again.

    -Kris

  2. Answer
    Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 16 Nov 2015 Link to this post

    Hello, Kris--

    There's really no way (in Windows) to protect anything against an Admin account, since, by definition, an admin has the ability to change any setting, take ownership of any file, and even edit the memory of other processes. 

    There's a Windows group policy setting (HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser) which is a DWORD that, when set to 0, forces all users' WinINET proxy settings to use the "computer-wide" proxy settings that are only configurable by an administrator. So you can set that setting, configure the computer wide proxy settings to point at 127.0.0.1:8888 and then all users will use the shared proxy setting. By default, that means all browsers will go through that shared proxy.

    However, as far as I know, neither Chrome nor Firefox respects that setting, so that unlike IE's settings (which are locked by group policy), a user of those browsers can simply change the proxy settings to whatever they like (including null) to bypass your filter.

    You could do some crazy things (e.g. use a wifi router that requires a given header on all outbound traffic, and then have your FiddlerCore app add that secret header, such that bypassing the proxy causes the traffic to fail) but these are all pretty complicated.

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. kris
    kris avatar
    8 posts
    Member since:
    Nov 2015

    Posted 12 Dec 2015 in reply to Eric Lawrence Link to this post

    Hey Eric,

    It's been a while since you've posted.  But thanks again for the response.  I'll definitely look into the ProxySettingsPerUser registry setting you mentioned.  I'm still very impressed with FiddlerCore and what it has allowed me to do in terms of filtering content.  I think I can use my custom filter in combination with Windows Family Safety to restrict Chrome, Firefox, Opera, etc (per your comment above).  However, do you know if this registry setting just works for web browsers?  Currently the filter I've written using FidderCore is also helping block images from even apps, etc.  Will setting this registry value ensure this functionality as well?

  4. kris
    kris avatar
    8 posts
    Member since:
    Nov 2015

    Posted 12 Dec 2015 in reply to Eric Lawrence Link to this post

    Eric,

    I tried the ProxySettingsPerUser registry solution, however to no avail has of yet.  In addition to this, I updated all the machine-level Internet Settings (ProxyServer, ProxyOverride, ProxyEnable).  In short the proxy is not being hit. 

     Do you happen to know if this setting only works on versions of Windows beyond Basic or Home (Business, Enterprise, etc?).  The reason I'm asking is because I'm not sure if a group policy setting will work on my version of Windows. 

  5. kris
    kris avatar
    8 posts
    Member since:
    Nov 2015

    Posted 12 Dec 2015 in reply to kris Link to this post

    Okay, response to my own post.  Got it working.  I had to do something a bit strange though.  As I found in my research, some people had to open IE as an Admin (just one time) in order for the proxy settings to be applied and to remain.  Any ideas why this could be?  Once I did that, it seems everything is working. 

     As for my main issue, it seems I've made some great progress!  Thanks for your help Eric! 


     
  6. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 14 Dec 2015 Link to this post

    Hi, Kris--

    Interesting-- I'm not sure why opening IE at Admin just once would change the behavior; if you need to know for sure, you could probably use Process Monitor (from SysInternals) to watch all registry writes and see what's happening (e.g. a key gets set). One possibility is that you're on a 64bit PC and you've only set the key for one "bitness" (e.g. 32 bit) and running IE at Admin once creates the key at the other bitness? I'm not sure.

    In terms of what traffic goes through the system proxy set this way-- this is technically the "WinINET" proxy setting, so anything that uses the WinINET.dll API for content (including Internet Explorer Web Browser controls) will go through it. Also, in most cases the WinHTTP API will use the setting from WinINET, and that's also true of the System.NET API (from the .NET Framework). Some third party networking apps (e.g. Chrome) will also respect the WinINET proxy by default unless you override them with command line settings or configuration changes elsewhere.

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top