ProtocolFilters is a
library that classifies data packets provided on input, detects high-level
protocols and allows filtering the classified objects. It is designed
to work with NetFilter SDK API, but also can be used for parsing and
filtering the network packets obtained from other sources. The library
has a simple API, which can be used from C/C++/.NET/Delphi code.
Key features:
- The library supports filtering outgoing HTTP, POP3, SMTP, SSL
and raw data.
- The protocol is detected automatically by analyzing the first
packets. Unsupported protocols are bypassed automatically. It
is possible to allow the library to classify all outgoing network
traffic and filter only classified protocols.
- The library detects HTTPS proxies, including chained requests.
- HTTP filter decodes the transmitted requests and responses,
and allows filtering plain de-chunked and uncompressed HTTP data.
It is possible to bypass the filtering or block some request or
response by analyzing the initial bytes of transmitted content.
- SSL filter decodes SSL v2/3 and TLS by generating a local certificate
for each domain.
- The filters for POP3 and SMTP protocols allow filtering the
incoming and outgoing mail messages.
- It is possible to filter the unclassified content as raw buffers.
- The filtering chain from protocol filters is created dynamically
for each new connection. It is possible to apply different chains
of filters with different filtering flags for the connections,
after analyzing connection properties: process identifier, name
and owner, local and remote addresses/ports.
Included samples:
- Delphi\PFNetFilter - Delphi application that uses ProtocolFilters for filtering HTTP/POP3/SMTP protocols.
- CSharp\PFNetFilterCS - C# application that uses managed API for filtering HTTP/POP3/SMTP protocols.
- PFDump - filters outgoing TCP connections and saves classified objects to *.bin files.
- PFHttpBlocker - Filters TCP connections and blocks HTTP content by URL and text body.
- PFHttpContentFilter - Filters outgoing TCP connections and adds a prefix to the titles of HTML pages downloaded via HTTP.
- PFMailFilter - Adds a prefix to the subjects of incoming messages, and blocks outgoing messages having the specified prefix in subject.
|
