How to monitor all the outgoing HTTP requests from PC

Question

Hi All,

Tools and Technologies, I using

1. .NET Framework 4.6.2
2. C#
3. Windows Forms

Currently we are working with LMS (Learning Management System), In our system, there is a feature called “Student Protector”, what it does is when student login to the system then application should block all outgoing HTTP calls.

E.g., while student login to system he/ she can use any kind of web browser or any application to browse web pages, in this situation, our application should monitor and block all HTTP calls”
For the above task I have read about HttpListener, HttpRequest and Socket Programming, but I couldn’t find proper answer “How to monitor all the outgoing HTTP requests and block from PC”

Can anyone help me on this?

Answer 1

You cannot monitor network calls using the types you mentioned. Monitoring network calls requires more permissions than a user is going to have and AFAIK .NET doesn't have the necessary infrastructure to do it anyway.

As a first pass I'd lean toward adjusting the firewall to block everything. Perhaps this could also be done using a group policy. If the computers are dedicated to training then a network policy could be configured to allow only certain software to run and this would naturally exclude browsers. Of course all this assumes your LMS isn't trying to connect to the network either, which it probably is. Therefore you cannot just block network access but rather need to identify the whitelist of things that should be allowed. Alternatively set up a test network that doesn't have INet connectivity and force the machine to use that instead of the standard adapter.

None of this is supported in .NET. You could programmatically call out to Win32 for some things but you'll need to dig through the Win32 API to see what calls you might need to make. A network policy probably makes the most sense for dedicated machines. Alternatively you would need to trigger the policy on startup of your app and ensure it gets reset on shutdown. If something goes wrong your policies are messed up. This completely ignores the fact that any domain policies may stomp over this as well.

In the learning labs I've seen set up the domain admins put the test machines on a dedicate network that doesn't even have INet access. The machines can connect to the intranet for the learning software and that's it. This solves the problem completely. This is all network infrastructure stuff though, nothing you'd do as part of your software. Trying to do this on a random machine is just not going to work though. There are way too many ways to work around it.

Answer 2

If a student is taking a test in your LMS system, and you successfully block his access to Google for the answers, he's going to pull out his phone and Google it from there.

To intercept HTTP traffic you could implement a proxy.

https://stackoverflow.com/questions/26992886/set-proxy-through-windows-command-line-including-login-parameters

https://www.dummies.com/computers/operating-systems/windows-10/how-to-set-up-a-proxy-in-windows-10/

You could just set the proxy to a bogus address/port and all HTTP requests will fail. That might require that the user have admin access.

And you would want to implement some kind of fail-safe mechanism so that if your program or the PC crashes, when it comes back up your proxy settings will be removed.

If your application gets deployed by the Windows installer, then you could write a service that listens on a port. Then configure the proxy to point to 127.0.0.1:your-port. Then for all HTTP requests your service would return a web page that says that browsing is not available while LMS is active. The LMS app would need to "talk" to the service to let it know what state (on/off) the proxy should be. The service would run as system, so it could do pretty much anything it wants to, and user would not need admin access.