问题
I am developing a desktop application which has to notify the user if antivirus or other security software are disabled once the user opens a bank wabsite.The bank website url is known for the application. My application has to fire a notification window if the given bank site is going to be accessed from the user.I want the application to check which site (link) is opening by the user and if it is the predefined link the notification form should appear. Is something like this possible to be done without developing browser add-ins?
回答1:
The short answer is No.
The longer answer is Yes. But you'd have to go into either network sniffing (won't work - bank traffic is usually encrypted) or memory stuff (manually reading strings from the RAM, etc). In both cases it's at least 1000x easier to make a browser add-in.
回答2:
hypothetically, if your application acted as an HTTP Proxy for the user's browser, then yes.. you could intercept the request for the Bank Website and respond with your recommendations to the user..
回答3:
It is possible by developing either browser-add-in and/or a http(s)-proxy and/or sandboxing the browser and/or replacing the browser with a modified version and/or hacking the browser...
IF you really just want to do it with a normal desktop application it is thinkable (polling the browser for currently open URLs) BUT I would strongly recommend to not do this... it would not work reliably and it would put some strain on the resources...
If I had to implement this I would definitely write a browser-add-in and/or a http(s) proxy... any reason why you exclude a browser-add-in for this ?
回答4:
It's not possible. (At least without much work and/or manual configuration on every computer)
You have a lot of problems to solve:
- How are you going to get "the url" from "the browser"?
- What about security?
- How should you determine if the antivirus or firewall is enabled?
Let's divide an "url" into smaller pieces (lets limit us to the http-protocol):
HTTP is an TCP/IP-connection between two IP-addresses and two ports, the server normally responds on port 80 (if you omit the port the default is 80). Example url:
http://123.123.123.123:456 (connect with http to ip 123.123.123.123 on port 456)
Then we have dns; a domain name will be translated to an ip-adress, example:
http://foobar.com => http://123.123.123.123 (dns translated foobar.com to 123.123.123.123)
Now, assume you add a path to your url, example:
http://foobar.com/path/to/page.htm
What do we do now? There's no such thing as a "path" in TCP/IP. It's on the HTTP level. Let's take a look on a very basic http-url and it's translation to a TCP/IP-connection:
http://foobar.com/path/to/page.htm =>
- Client looks up foobar.com => 123.123.123.123
- Client connects to 123.123.123.123 on port 80
- Client sends the following data to the server:
GET /path/to/page.htm HTTP/1.1 Host: foobar.com
How are you going to get your hands on the tcp/ip-connections (and their "contents")?
You have a few choices:
- A filter (installed into the networking layer. Sensitive stuff, all I've tried has caused instability and performance loss, apart from trouble - firewalls..)
- A proxy (you have to make sure that every browser has redirected their network traffic through your proxy - there's no global setting, every browser has their own way)
- Some kind of plugin for the browser (you have to write a new plugin for every browser, and make sure it's enabled)
Let's look a security - in case HTTPS (HTTP with SSL) is used then another problem is introduced: the content of every network connection is encrypted, and you can't decrypt it unless you have the key (and you haven't, unless you provide your own, but then the browser won't trust your key and issue a big warning, unless you've installed your key in the browser. And you don't want to do that - it's a fairly big security risk..)
Let's imagine you've solved this problem, how are you going to know whether an anti virus is installed and enabled? And a firewall? Every anti virus and firewall has their own way.
回答5:
If your .Net desktop application is used to show a notification when a user hits your predefined banking website. Then given the effort required with the alternate answers, from experience (in finance) wouldn't make more sense to make your application launch the link. Then you could do your checks, show the notification and if you launched the website with a unique querystring parameter generated from the desktop application, users browsing the website would have an extra layer of security.
If users dont have your application installed, wont that defeat the point of doing all these checks (to notify the user if antivirus or other security software are disabled once the user opens a bank website) in the first place.
来源:https://stackoverflow.com/questions/8282092/is-it-possible-for-a-desktop-application-to-get-the-website-url