Windivert Blacklist not working in Chrome. Works well in Edge Firefox etc

[abhilashaman08]

Windivert (webfilter) Blacklist not working in Chrome. Works well in Edge Firefox. Packets are captured well, but seems like TCP RST does not reset connection. Following snippet:

    string pattern = "outbound && !loopback && (ip || ipv6)";	
for (int i = 0; i < whiteListIp.size(); i++)
{
	pattern = pattern + " && (ip.DstAddr != " + whiteListIp[i] + " )";
}
pattern = pattern + " && (tcp.DstPort == 80 || tcp.DstPort == 443 ) && tcp.PayloadLength > 0";

handle = WinDivertOpen(pattern.c_str(), WINDIVERT_LAYER_NETWORK, priority, 0);

[abhilashaman08]

@basil00 could you help?

[basil00]

The webfilter example is not very useful. It only supports HTTP/1.1, which was somewhat relevant in 2011 when it was first written, but is no longer relevant as almost all websites/browsers use encryption + more modern web protocols. This sample should be retired.

As for your code, this does not appear to be webfiter anyway, so I cannot comment.

[abhilashaman08]

Thanks for your reply. Actually what we do is we hijack the packet through Windivert on tcp.port 443,outbound and find url from its payload, once url is found, we match them with our internal category matching criteria, and blocks them if its on matching criteria. But in chrome, we saw some packets were not being captured. Is there a way to insure all packets at this port is captured? Since you marked the thread as closed, Can you reply here? Thanks again for your help!

…

On Tue, 24 Jan 2023 at 6:50 AM, basil00 ***@***.***> wrote: Closed #327 <#327> as completed. — Reply to this email directly, view it on GitHub <#327 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A4XWOFXNB46NSONMUPGK77LWT4U6HANCNFSM6AAAAAAUCPIVPY> . You are receiving this because you authored the thread.Message ID: ***@***.***>