Monitoring both sides of chats

Question

3.74/5 (18 votes)

See more:

How can a parental control monitor both sides of chats? That should be done not by using keyboard hooks (which will monitor only one side of the conversation), but instead, by identifying the window and the control (listbox, editbox, etc.) used for communication, and capturing it textually. Is there a generic way for doing so?

Posted 9-Oct-12 8:20am

Michael Haephrati

Updated 20-Feb-13 6:20am

v2

Add a Solution

Comments

enhzflep 9-Oct-12 15:18pm

What about hooking send and recv? They seem to me to be the only things that will be constant across different chat programs. Of course, the format of the data will be different. But if it's captured it can be processed later. WireShark does it with the help of the WinPcap library.
You can find it here: WinPcap

I realize you ask about capturing data from the controls themselves, but if they're custom controls then this can(will?) fall flat sooner or later. If it gets into the pc via a network connection, WinPcap should be able to intercept it, hence my suggestion of it.
S.

pasztorpisti 9-Oct-12 16:11pm

The window might consist of totally custom controls, the net channel might be encrypted on application layer. When hijacking input you want to capture input events and their target. For a simpler solution I would go with hooking into the message loop of the main/gui thread of the application, maybe into all threads of the application. This is a per-process approach. You can then capture any keyboard/mouse messages inside the process, gui focus changes and so on. Even if the program has only a main window with exclusively custom controls you can still get all input messages and reconstruct the text messages. For a more serious solution I would do this hooking on system level, this ways you could capture outgoing input globally and for each input event you should find out the target process/thread/gui control. This way you can log the whole interaction between the user and the machine.

enhzflep 9-Oct-12 16:17pm

"the net channel might be encrypted on application layer." :face-palm:
Of course! How did I manage to overlook that simple counter-measure.

As is the norm from you pasztorpisti, a comprehensive post, full of valuable insights. :thumbs-up:

pasztorpisti 9-Oct-12 16:30pm

Thank you! The WinPcap solution is also a nice one if there is no encryption. Lot of chat programs are silly enough not to use good encryption. :-) My solution doesn't cover the capturing of the other party, WinPcap can handle that too (however that also requires net protocol reverse engineering that is often not too difficult).

pasztorpisti 9-Oct-12 16:48pm

Anyway, WinPcap is not only a nice solution, its probably the easiest and first way to consider if there is no strong encryption! :thumbsup:

Michael Haephrati 9-Oct-12 16:19pm

How will I capture the other party?

pasztorpisti 9-Oct-12 16:32pm

Capturing the other side requires application specific handling. If the net channel isn't encrypted then you can use the WinPcap solution of enhzflep with well known or reverse engineered protocols. The message queue hooking can also be usable in some cases when the message log control is known and filled up with content using window messages.

Michael Haephrati 9-Oct-12 16:33pm

Take Skype for example

pasztorpisti 9-Oct-12 16:39pm

If you target a specific application then you can do a lot of things by hooking.

eugene.shikhov 10-Oct-12 4:40am

As far as I know, Skype implements quite strong encryption. So, WinPcap-based solution is useless here.

3 solutions

Solution 2

Skype for example encrypts it. Also, I am interested in discussing the question: is it possible to identify the UI element used by common chat application and capture the text inside it.

Posted 15-Oct-12 20:22pm

Michael Haephrati

Solution 1

Why dont you try packet sniffing. Protocol used by most of the chat clients are known, you can decode it to get the message. There are readymade softwares are available, e.g. ArcMentor (I was working on this at my previous organization ;) )

Posted 15-Oct-12 20:20pm

PrafullaVedante

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Kucera Jan · Accepted Answer · 2013-02-20T21:24:00

Solution 3

Hi,

I would recomend using a sniffer. If you want to use existing application you can use Ethercap or Wireshark or TCPDUMP.

If you, though, want to implement your own sniffer, you shall study LIBPCAP libreary.

Best Regards
J. K.

Posted 20-Feb-13 21:24pm

Kucera Jan