Jump to content

Recommended Posts

Posted

Hi,

I'd like to make a program with Autoit which can detects when something try to get or send informations on my computer.

I think that I could use the function "netstat" with "cmd", however I need to know how to get the result of this command on the GUI.

Have you another idea to realize this program ? If no, How can i get the result of the function "netstat" in the GUI with autoit ?

Thanks in advance for your help.

Posted

I think something along the lines of ..

#include <Constants.au3>

ConsoleWrite( _GetDOSOutput("netstat") & @CRLF)

Func _GetDOSOutput($sCommand)
    Local $iPID, $sOutput = ""

    $iPID = Run('"' & @ComSpec & '" /c ' & $sCommand, "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD)
    While 1
        $sOutput &= StdoutRead($iPID, False, False)
        If @error Then
            ExitLoop
        EndIf
        Sleep(10)
    WEnd
    Return $sOutput
EndFunc   ;==>_GetDOSOutput
Posted

"@comspec / c" is only needed when calling an internal cmd.exe command (like dir, del, type, etc). If the command being run is from an external program, like netstat.exe, it can be run on it's own.

In this example I call netstat -n which will return quicker as it's showing just IP addresses, and not trying to resolve the name.

Also, depending on what your script is doing, if it's waiting on the results, Using ProcessWaitClose is easier than continuously polling and concatenating the string.

 

#include <Constants.au3>

ConsoleWrite(_GetDOSOutput("netstat -n") & @CRLF)

Func _GetDOSOutput($sCommand)
    Local $iPID, $sOutput = ""

    ;$iPID = Run('"' & @ComSpec & '" /c ' & $sCommand, "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD)
    $iPID = Run($sCommand, "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD)
    ProcessWaitClose($iPID)
    $sOutput = StdoutRead($iPID, False, False)


    Return $sOutput
EndFunc   ;==>_GetDOSOutput

 

That said, what is the OP looking for? Netstat will show connections, but not transfer of data.

 

I have used AutoIT to interpret raw data coming out of "Tshark" (a CLI tool from Wireshark), but if you don't have a very specific filter to narrow down traffic, it will get quickly bogged down with all traffic on your PC.

Posted

Sorry to answer you so late, I was ill this last few days.

So, Thanks for your answers, this is exactly what I need.

I didn't think there were so much traffic on the PC, that's why to understand what happen I use also TCPview. But for me, this freeware is for professionnal.

My idea is to use basic DOS command like "netsat" and try to make my own filter. When the program will detect that I send or obtain something to an suspect IP, I will open a msgbox to say : "you get or send something to this IP which corresponds to this site, this application, software or something else, do you want continu with this connection ? ". If the user say "no", the program will block this IP.

I think It will be a nice application to know in live when you are hacked :-)

The second part of my program will be to detect when a new computer is connected to your private Wi-Fi hotspot network. But for the moment I don't know how to do ?

If you are interested by this project, we can continue to exchange on this topic ;-)

 

Posted

Hi

hereunder, the draft code

#include <MsgBoxConstants.au3>
#include <Constants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <GuiStatusBar.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#include <Array.au3>
#include <String.au3>

;déclaration variable
Local $ip=""

#Region ### START Koda GUI section ### Form=
Global $Form1 = GUICreate("Form1", 615, 437, 192, 124)
Global $btn1 = GUICtrlCreateButton("Lancer l'analyse des ports", 80, 50, 150, 30)
GUICtrlSetColor(-1, 0x0000FF)
Global $Edit1 = GUICtrlCreateEdit("", 16, 152, 577, 257)
GUICtrlSetData(-1, "Edit1")
Global $Label1 = GUICtrlCreateLabel("Etat des connexions", 16, 128, 100, 17)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###

While 1
 $nMsg = GUIGetMsg()

 Switch $nMsg
    Case $GUI_EVENT_CLOSE
    Exit

    Case $btn1
    $infip=_GetDOSOutput("netstat -n")
    GUICtrlSetData($Edit1,$infip);Affichage du résultat
    $valu=StringSplit ($infip,@CRLF)
    $nbr=UBound($valu)
    For $i=0 To ($nbr-1) Step 1
        $regex="TCP"
        If $valu[$i]<>"" Then
            $ipexploit= StringRegExp($valu[$i],$regex,$STR_REGEXPMATCH)
            If $ipexploit=1 Then
                $answer = StringRegExp($valu[$i],'((?:\d{1,3}\.){3}\d{1,3})',3)
                If @error=0 Then
                    If (($answer[0]<>$answer[1]) And ($ip<>$answer[1])) Then
                        $ip=$answer[1]
                        MsgBox(0,"adresse",$ip)
                    EndIf
                EndIf
            EndIf
        EndIf
    Next

 EndSwitch
WEnd


Func _GetDOSOutput($sCommand)
    Local $iPID, $sOutput = ""

    $iPID = Run('"' & @ComSpec & '" /c ' & $sCommand, "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD)
    While 1
        $sOutput &= StdoutRead($iPID, False, False)
        If @error Then
            ExitLoop
        EndIf
        Sleep(10)
    WEnd
    Return $sOutput
EndFunc   ;==>_GetDOSOutput

The next step will be to find how We can get some details about the adress IP without to use existing website?

Who know where it's possible to get these elements ? Like the website "whois" or other do.

Thanks in advance for this information.

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...