How to Log URL Request Strings by LiquidBinary In 18:4, angelazaharia took up behind the scenes of a deceptive web page request. The logging of every URL was made possible by using the firewall @Guard. It would be a trivial task to write our own URL logger. This task is easily accomplished by exploiting the information that Internet Explorer provides us and piggybacking off that. If you browse the web with Internet Explorer you'll notice that if you hover your cursor over a link on a page, you'll see a URL on the bottom left bar of IE. You'll also notice that if you surf on over to a web page, a bunch of URLs will be displayed on that very same bar. All the little paths flashing by are the very same locations that store .GIFs, MIDI files, etc. and they also link us to advertising sites like DoubleClick. If you single out and pull up a devious web page and are on a broadband connection, you'll see may URLs being displayed very abruptly in the IE status bar. Since we do not want to tax our naked eyes in trying to interpret the many instantaneous URLs being expelled at us, why don't we log them via homebrewed code? With a couple of Win32 API calls, we can coax IE into sending us every URL request string it sends out. Put simply, we must request a handle to the IE "statusbar" from Windows and jump into an infinite loop (CTRL-C to quit) to poll IE for each new URL string. The C source that follows attempts to accomplish this (tested on IE 6.0.2600 and IE 4.0). Adding code to dump the URLs into a file would be helpful for future reference of web browsing activity. Remember to have IE running before you fire up the program. All Win32 symbols and API calls are declared in 'windows.h'
/***
 * 	Author: LiquidBinary
 * 	 Email: liquidbinary@linuxmail.org
 * 	 Files: IE_Spy.c
 *     Program: IE_Spy.exe
 *     Purpose: Display URL requests from IE 6.0
 *    Compiler: MC VC++ 6.0 SP5
 *
 ***/

#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <stdlib.h>
#include <stdio.h>

#define IE_EXPLORER "IEFrame"
#define IE_STATUSBAR "msctls_statusbar32"
#define MAX_URL_BUFFER 2084
#define DELAY 50

enum {
	HWND_IE,
	HWND_MSCTLS,
	HWND_SIZE_OF
};

void error(char* s, DWORD dwCode) {
	printf("%s", s);
	exit(dwCode);
}

void info() {
	printf("IE_Spy by __LiquidBinary__\n");
	printf("liquidbinary@linuxmail.org\n");
	printf("<CTRL-C> to quit\n\n");
}

in mail(void) {

	HWND hWnds [HWND_SIZE_OF];
	char sBuffer [MAX_URL_BUFFER];
	char sURL [MAX_URL_BUFFER];

	info();

	hWnds [HWND_IE] = FindWindow(IE_EXPLORER, NULL);
        
        if (!hWnds[HWND_IE])
		error("IE not opened...\n", 0);	
	
	
	hWnds [HWND_MSCTLS] = FindWindowEx(hWnds[HWND_IE], NULL, IE_STATUSBAR, NULL);

	if (!hWnds[HWND_MSCTLS])
		error("Cannot locate status bar...\n", 0);

	printf("Loggin all IE URL requests...\n");

	SendMessage(hWnds[HWND_MSCTLS], WM_GETTEXT, MAX_URL_BUFFER, (LPARAM) sBuffer);

	printf("%s\n", sBuffer);

	for(;;) {
		
		SendMessage(hWnds [HWND_MSCTLS], WM_GETTEXT, MAX_URL_BUFFER, (LPARAM) sURL);
		Sleep(DELAY);

		if (lstrcmp(sURL, sBuffer) == 0)
			continue;
		else {
			printf("%s\n", sURL);
			lstrcpy(sBuffer, sURL);
		}
	}

	return 0;

}
IE_Spy.c IE_Spy.exe
Return to $2600 Index