Recently, a lot of people in my house have been going on my computer when I wasn't there and I want to make sure that I know what they have been on, for the sake of privacy. I had the idea of making a keylogger that I could use to see what they have been doing on my computer. The keylogger itself (as in a program that records key strokes) I could make, but I have another idea in mind that I'm not sure is possible.
My idea is basically, like a keylogger, something that compiles a list, or log, of the activities of the user, but to a greater extent. I was wondering if it would be possible to document the actions of the user to the extent that every element of the screen they clicked on would be documented. In a web browser, I'm sure there would be a way to do this as all of the information (ids) of the elements of the page can be collected by inspecting the elements (looking at the code). As for general use of the computer, I'm not so sure.
In simpler terms, I want to make a program that would record the users actions in a log as shown below.
14:17: User clicked Windows Start Button
14:17: User searched for 'Chrome' in search engine
14:17: User opened 'Chrome'
14:18: User clicked URL address bar
14:18: User searched for 'stackoverflow.com'
14:18: User clicked 'Login' button on 'stackoverflow.com'
I'm not an expert by any means and only have a school-level knowledge of programming, but I want to know if it would be possible to create something like this. I want the program to be able to collect all of these major actions so that I can compile them within a hidden text document. I'm not sure if these elements could be identified by a program but if anyone has any idea how I would do something like this or indeed if I could do something like this, by all means, message me on here. I would be EXTREMELY grateful!
P.S - This is my first post on here, go easy on me, aha.
With .NET code you will definitely be able to get window positions of other applications (for example google chrome).
For example with the following library: https://github.com/DataDink/WindowScrape
Furthermore you should be able to track keyboard inputs and mouse-clicks of the user on the desktop (which position he clicked on). I think the evualuation of the mouse-clicks will be up to you ("user clicked on url-bar in chrome").
Just a personal hint from me: Doing something like that without informing the person using the PC you will be heavily punished. Think about it twice.
Related
I would like to record the actions of a user when they are using the base Operating System with my application open.
For example, Clicked Start, Clicked All Programs, Clicked Microsoft Office, Clicked Microsoft Word....
Can anyone suggest a sensible method to achieve this?
The idea is that the user's actions are only recorded when my application is open, its meant to be an alternative to the Microsoft recorder. It creates a written procedure that can be sent to a customer service department.
I guess you should ask yourself if your users will appreciate this! Maybe they care about their privacy.
Anyway you can do it using hooks (I think you're writing for Windows). Same task as a macro recorder.
If you are trying to do that, why not just use an existing program. We used AutoHotkey at my last job to do this for creating UI testing code.
You could ask the user to install AutoHotkey and have them record the script. It can then be sent to you. You can run the script yourself (although you may have to tweak the screen resolution and things like that), and see what was happening.
EDIT:
Another idea is have the user record a screen cast and send that to you. It might make it easier to debug.
I didn't know what Microsoft Recorder was, thought it was the sound recorder, didn't realize there is a Microsoft Problem Recorder bundled in Win7, which does the whole screen cast recording.
I have C# form in the site and want to prevent spam bots from filling it. The trick is, that I want to avoid CAPTHA or any other user input to avoid loosing a single registration.
Here are some techniques I have in my mind:
Hidden input field (question: is this still effective?)
Track time, since the first user input (focus on FirstName) till posting a form.. Humans will take more than 3 seconds to complete a form (even with auto-fill), where bots take a second or less to fill in registration and post it. (question: if I start timer with the first user input, when should I stop it?)
Put in the form tag a fake post url, or post form to itself, and only on Submit button click action to add a real post url with javascript. (question: wonder if new spam bots can cheat this?)
I would be glad to hear other techniques I could adopt, again, without using CAPTCHA, spam filters, form verifications and even validation. Thank you
would be good to have some sort of flash which asks you to reconnect dots (so that it is interactive and doesnt require typing), and when the user does it correctly, you can post with submit to check.
Never liked CAPTCHA, especially the wierd ones where even humans have problem intepreting it :)
A year ago there was a nice control for asp.net that put a hidden field on the form. With a javascript formula. Robots posted it back - and it wanted the result (stored the result first in the session). basically, as robots dont interpret the form in a browser (too slow).... ;) Most got just thrown out there.
Also, another tip: put in hidden fields for the email to address. Some (old)php forms use a mailer supportnig this. OBVIOUSLY only a robot fills that out ;) If not empty -> garbage.
Anyone else have any smart ideas? ;)
I would say stick with Captcha or a similar thing where the user has to type something in.
The problem with using JavaScript is that not everyone has javascript turned on and quite a few have it turned off for various reasons.
Now if you want to really track time, send a hidden form field with the server time filled in. When the postback occurs take the delta of that with the current time. Obviously if the field is missing then you know someone directly posted.
hmmm,
typing the title made me feel like i am a hacker asking for some illegal stuf....
but the truth is different i think. My client wants to control 3 webapplications at different computers at the same time.
I can't say exactly what the porpose of this is, but he wants, when he clicks on computer A at button 1 in the browser, that on computer B in the browser also is clicked on button 1, and also on computer C.
When i devided this process in 3 steps, i realized that none of them are things i've done before:
first thing is to get the click event out of the browser
second is to inform computer number B and C of the click event
third is to click a button in the browser of computer B and C
Three things i don't know how to accomplish (i have done some remoting in the past, maybe that can work for the communication between the three computers, but all i remember is that remoting did NOT become my friend)
So if you can give me any clue on how to catch browser events outside the browser, talk between two pc's and raise events in the browser from outside the browser, your help would be greatly appreciated.
EDIT:
i don't control the application. My client will use it to send multiple stock orders. so i think you can compare it with up-vote on a voting website
I know this is not an answer directly to your question, but it is a valid answer from a business and developer standpoint.
Unless your client is willing to pay through the nose for development time, it would be better to find out WHY the client wants this and offer possible alternatives. What they're asking can't be done without a LOT of work. I'm not sure where I'd even start - probably writing my own browser using the BrowserControl in a WinForms app, and using Remoting to control the WinForms app.
Really, you're better off researching the requirement better and proposing an alternative that is doable. Part of being a good devloper/analyst/project manager, etc is to be able to correctly divine what the customer actually needs from what the customer SAYS they want.
It could be that they just need you to track the status of something and your separate browsers need to auto-refresh. Or it could be that WinForms is not the right tool for the job. Or it could be something completely different. Heck, it could be as simple as only having one browser, and people can "watch" that browser from another PC using VNC or a similar tool.
There are usually multiple ways to meet a business need without focusing on difficult technical requirements. It's the business need that matters. and if you can find another way to meet it, you won't need to spin your wheels on this type of question.
As an added note, it makes me cringe to hear that you're even looking for "how to do this" without understanding why. Getting the requirements right is SO important in development. Most projects fail because the communication of requirements was not adequate.
What you want to do looks like 'shared browsing' or 'follow-me browsing'.
There are some questions that need to be asked :
do you want to do this with or without installing some sort of browser plugin or application ?
is the 'shared browsing' done only on a web application that you develop or do you need to browse to remote websites where you cannot add code.
If the web application can be modified, you could have all clients:
Send all actions they do a server ( #id1, click )
Poll the server for a list of actions that need to be triggered ( jQuery('#id1').click() )
If only one of the client is "master" and all the others are slave, it should be easy enough to synchronise everyone.
In a multi-master setup, synchronisation will be a little more complicated, and then maybe you will be re-developing Google Wave ;-)
Now if you need to be able to do shared browing over any website, thats a lot more complicated. Even more complicated if your solution needs to work cross-browser. You will need to develop extensions for each supported browser or native applications for all supported OSes. I advise you to look for existing solutions that already do have the shared browsing feature. You can also take a look at the VNC family of solutions (full desktop control).
I hope this will help you,
Jerome Wagner
Boring background:
I have been working with UltraVNC to control some PC's at work and it does the job great but in order to simplify things I created a program that interfaces with it in C#. Basically I take advantage of the commands the viewer offers to connect, control, watch or transmit to each PC.
Problem is anyone can access the PC's since it has one main account (no domain controller). I need everyone to sign for the PC before they can use it, so to make my job easier I open each PC and block the inputs + blank the screen that way there obligated to sign before use.
Opening each pc and press the block button can be hassle especial when you’re helping someone and a user leaves, others come (btw I work at an electronic library). UltraVNC doesn’t have a command for this; it’s been requested but I don’t think it’s much of a priority for them and the code seems very intimidating for a novice like me so I thought I could try a hack to get what I want.
Problem: I want to “click” a button in a program I use, from an application that I am building in c#. I can currently use the process class to get the handle and identify the specific window I want to use but I have no way to find the button handle which I read is what I need. I found stuff about using findwindow and sendkeys for this but I don’t see how that’ll work unless the button had a keystroke assigned to it which it doesn’t.
So can anyone point me in the right direction?
Why not use something like Eficium Cybercafe SurfShop to achieve what you want? After teh user finished you log the session out, and before someone can log in, they have to sign in.
I have a simple contact us / comment from in my website and this form will send email containing the comments, etc after it is submitted. I have used NoBot control from ajaxcontrol toolkit for several times but it seems that this control did not prevent the spam/bot attack 100%.
The client insist that this form should not have any capcha code or something that users have to insert in the form. So what is the best way to handle the spam/bot attack for my current case.
Thanks.
Without a captcha there is no 100% way of stopping all spam. (or even with a captcha)
one method would be to put an input type=text on the page and hide it using css, then if it's filled in when the form is submitted it's spam, any normal user would never even know about the field.
Outside of a captcha, the key to stopping bots on small sites is to do something custom. Bot-writers know their work, and they'll have canned scripts capable of defeating the common and even most of the uncommon systems out there. You need to do something unique. It doesn't even have to be that complicated. The person who created this very site was able to get by running a popular blog for years by simply asking his users to type in the word orange.
I want to also point out that this doesn't mean you should start from scratch. As with all security-related code, if you try to do it yourself you'll likely get it wrong. What you want to do is find a system that gives you source code and customize it for your site, so that existing scripts that know how to defeat that system will no longer work.