How to know which websites are opened by particular device


#1

Hello folks,

I am developing one software where I want to know which websites are opened by particular device and need to store that content in logfile.

can anyone here who can guide me or can send me useful links.

Best regards,
Dhaval Chuadhary


#2

With the push for https-everywhere and SSL/ TLS encryption, that is no longer possible. To some extent it is possible to snoop DNS queries, but even there client-side decisions for, e.g., DoH or dnscrypt can render that moot; with https it's not possible to record the full URL at all, as those are part of the encrypted communication.

--
…unless you control the clients as well and can inject your own MITM certificate to the observed clients and make them use your snooping proxy./small>


#3

Thank you your response, I am very astonished from openwrt support, I wanted to know some below thing.

  1. Internet traffic based on LAN and WIFI traffic
  2. Traffic based on devices
  3. Incoming and outgoing data
  4. Websites visited
  5. Time spent of websites
  6. Date/time of access
  7. Download/upload and packet sizes

Can you Please tell based on your experience how many of thing I can achieve using OpenWRT?

Best Regards,
Dhaval.


#4

Assuming https (ssl/ tls) and no administrative authority and access to the clients.

  1. yes, if you break the lan/ wlan bridge (amount only, not content)
  2. yes (amount only, not content)
  3. yes (amount only, not content)
  4. no - partially, destination IPs only, perhaps augmented with (partial) DNS snooping
  5. no
  6. yes, with the caveats mentioned for 4
  7. yes, with the caveats mentioned for 4

Most common target devices for running OpenWrt (embedded routers) will quite certainly not be able to cope with this (logging verbosity alone) - and analysis and interpretation of the the detailed raw data is a completely different topic. Depending on how far you do want to go, everything beyond 1 and 2 will require exponentially increasing effort - at which point the distribution used on your "router" isn't really a distinguishing factor.


#5

I’ll add to @slh answer for 4, that you can try doing SNI snooping on the http(s) packets.
However even this method is probably only valid for 1-2 years before the proliferation of ESNI (Encrypted SNI) goes full force.

There’s plenty of examples of how to do this in code, and this can be applied to a custom Netfilter module reasonably easily.


#6

What is the reason behind your need to spy on your users (which presumably do not know that they are being spyed on)?


#7

Thank you @slh for your supportive response.


#8

Thanks @lantis1008, I will look in it too.