twitter |   ||  email | PGP --> harshal @

r00tst1llsabout m3

safe kids | safe home | diy - web content filtering

for months now i was wondering how to have a robust home web content filter. we have kids and we want to ensure that they browse safely. there are two ways either keep on purchasing anti-virus solutions, pay subscriptions or just built something simple at home with a old pc lying around. i chose latter.

with chrome/firefox ramping up security and privacy it was getting difficult to do content filtering reason was "SSL". the purpose of ssl is to ensure that all content flows through encrypted tunnel and is protected at all times. however with ssl proxy you are trying to break the whole purpose of ssl encryption. without decrypting this traffic you cannot do web content filtering and therefore we need to put a proxy that can decrypt the traffic sent to it perform the filtering and then re-encrypt and send it out to the internet.

take a look at following diagram. this is a simple network layout of your home. if you remove the proxy in between thats how our home network looks like. all the devices within you home network directly talk to outside world through your router+firewall. but with that setup you cannot do web content filtering. therefore lets put our man in the middle popularly known as "mitm".

Click to englarge me

so for the starters i created a virtual machine with following specs. its always good to start with a virtual machine so that if anything goes wrong we can quickly start from scratch.

Click to englarge me

once your virtual machine is ready do the following steps.

one thing we have to keep in mind this works today in explicit proxy mode only. what it means is that you will have to set this up at each end user machine. you cannot have this setup in transparent mode.
browser: firefox
setup: preferences->advanced->network->settings
see pictures below

concept and design: harshdevX