Xem mẫu
- THE VPN BROWSER USING C#
SVTH: Trần Xuân Quyết
GVHD: THS. Luyện Thu Trang
Tóm tắt - Bài báo này xem xét ứng dụng của ngôn ngữ C # trong việc tạo trình duyệt web
‘QvsQ’ sử dụng CefSharp và VPN. Hiệu suất của ứng dụng được kết nối Internet, được cải thiện
để hiển thị nội dung của tất cả các trang web nhanh hơn, không bị lưu trữ thông tin riêng tư của
người dùng và có hầu hết các chức năng của trình duyệt web thông thường.
Abstract - This paper examines the great application of C# language in creating a web
browser ‘QvsQ’ using CefSharp and VPN. The performance of the application is connected to the
Internet, improved to display the content of all websites more quickly, not stored the private
information of the user and has most of the function of the normal web browser.
Keywords: QQ-Browser, the web browser, .Net Framework, C# language, CefSharp,
winform, VPN and sqlite.
I. Introduction
Nowadays, browsers like Google Chrome or FireFox manage Ram that way to offer
better stability and faster speeds. But they still use a lot of RAM. At least, in many cases,
it appears to be using more RAM than other browsers. The main reason for running each
process separately is stability. When they use too much memory, it limits the amount
available for other programs. It limits the amount available for other programs. When it
comes down to it, for example, Firefox of usage is a problem if it slows your computer
down, be that the browser or your entire system. However, QQ-Browser is the fast open
source C# web browser there is! Slightly faster than Google Chrome or Firefox when
rendering web pages due to lightweight CEF render and save the memory and these do not
gather private information of the user and the routine when the user uses the Internet, as
well.
Moreover, with the explosion of the internet, people are going through a revolution
of information technology, which brings us many benefits such as the ability to access
huge knowledge resources, as well as networkization all activities of life such as banking,
payment. However, it also comes with many risks by hecker attack with malicious intent
as well as information of other users being exploited and exploited with malicious intent.
So being able to conceal information when joining the network is now very important and
that is also why we should integrate VPN into user browsers.
II. Methodology
A. Programming Language
C# was created by Microsoft in 2000, it stay in the root of the C family of languages
and be similar to Java, C, C++ and Javascript programmers. These is the best common
languages in the world and the best attractice and effective of this language are object-
23
- oriented and component-oriented which will provide language constructs to directly
support these concepts, many types of secure and robust application that run in the .Net
ecosystem. All the application created by C# is absolutely friendly with all the window
operation system and do not need install support softwares except .Net Framework.
Therefore, in my project, I use C# as a platform to solve the normal logic like split the
string, clean the URL, create a new tab or new window and check content of html.
B. Windows Forms
Winform is built base on the C#, the windows form application execute on the
computer and show the GUI which help user can easy interact. These is the reason, I use
winform to build the interface for QvsQ browser with many components corresponding
function like the screen to display html content, setting box and block link dialog.
Firgure1. The interface of browser built by Windows Form
C. CefSharp
CefSharp or Chromium Embedded Framework is an open-source software
framework for embedding a web browser within another application, especially in C#
applications. Instead of using Web Browser which is available in winform because these
execute very slow and dose not support to much, particularly HTML5 and CSS3 content
of websites, but CefSharp is an easy way to embed a full-features standards-compliant
web browser into C# application more quickly and execute all the features in a websites
include HTML5, CSS3 and all JS and JS framework as Angular and another as well.
CEF 3 is a multi-process implementation based on the Chromium Content API and
has performance similar to Google Chrome [1]. It uses asynchronous messaging to
24
- communicate between the main application process and one or more render processes. It
supports PPAPI plugins and extensions, both internal and externally loadable. The single-
precess run mode is not support, but still present; currently is being used for debugging
purposes only [2].
Firstly, to use CefSharp after embedding to your application, we need to initialize
CefSetting to open the licence for executing framework by this code:
Firgure2. Code for enable CEF
Secondly, with all the new version of CEF, people can run the free video, it means
the browser just only receive and play only the video with no H 264 licence or nothing to
show,for example, videos in Twitter and Facebook .Therefore, it is important to repair the
compile option to support “proprietary codecs” was moved. The magic will happen here:
“Set GN_DEFINES=is_official_build=true proprietary_codecs=true
ffmpeg_branding=Chrome”
There are two batches file that needed to updated or created:
Firgure3. Batches for enable H 264 Licence in CefSharp
D. VPN (Virtual Private Network)
A virtual private (VPN) creates private network in public internet connection which
will help you online privacy and anonymity. A VPN is a service that creates an encrypted
connection from your device to a VPN server through your Internet connection. Think of
it as a tunnel through a mountain, in which your Internet service provider (ISP) is the
mountain, the tunnel is the VPN connection and the exit is to the World Wide Web [3].
VPNs hide internet protocol (IP) address so the most of online actions are not virtually
traceable and the services will establish secure and encrypted connections to provide. You
can hide your activity and location on the internet to avoid tracking (especially on public
WiFi networks), online and free web browsing, safe and anonymous torrent download
25
- without any slowdown. The most common VPN data will be encryted based on AES
algorithm and Blowfish algorithm.
Figure 4: The VPN turnel [3]
E. Sqlite database
SQLite database is similar with SQL database; it provides a relational database
management system. However, Lite in SQLite means lightweight that can be easy to
setup, manage the data, database administrator and required resources. The noticable
features of SQLite are self-contained, transactional, zero-configuration, serverless. Beside,
we can store any value in any columns beacause SQLite own dynamic types for the entity
and it is capable of building in-memory databases that can help software quickly to work
with.
In my project, I choose SQLite Database because of the speed of query data and the
lightweight setup, to manage all the hyperlink which person use to search information in
the Internet, to store bookmarks and bury the block link.
Firgure4. The E-R Diagram of browser with SQLite database
26
- F. Requirements
First, this is a webrowser, so an internet connection is apparent in the computer and
QvsQ was created base on C# that need to be executed on the .Net Framework platform.
Without these, the application can not run or do nothing. Here are the PC specs for QvsQ-
Browser:
OS – Windows 7 32 bit (SP1) or Windows 7 64 bit (SP3) or higher version of
Microsoft Windows
• CPU – Intel Core i3-3340 or more
• RAM – 1GB
• Hard Drive Storage – nearly 500MB
• Graphic/Video Card – No
• Requied Software - .NetFramework 4.0.6 or higher
III. Implementation
A. GUI
Winform will be used to create the GUI with 2 parts: mainform and blockform. In
Main Form, the content of websites will be shown in here, it contains all button,
component and icon which delegate each distinct functions.
Firgure6. The MainForm design of browser
In blockform, it is designed following CRUD (create - read – update – delete) and
use to display or setup the link of websites you do not want to go in or avoid. I do not
integrate the blockform and mainform into one form because these help the program avoid
overloading when we open setting box which contain many function like show history,
setup search engine and others, reduce speed of application.
27
- Firgure7. The BlockForm design of browser
All the GUI functions relate to history, bookmarks, block’s link still connect to
sqlite database and display the data to Data Grid View object with a type of table.
Basically, all the functions in QvsQ are mostly the same as other browsers, but in
this project we want to emphasize some functions which are complexity to solve and
improve efficient operation.
B. Searching information
With searching information function, it stays in the searching box of the header’
MainForm. Here, we need to identify the strings so that the search engine can recognize
which text is to be saved to the database, the address of localhost as well as automatically
add “http” or “https” strings when we try to search information. The address of the
returned result otherwise the characters "qvsq" (localhost address) will be automatically
saved as an event of history or bookmark of websites or block's link of websites. Class
Link.cs, SetFormUrl (url) and LoadURL (url) will show you more detail about code.
C. Downloading Files
With downloading file, this is the one of the best complexity function in the
application; by DownloadHandler class which helps the program can receive the file from
server. After clicking to download link, it starts by opening a tcp connection to the server.
It sends a SYN and wait foir SYN/ACK then send ACK back and connection is open and
ready for http with the structure:
28
- Firgure8. The structure of http [4]
The data is plit into packets by tcp and application will send ACK for every packet
to verify that you received, otherwise, server will send the packet. Browser will open a
save dialog box, you can change name file to save it on computer.
D. Cache Storage
To ensure it is not exploited by any individual or organization, all human
information such as name, gmail and especially passwords, ... used in QQ will not be
stored in the database. A good browser is not a data mine to exploit although it can create
some inconvenience in terms of user interaction with the browser as well as websites but it
is a necessary sacrifice for the absolute safety. However, we will not completely remove
the browser's ability to retain information, we will save the login ability, it is also known
as a maintain login state like Facebook, we will not need re-enter the password many
times but directly use it. It will not save the password in plain text and automatically log
us in, instead it keeps the login state in session form, when we access the website it will
simply pull out the session already is saved and executed instead of having to store and
run the login. This is especially useful against data stealing attacks like MITM (Man in the
Middle) or keylogger.
With storing session of login, QvsQ browser will not store the plain text of password
or any kind relate to private information of client which use to login account. Instead of
this, we use session to store login status. By using CefSettings, cache data will be saved on
disk. “Incognito mode” will open, if empty. HTML5 databases such as localStorage will
persist across sessions if a cache path is specified or via the
RequestContextSettinggs.CachePath value we can overriden for CefRequestContext
instances. Memory caches store data locally on the computer that and browser runs on.
When it works, the resource that retrieves ares saved in its random access memory (RAM)
or its hard drive. The next time the resources are needed to load a webpage, the browser
pulls them from the cache rather than a remote server, which make it quicker to retrieve
resources and load the page.
29
- Firgure10. Process of Cache Memory [5]
However, nothing is absolute, there are downsides. Caching can improve browser
performace, but it also risks for confidential user or sensitive information being exposed to
cyber criminals. Caching data could result in authentication data, browsing history, or
session tokens in beingg vulnerable, especially if a browser is left open or if another user
has access to your computer.
E. VPN
Think about any time you read email or check you bank account, all data transmitted
session which can be easy to capture by stranger using same network. It is really a huge
trouble. VPNs essentially create a data tunnel between your local network and an exit
node in another location. VPNs use encryption to scramble data as it is sent over the
network. Encryption makes the data unreadable. Your search history is hidden. That's
because your web activity will be associated with the VPN server's IP address, not yours.
Search engines also track your search history, but they will associate that information with
an IP address that is not yours.
All the data will be decrypted by AES which is an iterated block cipher in which
plaintext is subject to multiple rounds of processing, with each round applying the same
overall transformation function to the incoming block [6].
30
- Figure 11: The overall structure of AES for the case of 128- bit encryption key [6].
At the first time, data in AES encryption cipher is substitution using substitution
table, after that transformation shifts data rows to mix columns. Then, it is performed on
each column using different part of the encryption key. With long data, we need more time
and round to complete.
Browser can be improved wrap-drive performanace. Leverage the slick Chromium
web browser for a buttery-smooth user experience. CefSharp outperforms every other C#
web browser control, including GeckoFX, OpenWebkitSharp, WebKit.NET and
Awesomium. CefSharp initializes in
- much which helps the computer work slowly and not have any weight symptoms which
can affect other processes. QvsQ can not store any private information of clients; it just
keeps the login session of the account when clients log in some website like Facebook,
beside the ability to block websites. More challenging with C# browser with CefSharp
such as solve the adware which appear at the anonymous websites, skip ad on the video in
youtube and support work with VPN or hide the ip address of clients when they use
computer to connect to the Internet to make it more secure for the client or can prevent
some kinds of attack like MITM (Man in the Middle) by encrypt all the action in the
browser before they transmit or can automatically detect the adware and malware which
appear in the weird websites. In the future, the QvsQ Browser can be applied in the lab or
is a platform for other secure web browsers.
REFERENCES
[1] "bitbucket," 16 November 2017. [Online]. Available:
https://bitbucket.org/chromiumembedded/cef/wiki/Architecture.md#markdown-header-
cef3. [Accessed 4 May 2021].
[2] [Online]. Available: https://www.chromium.org/developers/design-
documents/process-models#TOC-Single-process.
[3] J. Low, "webhostingsecretrevealed," 8 March 2021. [Online]. Available:
https://www.webhostingsecretrevealed.net/the-a-to-z-vpn-guide/. [Accessed 7 May 2021].
[4] T. Tydal, "quora," [Online]. Available: https://www.quora.com/How-does-
downloading-of-files-work-on-
browsers?fbclid=IwAR3f90zwiD4CaV2sjlELflxChdjHgR_Ws3KFflfJkW0H2sUyPnWY
WjqfAdU.
[5] shingaridavesh, "engineersgarage," 31 october 2011. [Online]. Available:
https://www.engineersgarage.com/how_to/how-cache-memory-works/. [Accessed 8 May
2021].
[6] A. Kak, "AES: The Advanced Encryption Standard," “Computer and Network
Security”, p. 7, 11 February 2021.
[7] "cefsharp," [Online]. Available: https://cefsharp.github.io/.
[8] Anonymous, "tutorialspoint," [Online]. Available:
https://www.tutorialspoint.com/internet_technologies/web_browsers.htm.
[9] Anonymous, "researchgate," [Online]. Available:
https://www.researchgate.net/figure/Sequence-diagram-of-a-Web-
application_fig1_3188481.
32
nguon tai.lieu . vn
