Sign in to follow this  
Followers 0
Farelf

Probing risky sites

6 posts in this topic

Brought over from another topic:

...To track down spammers websites has been quite easy for me... I have got them by using:

http://web-sniffer.net

Excellent. Another utility to use (without the 'arms-length' anonymity of a web-based utility but still quite safe IMO) is Steve Gibson's ID Serve. This is tiny (28k - written in Complier), independent of browser and fast. It can actually query any port (eg news.spamcop.net:119 or news://news.spamcop.net) but port 80 (HTTP) by default. A fast-flux bot-net hosted http://wk0.tabl-online.com discussed in another topic 'instantly' yields (amongst other information)

Location: http://www.discountmedstablets.net

What is being discussed specifically is getting detail and re-direction (if present) from spamvertized sites without going to the sites and exposing your browser to any exploit that may be lurking there (and thence, potentially, the compromise of your machine).

Needless to say the spam should not be opened to get that bad URL address - use "view page" without opening it, or the SpamCop report that contains it.

There are two tools mentioned in the original discussion which should be useful for the 'looking-without-exposing' exercise - the web-based web-sniffer and the stand-alone idserve.exe.

Share this post


Link to post
Share on other sites
There are two tools mentioned in the original discussion which should be useful for the 'looking-without-exposing' exercise - the web-based web-sniffer and the stand-alone idserve.exe.

I will add to the list cURL (http://curl.haxx.se/), which fetches files of all sorts in various protocols, including HTTP. You can use the "-i" option to get it to print the HTTP headers, which often contain the HTTP-level redirections. It does not execute scripts or follow redirections, so it is much safer than a conventional browser. It is open-source, free, and runs on Windows, Unix, Mac OS, etc.

Here's some info on how you can use curl (or any other similar app, really) for looking at spam websites:

http://www.rickconner.net/spamweb/tools-curl.html

-- rick

Share this post


Link to post
Share on other sites
...Here's some info on how you can use curl (or any other similar app, really) for looking at spam websites:

http://www.rickconner.net/spamweb/tools-curl.html

That's great Rick, thanks. Open-source is great, some folk will touch nothing else (and with some justification).

Share this post


Link to post
Share on other sites

'wget' linux tools also do the job. It can download a single web page, follow or not redirection, a whole web site with all its structure silently, cheating on web client identity, using random timeout, configurable retry, limiting dept, bandwidth, ...

wget is opensource and exist already compiled for Win32 too

java scri_pt interpretation can be optionally done using:

1 - Gecko Spidermonkey TraceMonkey

http://en.wikipedia.org/wiki/SpiderMonk ... ipt_engine)

http://www.mozilla.org/js/spidermonkey/

can decode all scripts. Is opensource and crossplatform.

2 - Webkit java scri_pt engine "SquirrelFish Extreme" abbreviated SFX can decode all scripts, is opensource and crossplatform too, newer and faster than spidermonkey.

http://en.wikipedia.org/wiki/Webkit#JavaScriptCore

http://webkit.org/

Both are in LGPL Library/Lesser GPL license that permit use in closed source code too.

You can find a list of all the engines here:

http://en.wikipedia.org/wiki/JavaScript_engine

Both can decode all the java scri_pt scripts because are the real engines that are in the browsers.

If spammers write the redirection with Mozilla, and hope users use Mozilla as browser, then you got the same exact results, same redirected URL.

Edited by efa

Share this post


Link to post
Share on other sites

Seems like a lovely suite of tools there efa - thanks.

Share this post


Link to post
Share on other sites

Just installed Sandboxie, will give it a run on the occasional suspect website and e-mail attachment. The free version has just about everything needed, subject to a nag screen after 30 days, and default installation covers most of those needs - with straight-forward configuration options if more is needed.

FAQ - http://www.sandboxie.com/index.php?FrequentlyAskedQuestions

An outside introduction and quick guide recommended by Sandboxie - http://www.techsupportalert.com/content/in...e-sandboxie.htm

Sandboxie has been mentioned "here" (by member Lodewijk) before, just not in this forum section. Googling reveals an enthusiastic user base (Windows) though it is not open-source.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0