Jump to content

Probing risky sites


Recommended Posts

Brought over from another topic:

...To track down spammers websites has been quite easy for me... I have got them by using:

http://web-sniffer.net

Excellent. Another utility to use (without the 'arms-length' anonymity of a web-based utility but still quite safe IMO) is Steve Gibson's ID Serve. This is tiny (28k - written in Complier), independent of browser and fast. It can actually query any port (eg news.spamcop.net:119 or news://news.spamcop.net) but port 80 (HTTP) by default. A fast-flux bot-net hosted http://wk0.tabl-online.com discussed in another topic 'instantly' yields (amongst other information)

Location: http://www.discountmedstablets.net

What is being discussed specifically is getting detail and re-direction (if present) from spamvertized sites without going to the sites and exposing your browser to any exploit that may be lurking there (and thence, potentially, the compromise of your machine).

Needless to say the spam should not be opened to get that bad URL address - use "view page" without opening it, or the SpamCop report that contains it.

There are two tools mentioned in the original discussion which should be useful for the 'looking-without-exposing' exercise - the web-based web-sniffer and the stand-alone idserve.exe.

Link to comment
Share on other sites

There are two tools mentioned in the original discussion which should be useful for the 'looking-without-exposing' exercise - the web-based web-sniffer and the stand-alone idserve.exe.

I will add to the list cURL (http://curl.haxx.se/), which fetches files of all sorts in various protocols, including HTTP. You can use the "-i" option to get it to print the HTTP headers, which often contain the HTTP-level redirections. It does not execute scripts or follow redirections, so it is much safer than a conventional browser. It is open-source, free, and runs on Windows, Unix, Mac OS, etc.

Here's some info on how you can use curl (or any other similar app, really) for looking at spam websites:

http://www.rickconner.net/spamweb/tools-curl.html

-- rick

Link to comment
Share on other sites

'wget' linux tools also do the job. It can download a single web page, follow or not redirection, a whole web site with all its structure silently, cheating on web client identity, using random timeout, configurable retry, limiting dept, bandwidth, ...

wget is opensource and exist already compiled for Win32 too

java scri_pt interpretation can be optionally done using:

1 - Gecko Spidermonkey TraceMonkey

http://en.wikipedia.org/wiki/SpiderMonk ... ipt_engine)

http://www.mozilla.org/js/spidermonkey/

can decode all scripts. Is opensource and crossplatform.

2 - Webkit java scri_pt engine "SquirrelFish Extreme" abbreviated SFX can decode all scripts, is opensource and crossplatform too, newer and faster than spidermonkey.

http://en.wikipedia.org/wiki/Webkit#JavaScriptCore

http://webkit.org/

Both are in LGPL Library/Lesser GPL license that permit use in closed source code too.

You can find a list of all the engines here:

http://en.wikipedia.org/wiki/JavaScript_engine

Both can decode all the java scri_pt scripts because are the real engines that are in the browsers.

If spammers write the redirection with Mozilla, and hope users use Mozilla as browser, then you got the same exact results, same redirected URL.

Link to comment
Share on other sites

  • 3 years later...

Just installed Sandboxie, will give it a run on the occasional suspect website and e-mail attachment. The free version has just about everything needed, subject to a nag screen after 30 days, and default installation covers most of those needs - with straight-forward configuration options if more is needed.

FAQ - http://www.sandboxie.com/index.php?FrequentlyAskedQuestions

An outside introduction and quick guide recommended by Sandboxie - http://www.techsupportalert.com/content/in...e-sandboxie.htm

Sandboxie has been mentioned "here" (by member Lodewijk) before, just not in this forum section. Googling reveals an enthusiastic user base (Windows) though it is not open-source.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...