(The quickest way to register)

Forum

Dear visitor! The webpage is only available in English. We're sorry for the inconvenience.
  1. User picture
    • wiki131wiki on Thu 15 Oct 2009
    • 10:38:03 PM UTC

    Testing sites

    How do you test sites?

Comments:

  2. User picture
    • jpvip on Thu 15 Oct 2009
    • 11:43:16 PM UTC

    Three solid ways

    1. Use SandboxIE: sandboxie.com
    2. Use a virtual machine. virtualbox.org
    3. Use a test computer that only is used for testing.

    ~DragonMaster Jay, malware researcher,
    Admin, helpmyos.com
  3. User picture
    • g7w on Fri 16 Oct 2009
    • 03:18:11 AM UTC

    re: Testing sites

    That depends on what you are testing for.

    -------
    WOT Services Ltd. - gives us safety through Web of Trust.
    WOT Community - gives us security through unity.
    Thank you all
    - G7W
  4. User picture
    • MysteryFCM on Sat 17 Oct 2009
    • 03:37:43 PM UTC

    ......

    Step 1: SOURCE SOURCE SOURCE

    Always check the sites source code BEFORE loading it in a browser (if you see malicious content in the source, you can usually forgoe actually loading it, and proceed directly to analyzing the malicious content)

    http://vurl.mysteryfcm.co.uk
    http://web-sniffer.net
    http://malzilla.sourceforge.net

    Step 2: Wepawet is your friend

    I generally run them in my browser with scripts enabled, but ActiveX disabled, but if you don't have a throwaway system, then run it through Wepawet instead (there's also JSUnpack for JS stuff)

    Step 3: Executable content is NOT your friend

    Before running executable content or flash files from a suspect site, run it through VirusTotal, Anubis, Wepawet etc etc. There's also alot of options for analysis you can use such as unpacking flash files, unpacking executables, analysing executables (e.g. FileInsight). If you can fully analyze it without running it - then do it (obviously, if you've got a throwaway system, then running it is fine aslong as you've got the required monitors in place for registry/file system monitoring, traffic monitoring etc etc etc).

    There's obviously alot more to it than that, but I am pressed for time, so in the meantime;

    Additional reading from myself and Tom;

    http://temerc.com/forums/viewtopic.php?f=27&t=5703

    I don't use VM's or sandboxes myself as real victims don't, and alot of the newer malicious content is VM/sandbox aware, so it will usually either refuse to run unless it's a real system, or perform differently. But that's just me.

    Regards
    Steven Burn
    Ur I.T. Mate Group / hpHosts
    it-mate.co.uk / hosts-file.net
    • User picture
      • g7w on Sat 17 Oct 2009
      • 04:42:56 PM UTC

      good advice

      But to quote YoKenny, I love the smell of burning malware in the morning
      So I just "dive right in"
      ;-)
      -------
      WOT Services Ltd. - gives us safety through Web of Trust.
      WOT Community - gives us security through unity.
      Thank you all
      - G7W
  5. User picture
    • jpvip on Sat 17 Oct 2009
    • 09:36:16 PM UTC

    malzilla?

    I did not hear about that. Cool. I will try it out myself, MysteryFCM, thanks.

    ~DragonMaster Jay, malware researcher,
    Admin, helpmyos.com
  6. User picture
    • Delan Azabani on Sat 17 Oct 2009
    • 11:48:51 PM UTC

    How would you go about

    How would you go about viewing the source code without rendering the page? wget? I'd use wget to save the page without rendering it, but what about Windows folk?
  7. User picture
    • cconniejean on Sun 18 Oct 2009
    • 01:31:57 PM UTC

    I was wondering if anyone

    I was wondering if anyone has tried 'www.returnilvirtualsystem.com/rvs-home-free'?
    • User picture
      • g7w on Sun 18 Oct 2009
      • 03:31:53 PM UTC

      OS cloning

      No, I have not tried it and after reading... I'm not enthusiastic to try.
      I turned off the Windows System Restore (as well as auto update and firewall) because I didn't want extra copies of my OS taking up my HD space.

      Having a 3rd party software to do that, though the intentin is good, seems like overkill - also what if people have auto updates "on"? does your real OS get updated or the copy, or both?

      GeSwall and Avira are my main 2, and sandboxie as well when I decide to look for malware.
      -------
      WOT Services Ltd. - gives us safety through Web of Trust.
      WOT Community - gives us security through unity.
      Thank you all
      - G7W