RE: SF new column announcement: Time to Dump IE

[Andy Streule <andy.streule () lythamhigh lancs sch uk>]

there a fantastic free scripting language called autoit whose forte is
pressing buttons in programs. it would be well within its scope to read a
list of urls "type" them into an ie window, press go, wait a bit, go again.
if you can work out a list of keypresses to accomplish the task it's a lot
easier than working out the mouse position. 

http://www.hiddensoft.com/AutoIt/

You can also compile the scripts into exe files. 

regards

Andy

============================================
Technical Support
Lytham St. Annes High Technology College
http://www.lythamhigh.lancs.sch.uk

"When you wake up in the morning, Pooh," said Piglet at last, "what's the
first thing you say to yourself?"
"What's for breakfast?" said Pooh. "What do you say, Piglet?"
" I say, I wonder what's going to happen exciting today?" said Piglet 
Pooh nodded thoughtfully.
"It's the same thing," he said. 


> -----Original Message-----
> From: Patrick Diebold [mailto:p.diebold () arcor de]
> Sent: 23 June 2004 12:53
> To: honeypots () securityfocus com
> Subject: Re: SF new column announcement: Time to Dump IE

> Am Mittwoch, 23. Juni 2004 06:08 schrieb Ryan Barnett:
> > In-Reply-To: <82AEE40F-C087-11D8-A255-000A95B25656 () honeynet org>
> >
> > > From: Lance Spitzner <lance () honeynet org>
> > > MODERATORS NOTE:
> > > What would be interesting is using a 'client' honeypot.  
> Take a clean
> > > install of a Win32 system, then have IE on it connect to 
> hundreds of
> > > random websites.  See if any of the websites makes 'unauthorized'
> > > modifications to your 'client' honeypot :)
> >
> > Ahh yes, the HoneyStick idea -
http://www.securityfocus.com/archive/119/289303/2004-06-19/2004-06-25/2
> Good idea.  Anyone have any ideas for automating/randomizing IE to connect
> to sites?
>
> I know that I have been dealing with clients at work who accidently go to
> websites that have trojans such as Debeski -
> (http://vil.nai.com/vil/content/v_101057.htm).  Once my security team is
> notified on this type of virus/trojan issues, we use VMware Windows
> desktops with IE to connect to these same sites and let it infect us to
> study it.
>
> Now the question here is to automate this process and let it act as a
> spider/robot and let it out on the web to see what sites are doing this
> type of exploitation...
>
> -Ryan

***************************************************************************
This e-mail is confidential and privileged.  If you are not the intended
recipient do not disclose, copy or distribute information in this e-mail
or take any action in reliance on its content.
***************************************************************************

***************************************************************************
This email has been checked for known viruses. 
***************************************************************************