Honeypots mailing list archives
RE: SF new column announcement: Time to Dump IE
From: Andy Streule <andy.streule () lythamhigh lancs sch uk>
Date: Wed, 23 Jun 2004 14:06:43 +0100
there a fantastic free scripting language called autoit whose forte is pressing buttons in programs. it would be well within its scope to read a list of urls "type" them into an ie window, press go, wait a bit, go again. if you can work out a list of keypresses to accomplish the task it's a lot easier than working out the mouse position. http://www.hiddensoft.com/AutoIt/ You can also compile the scripts into exe files. regards Andy ============================================ Technical Support Lytham St. Annes High Technology College http://www.lythamhigh.lancs.sch.uk "When you wake up in the morning, Pooh," said Piglet at last, "what's the first thing you say to yourself?" "What's for breakfast?" said Pooh. "What do you say, Piglet?" " I say, I wonder what's going to happen exciting today?" said Piglet Pooh nodded thoughtfully. "It's the same thing," he said.
-----Original Message----- From: Patrick Diebold [mailto:p.diebold () arcor de] Sent: 23 June 2004 12:53 To: honeypots () securityfocus com Subject: Re: SF new column announcement: Time to Dump IE
Am Mittwoch, 23. Juni 2004 06:08 schrieb Ryan Barnett:In-Reply-To: <82AEE40F-C087-11D8-A255-000A95B25656 () honeynet org>From: Lance Spitzner <lance () honeynet org> MODERATORS NOTE: What would be interesting is using a 'client' honeypot.Take a cleaninstall of a Win32 system, then have IE on it connect tohundreds ofrandom websites. See if any of the websites makes 'unauthorized' modifications to your 'client' honeypot :)Ahh yes, the HoneyStick idea -
http://www.securityfocus.com/archive/119/289303/2004-06-19/2004-06-25/2
Good idea. Anyone have any ideas for automating/randomizing IE to connect to sites? I know that I have been dealing with clients at work who accidently go to websites that have trojans such as Debeski - (http://vil.nai.com/vil/content/v_101057.htm). Once my security team is notified on this type of virus/trojan issues, we use VMware Windows desktops with IE to connect to these same sites and let it infect us to study it. Now the question here is to automate this process and let it act as a spider/robot and let it out on the web to see what sites are doing this type of exploitation... -Ryan
*************************************************************************** This e-mail is confidential and privileged. If you are not the intended recipient do not disclose, copy or distribute information in this e-mail or take any action in reliance on its content. *************************************************************************** *************************************************************************** This email has been checked for known viruses. ***************************************************************************
Current thread:
- SF new column announcement: Time to Dump IE Lance Spitzner (Jun 17)
- <Possible follow-ups>
- Re: SF new column announcement: Time to Dump IE Ryan Barnett (Jun 22)
- Re: SF new column announcement: Time to Dump IE Borja Marcos (Jun 23)
- Re: SF new column announcement: Time to Dump IE Patrick Diebold (Jun 23)
- Re: SF new column announcement: Time to Dump IE Nightslave (Jun 24)
- RE: SF new column announcement: Time to Dump IE Andy Streule (Jun 23)