<2017 May>
SunMonTueWedThuFriSat
30123456
78910111213
14151617181920
21222324252627
28293031123
45678910

On this page...

Search

Links

Member of...


ASP Insiders

MVP Visual Developer ASP/ASP.NET

Enter CodeZone

Blog Categories

Microsoft

Blogroll

Deutsche Resourcen

Management

Sign In
 

#  Wednesday, 28 February 2007

Fiddler is a HTTP debugging proxy. Although it is easy to use (a very good thing!), it is also very powerful. Point in case and why I am writing about it today is that I stumbled across a drive-by-download site (stumble is the wrong word, the URL came with what seemed like a phishing mail and that piqued my interest):

That site is actually quite clever though: when you go there the second time, it detects that it tried to infect you before and tells you that your IP is blocked. And it doesn't send a peep to a browser other than IE. Plus - and that takes the biscuit - it also verifies the referer.

But I still wanted the code, so I reset my router and started Fiddler:

Although Fiddler has tons more features, this did the trick for me in this case (if you want to learn what Fiddler can do, look here).

So what's the obfuscated script about? The short version: it is a variant of the ASUS download server drive-by download incident. The actual code can be found in a discussion on our German .NET community site here.

Categories: Cool Download | Security | this
Wednesday, 28 February 2007 15:26:38 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 



Comments are closed.

© Copyright 2017 Christoph Wille

newtelligence dasBlog 2.3.9074.18820
Subscribe to this weblog's RSS feed with SharpReader, Radio Userland, NewsGator or any other aggregator listening on port 5335 by clicking this button.   RSS 2.0|Atom 1.0  Send mail to the author(s)

 
Don't contact us via this (fleischfalle@alphasierrapapa.com) email address.