Using Fireshark to Analyze Malicious Websites

Presented at REcon 2010, July 11, 2010, 9:20 a.m. (20 minutes)

In this 20 minute presentation I will review an open-source tool I've written called Fireshark. Fireshark was written for researchers and security enthusiasts to help in reversing malicious website content, be it by the hundreds, thousands are simply a single URL. It enables a view of all aspects of a compromised or malicious website, tracking network requests/responses JS function calls and storing the screen shot, source code, and normalized deobfuscated source code/DOM view.

Presenters:

• Stephan Chenette
  Stephan Chenette is a Principal Security Researcher for Websense Security Labs working on malcode detection techniques. His specialty is in writing research tools and investigating next generation emerging threats. He has released public analyses on various vulnerabilities and malware. Prior to joining Websense, Stephan was a security software engineer for 4 years working in research and product development at eEye Digital Security.

Links:

• https://recon.cx/2010/speakers.html#fireshark
• https://recon.cx/2010/slides/RECON2010_schenette_FIRESHARK.pptx