- This topic has 7 replies, 4 voices, and was last updated 8 years, 6 months ago by
.
-
Posts
-
-
Hello,
It’s been a long time since I last posted on EHNet. Some of you might remember me and some might not. To cut the long story short, I got selected in one of the best universities of my country for MS and currently pursuing research in IT Security.
For one of my research projects I need obfuscated javascript samples: both malicious and harmless. I was thinking if I could get samples from any of the EHNet members or if any of you could direct me to some resource where I could get the samples.
If you want to share samples, kindly message me on EHNet and I will provide you my email address.
Note: Please do not ask for my email if you have only 1-2 posts here on EHNet. I will only provide the email to members I trust or members I can trust.
Regards,
Equix3n -
An older example I’d posted:
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,7988.msg42741/#msg42741
Hope it helps.
-
Also, albeit simple, you could grab pretty much anyone’s javascript (non-evil) and run it through an obfuscation tool like:
http://www.javascriptobfuscator.com/
and present that as one of your samples…
-
@hayabusa
Thanks. I highly appreciate it,
The thing is that I need not one or two but a few thousand samples found in the wild. Generating them individually would consume a lot of time. That’s why I was asking if someone already has a database maybe they could share it. -
Well, your post didn’t ask for a few thousand… 😛
I’m not sure if there’s a definitive source of a few thousand examples, that anyone can point you to, offhand… But if they can, I’d be interested to see that, too, if for not other reason than to study ‘other’ methods that I haven’t seen.
Edit – looking for that many, might I assume your project is to try to create some sort of tool to spot them?
-
If I’m wanting to quickly analyse some JS in the wild I usually turn to Wepawet. I’ve no affiliation with the service but it couldn’t hurt to get in touch with the team there to see if they’re willing/able to provide access to some of their samples?
Alternatively, some of Wepawet’s reports can be accessed based on md5 hash of the content (I found this report via a quick google search for example). I’ve not read their Ts&Cs so use at your own risk, but a quick Google Dork of:
site:wepawet.iseclab.org intitle:report inurl:’type=js’
is currently returning >15k results
Unfortunately Wepawet’s report format only lists the de-obfuscated operations rather than the original source so may not be exactly relevant to your needs, but you could always use the listed report targets to grab any scripts that are still live yourself.
Hope this helps, good luck with your project.
-
@Andrew
Thanks. I will ask Wepawet if they are willing to share their samples.Alternatively, I am now trying to use heritrix web crawer to get the samples.
-
Not sure if you can see recent submission on iseclab’s wepawet site. Here’s another one work a look, use the search feature to grab more recently checked URLs
http://urlquery.net/search.php?q=.&type=string&start=2012-09-24&end=2012-09-26&max=50
You might need to sift through some of the lower repped results to get some obsfucated javascript. And they may still be up.
Congrats, enjoy your studies!
-
- You must be logged in to reply to this topic.
