.

Fireshark Plug-in

<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Mon Apr 19, 2010 3:52 pm

Fireshark Plug-in

Couple weeks ago I saw a post about Fireshark from the EU Blackhat conference.  Has anyone else took a look at it?  Current release is beta (fireshark.org) and documentation is lacking until the developer posts it.

Anyway, just wonder if anyone else has given it a shot.  I tossed mine on a VM of XP SP3 w/ latest Firefox and can't for the life of me figure out how to get it to run.  Mainly where to put the data file.  Directions state "Home Directory."

Also if anyone has gotten it to run, got any fun recommendations of suspicious sites to run it against?

Thanks!
Certs: GCWN
(@)Dewser
<<

n1p

Jr. Member
Jr. Member

Posts: 89

Joined: Tue Mar 16, 2010 5:31 pm

Post Mon Apr 19, 2010 5:20 pm

Re: Fireshark Plug-in

It should work in C:\Documents and Settings\username\data.txt on XP. Linux would be /home/username/data.txt

Give that a try and report back. If you want to run it against some malicious sites. Just go to google and locate some of the malicious ones are there. Quite a few!

I also use Malware Domain List.... Ensure you are in VM though and hardening has been applied.
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Apr 20, 2010 8:00 pm

Re: Fireshark Plug-in

Worked like a champ.  Now just need to get some sites to test against.  Was at work so didn't want to tempt fate too much.  Also made sure I did some snapshots before running it.  newb question, what else should I do to harden the system?  I switched my main user to a normal user, renamed the admin account and made sure everything had a password.  Also have some AV on it.  Threw on MS Security Essentials since its free and it would be interesting to see how it works.  Think I will mess with it more over the weekend.
Certs: GCWN
(@)Dewser
<<

n1p

Jr. Member
Jr. Member

Posts: 89

Joined: Tue Mar 16, 2010 5:31 pm

Post Wed Apr 21, 2010 5:13 pm

Re: Fireshark Plug-in

Have a look at http://honeyclient.org/trac/wiki/VMHardeningGuide to further reassure you. Although, I would imagine you are ok as it is. The AV on the virtual machine may not let you run malware on it. I usually dont have one for my malware lab.
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Wed Apr 21, 2010 7:46 pm

Re: Fireshark Plug-in

Thanks n1p!  I'll have a look.
Certs: GCWN
(@)Dewser

Return to Tools

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software