Debugging proxy tuning for fun and profit

By Peter Volkov

Still using wireshark for HTTP debugging/analysis?

Use appropriate tools!

JScript based scripting engine

Fiddler script basics

My favorite use case:Where did this @$%^ came from?

Easy case:

But what if plaintext search doesn’t help?

Inspect all these 60+ js from 10+ hosts manually?

Breakpoints!

Breakpoints!

Fiddler script basics

Fiddler script basics

Go get some exploit kits regexps onhttp://www.malwaresigs.com/

Dyndns, .in, .cn, etc

http://mirror1.malwaredomains.com/files/dynamic_dns.txt

Setting referrer

Disabling HTTP cookies

Download ‘em all!

The end.