Debugging proxy tuning for fun and profit
By Peter Volkov
Still using wireshark for HTTP debugging/analysis?
Use appropriate tools!
JScript based scripting engine
Fiddler script basics
My favorite use case:Where did this @$%^ came from?
Easy case:
But what if plaintext search doesn’t help?
Inspect all these 60+ js from 10+ hosts manually?
Fiddler script basics
Fiddler script basics
Go get some exploit kits regexps onhttp://www.malwaresigs.com/
Dyndns, .in, .cn, etc
http://mirror1.malwaredomains.com/files/dynamic_dns.txt
Setting referrer
Disabling HTTP cookies
Download ‘em all!