Hi, I have 2 questions to ask:
I currently have an extractor that will extract URLs from public listing sites such as www.malwaredomainlist.com<http://www.malwaredomainlist.com> and I would like to feed the urls that I extracted from such sites into captureHPC. As such, I would like to employ some method to edit the HTTP header such that the referrer field indicates "www.malwaredomainlist.com<http://www.malwaredomainlist.com>". I understand that the HTTP header is generated by the browser, hence I don't think that editing any portion of the captureHPC source code will help (unless I am mistaken?). My current idea is to develop a plugin or proxy DLL for captureHPC such that Internet Explorer always sends out HTTP Referrers with the value I want (i.e "www.malwaredomainlist.com<http://www.malwaredomainlist.com>"). Would that be possible? If so, what are the changes (if any) I need to make to captureHPC in order to incorporate both of them together? The second question is that for some drive-by-download sites, a popup will appear saying "Would you like to download this file?". I would like for captureHPC to respond with a "Yes" all the time, and therefore,download the file and for captureHPC to analyse the downloaded file. For this, my current idea is to create a proxy DLL such that whenever a popup is triggered, it will trigger my proxy's DLL popup function instead, which is to always respond to the pop up with "Yes". I was wondering if any changes need to be made to captureHPC for this, such as to allow the analyser in captureHPC to analyse the file downloaded from the popup etc. Thank you for the help. Regards, Ng Zi Kai
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
