Fireshark blog http://www.fireshark.org/blog linking the malicious web Sat, 29 May 2010 16:23:13 +0000 en hourly 1 http://wordpress.org/?v=3.3.2 Next version just a bit delayed… http://www.fireshark.org/blog/?p=10 http://www.fireshark.org/blog/?p=10#comments Sat, 29 May 2010 16:04:25 +0000 Stephan Chenette http://www.fireshark.org/blog/?p=10 Originally I had planed on completing the next release by end of May, but it’s looking like it will be more like the end of June now. I introduced more features I want to implement due to the email feedback, Plus i’m aligning the release  around various security conferences that are all happening later in the summer. Stay tuned@! Please keep on emailing me or if you’d like comment in this blog. I’m thinking if the next version has as many downloads as the firt to actuall set up a forum….we’ll see.

]]> http://www.fireshark.org/blog/?feed=rss2&p=10 0 Plans for new version (Fireshark 1.1) http://www.fireshark.org/blog/?p=8 http://www.fireshark.org/blog/?p=8#comments Sat, 24 Apr 2010 15:17:17 +0000 Stephan Chenette http://www.fireshark.org/blog/?p=8 I’m planing by the end of this month to release a new verision of Fireshark. Here are the proposed changes:

  • Report Log will be in JSON format instead of YAML
  • Included in final output will be an HTML report with a redirection graph and ingress/egress graph (many of you said you’d prefer it to be auto-generated for you, this should not be a problem – now you won’t have to use any PERL scripts if you don’t want to!)
  • Current setup requires that you put the data.txt file in your %UserProfile% directory (home directory), I’m going to make this location configurable via the local interface and the network commandd interface.
  • A Fireshark instance running on a machine will be able to accept command via a network socket. The format of the commands will be in JSON format.
  • Include the ability to configure a referral in the options.
  • Include the ability to configure the user-agent in the options.
  • Include the HTTP header information in the report log.
  • Include DOM version of script and static links in reportlog
  • Although it’s in my experimentatl version, I might include in this release the ability to dump the eval and document.write statements.

Update 4/24/2010

  • Include ability to customize where fireshark stores files and reportlog

That’s it for now, let me know if that list makes sense to all of you. Remember Fireshark was built to be 3/4 of what you neeed. It gets the data, I leave the other 1/4 of  the work up to you. You decide what you want to do with that data, at the same time, I want to make it useful for everyone, so that’s what I will auto-generate some basic reports, but please email me at feedback@fireshark.org to let me know what other data might be interesting to dump from Firefox to the reportlog for post-processing.

Thanks,
Stephan
P.S I’m looking for a Fireshark logo, so if there are any of you who are artistic, please send me some proposals and I’ll credit you in a blog entry for it!

]]> http://www.fireshark.org/blog/?feed=rss2&p=8 5 Fireshark 1.0 Pre-release! http://www.fireshark.org/blog/?p=4 http://www.fireshark.org/blog/?p=4#comments Wed, 21 Apr 2010 18:14:53 +0000 Stephan Chenette http://www.fireshark.org/blog/?p=4 I’m still stuck in Spain after Blackhat Europe 2010, but I wanted to quickly send out a message to let everyone know that I have posted the pre-release version of Fireshark in the download section. The documentation and a full release will be happening this month as the pre-release has been posted because I wanted to make sure to give the Blackhat attendees something to play with. In the pre-release version I have removed any of the config options and also made it so that you could only use it locally. The full release will have all the intended features, so don’t worry.  I hope for those of you that couldn’t wait for the full documentation that my quick 2-second explanation of how to use Fireshark was clear. If not, then wait for the videos and full docs coming in the next few weeks!

As I write this from my hotel room in Barcelona, waiting to get back to San Diego, I have managed to check the log files for fireshark.org and I was happily surprised to see that fireshark.xpi (the plugin file) has had over 10,000 downloads!! WOW!@

I have had a few interviews with IDG and I’m sure the press helped quite a bit in terms of exposure, but this tool has been something I’ve wanted to release for quite a while, and I have a lot of plans for it, both as a localized tool and eventually as something you can interact with via a web interface…so stay tuned, lots more to come! …OK, time for me to go out and get some more tapas!

Press:
Fireshark plugin decodes the malicious Web (Jeremy Kirk – IDG)
http://www.pcworld.com/businesscenter/article/194314/fireshark_plugin_decodes_the_malicious_web.html
Mapping the Malicious Web (Rob Lemos – Technology Review)
http://www.technologyreview.com/web/24705/

Blog mentions:
http://www.securelist.com/en/blog/2123/BlackHat_Europe_2010_Conference
http://www.cupfighter.net/index.php/2010/04/blackhateu-fireshark/
http://securitylabs.websense.com/content/Blogs/3578.aspx
http://www.sectechno.com/2010/04/18/blackhat-europe-fireshark-a-tool-to-link-the-malicious-web/

]]> http://www.fireshark.org/blog/?feed=rss2&p=4 1