Ticket #179 (new improvement)

Description

I am creating this ticket partially for historical record and partially to have it in for later.

I think that a low-interaction frontend can speedup the browsing operation by allowing us to not actually load pages which are not flagged as suspicious by the low-interaction system.

In order to make this determination we will first have to integrate it, and then run a study on how many of the links which are found to be truly malicious (through full high-interaction browsing) are also flagged as suspicious by the low-interaction method. If a comparison of false positive/negatives makes it seem good enough, then it should be fully integrated inline before normal browsing.

Possible low-interaction things include

HoneyC http://projects.honeynet.org/honeyc

Spybye http://spybye.org/

MonkeySpider http://monkeyspider.sourceforge.net/

Though quite frankly I think we want to avoid things MonkeySpider which rely on AV as their primary detector as that seems like it will take more time than just going to the site itself…but it all depends, and I mentioned it so I could get rid of the standalone ticket for MonkeySpider. We should primarily be looking for things which detect obfuscated javascript and iframes.

Xeno