TracNav menu
-
Definitions...
-
FAQ...
-
User Guide...
-
Developer Guide...
-
Methodologies
- Lockdown VM Guide
- Registry Parsing
- Scanning Active Content
- Scoring HTML Links
Honeyclient Active Content Task
The goal of the Honeyclient Active Content task is to be able to extract URLs from different forms of active resources, which can then be used by the Agent to traverse sites which are currently impassable. The active content processor is designed as a set of Perl modules that are called by the agent browser to handle various file types. Currently we only handle Adobe Flash movies, but will later extend our efforts to areas such as AJAX and Java Applets.
The problem we face with active content objects is that, in their consumable form, it is not readily possible to enumerate all of the links contained in the object. This provides a safe and fertile breeding ground for forms of malware that wish to hide themselves from standard methods of identification through web page scouring. In order to extract the URLs from an active content object, we need to apply a transformation to the object to convert it to a parseable form. We then apply a data mining methodology to the transformed object to sift through the information contained within.
We appreciate your feedback and ideas for improving this task.
