Hi malware fighters,
From the maker of fakebust and the man who published the latest hole in the IE browser now comes the mangle test.
After polonus presented some data fuzzing tests on line, now up to the mangling of html:
Online find it here, but better to download for congestion purposes
: http://lcamtuf.coredump.cx/mangleme/mangle2.cgi
TIP: The mangling is best enjoyed by repeatedly press F5 to
reload the page with altering requests and random output.
It is just some sharp snippets of html, some java script, nothing else to test the browser stability. Experiment and enjoy.
I gave the TamperData add-on in the FF browser a whirl, and this is typical:
STYLE=“&”-1361362388";" GUTTER=““><³FRAME SCROLLING=”-1687390600"SCROLLING=“_blank” STYLE=*****><CENTER STYLE=“-62853840” onLoad= onLoad=&22533839; STYLEmk:` onLoad=%n%n%n%n%n%n onLoad=”-1971597210"><CENTER onLoad=“#” onLoad=“&“������”;” onLoad=“-48930474” STYLE=“-2085902594” STYLE=“about:”“” onLoad=1158479947
The FF browser withstood it all, no sweat.
The report about the html-mangling test is here:
http://internet.newsforge.com/article.pl?sid=04/11/01/1558216&tid=142&tid=143&tid=144
polonus
strange after some refreshes i got this page
I see a bad moon rising.
I see trouble on the way.
I see earthquakes and lightnin'
I see bad times today.
Don't go 'round tonight,
It's bound to take your life.
There's a bad moon on the rise.
You missed.
(Nice shoes, though)
The page we are trying to hide must be here somewhere… Go and find it.
*** XGB FILE REPOSITORY USERS: PROCEED HERE ***
my.ip, you are a visitior number 4815410, webpage hit counter: +/- 53709279
with active link leading to http://lcamtuf.coredump.cx/_private%20warez_/
is that part of the mangling ? i examined the original Michal code and perl version and i can’t find anything like that …
dare to explain? ???
Hi Dwarden,
Go to Michal Zalewski’s home page, you read it there. The mangler online is on his private server, so he’d rather had you download the mangling program, and adopt it for Windows. But it is a non-windows program tar-ball, so what?. What he has further on his private pages (got the all green from Dr.Web’s hyperlink scanner, so I am not directly linking to malware here) is his affair and his alone. If you are into security and want to register, that is your decision as well) I just simply liked to demonstrate what this mangling was about, why IE could not be affected by it, and alternate browsers were (with script enabled). As I did with the post about the data fuzzers. We have to know about these testing methods, haven’t we?
While there was no harm in it, just gave it as an informative link, that’s all. Hope you can live with that,
polonus
well i was just wondering if any1 else ran into such page(s) …