GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  SPYBYE (1)

NAME

spybye - a proxy to help finding malware

CONTENTS

Synopsis
Description
Authors

SYNOPSIS

crawl [-g good patterns] [-b bad patterns] [-p port] [-l log file] [-S shareing url] [-P] [-x]

DESCRIPTION

The spybye tool provide a proxy server through which web pages can be fetched and analyzed for potentially dangerous includes. To use spybye, you need to configure your web browser to use the port configured by -p as proxy port.

The options are as follows:
-b good patterns A file or URL from which good patterns can be loaded. Any URL that maches a good pattern is declared harmless.
-b bad patterns A file or URL from which bad patterns can be loaded. Any URL that matches a bad pattern is declared dangerous.
-p port The port number under which spybye creates the proxy server. This is the port the web browser needs to contect to.
-l log file A filename to which potentially dangerous site interactions are being logged.
-S share url When spybye finds a dangerous URL, it can be reported to the provided URL. By default, this points to www.spybye.org. This option can be disabled by providing an empty string.
-P By default, spybye does not allow any fetches to private IP addresses. By specifying this option, web pages can be fetched from any IP address.
-x Puts spybye into proxy mode. It’s possible to browse the web normally, but spybye is going to disallow fetches it deems dangerous.

This tool is not very complicated and very straight forward. It uses the web browser to decode potentially obfuscated javascript and then traces all fetches the web browser makes. All URLs that have been classifies as dangerous are displayed in the overview page but the web broswer is denied access to them. For additional security, the referer header needs to match the already discovered URL space. Nonetheless, running spybye could potentially get your computer infected when visiting a dangerous web page. So, ideally, your web browser should run within a virtual machine.

AUTHORS

The spybye utility has been developed by Niels Provos.
Search for    or go to Top of page |  Section 1 |  Main Index


Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.