Going through a bunch of JavaScript I do not trust and it has a ton of web address comments like citations but likely some bad stuff in there too. What could be swapped with the address to instead act as a local tripwire or trap?
Just a mild curiosity for scripting stuff.
Yeah, I could do it. The question is how to redirect a web address to do something useful locally. Like maybe setup an Apache server or something to capture and log any such attempts regardless of how the address is called.
If it’s a link to an external site, redirecting to local won’t really do anything useful. I still feel like I’m missing something. I’ll give it a last try.
If I start a local super basic webserver:
so that I’m running a server on localhost, port 8000 creating
logfile.txt, I can do something like this on the file:which should rewrite a url from:
to
Now if you click on that link, it won’t do anything except give you an error, but:
so you’d now have a log of all attempts which would be easy to clean up.
Awesome. Now how would you strace/ptrace the active process correlated with the return packet?
This is way past my pay grade in the territory of edge-of-abstract – understanding.
See one of my problems is that the malicious software is running across Python, JavaScript, and a ton of dubious packages scattered throughout the machine. It is all interconnected and using unconventional operations. Right now I am just removing a package one and a time and seeing what breaks. I will likely miss how things are interconnected. I am not at all familiar with this type of thing, and learning as I go. The system used unshare, manually created no-label packets with all records obfuscated, used a hidden daemon function in systemd, and no-account to operate outside of namespaces.