Going through a bunch of JavaScript I do not trust and it has a ton of web address comments like citations but likely some bad stuff in there too. What could be swapped with the address to instead act as a local tripwire or trap?
Just a mild curiosity for scripting stuff.
If it’s a link to an external site, redirecting to local won’t really do anything useful. I still feel like I’m missing something. I’ll give it a last try.
If I start a local super basic webserver:
so that I’m running a server on localhost, port 8000 creating
logfile.txt, I can do something like this on the file:which should rewrite a url from:
to
Now if you click on that link, it won’t do anything except give you an error, but:
so you’d now have a log of all attempts which would be easy to clean up.
Awesome. Now how would you strace/ptrace the active process correlated with the return packet?
This is way past my pay grade in the territory of edge-of-abstract – understanding.
See one of my problems is that the malicious software is running across Python, JavaScript, and a ton of dubious packages scattered throughout the machine. It is all interconnected and using unconventional operations. Right now I am just removing a package one and a time and seeing what breaks. I will likely miss how things are interconnected. I am not at all familiar with this type of thing, and learning as I go. The system used unshare, manually created no-label packets with all records obfuscated, used a hidden daemon function in systemd, and no-account to operate outside of namespaces.