Fireshark™ a free web analysis tool

Linking the malicious web

What is Fireshark

Fireshark is a tool, made up of a Firefox plugin and a set of postprocessing scripts that allows you to capture web traffic from the core of your web browser, enabling you to log events and download content to disk for post-process analysis.

Main use:

Mass Injection Analysis
Redirection Chaining
Deobfuscation Analysis
Content Profiling

Fireshark is free to use. It is currently supported on Firefox browsers and released under the GPLv3 License.

Author(s)
Stephan Chenette
Latest Version
This is the beta version!! I will be uploading the full documentation this coming week (04/15/2010) + features that were left out as to make the localized version as simple to use for demonstration purposes, so please be patient, this version was meant to be used by attendees of blackhat europe, as they were given a preview of how to use it.
Note: Fireshark is meant for an experienced security researcher or enthusiast. Please take the proper precautions to make sure firesheark is running either in a virtualized environment or in an environment that doesn't effect the system permantely such as deepfreeze.
If you didn't't attend blackhat europe, the 2-second explainaion of how to use fireshark, is to do the following:

download and install fireshark by draging it into your firefox browser
create a data.txt file in your home directory
insert one or more URLs in the data.txt file
start firefox, go to tools, and click on "go!"
wait and watch and fireshark visits each of the URLs that were inserted in the data.txt file
after all URLs have been visited, open the report.yml that will be found in your home directory, it should reference any source code, screenshots and deobfuscated code that was created while the browser was run
use the post-processing scripts e.g. graphviz.pl to process more interesting graphs against report.yml
any other post-processing is up to you....more scripts to come + real documentation once I return home from blackhat europe!

License Agreement

This program is free software subject to the terms of the GNU General Public License.  You can use, copy, redistribute and/or modify the program under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. You should have received a copy of the GNU General Public License along with this program.  If not, please see http://www.gnu.org/licenses/ for a copy of the GNU General Public License.

The program is subject to a disclaimer of warranty and a limitation of liability, as disclosed below.

Disclaimer of Warranty.

THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR, CORRECTION OR RECOVERY FROM DATA LOSS OR DATA ERRORS.

Limitation of Liability.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.

END OF TERMS AND CONDITIONS

Agree and Download Fireshark

useful post-procsssing scripts (link):

FiresharkInitInfo.pl - Run this script to create a mini txt database of useful information (run this before running the next two scripts)
GraphViz.pl - Create a redirection chain
IngressEgress.pl - Create Ingress/Egress chart

Please note that we cannot provide support for these tools, but feedback is appreciated.

Introducing Fireshark™

Linking the malicious web

What is Fireshark