Author Topic: MalZilla  (Read 257380 times)

0 Members and 1 Guest are viewing this topic.

October 13, 2008, 04:23:51 am
Reply #210

Kayrac

  • Guest
Any chance for in program updating? :), i always hated having to dl new versions manually :P

October 23, 2008, 07:59:19 pm
Reply #211

bobby

  • Special Members
  • Hero Member

  • Offline
  • *

  • 322
    • Malzilla
@Kayrac
Pretty much impossible with SourceForge's organization of mirrors.

@all
1.1.0 is uploaded to the servers. Mirrors will probably need some time to synchronize.
Now I need to sit down and write some documentation and tutorials on new features.

October 23, 2008, 08:13:26 pm
Reply #212

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Cheers dude :)
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

October 23, 2008, 10:07:17 pm
Reply #213

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Clicking detect in the Kalimero tab with nothing in the box causes MalZilla to freeze.

On the Misc Decoders tab, it would be nice to have a little checkbox or radio button to enable/disable the "Override default delimiter" option. So that if it is enabled whatever is in the box will be the delimiter, even if nothing is in the box. This would be useful for when you got hex without the %. Or perhaps an insert character at every increment, like UltraEdit. These are not important features though, so if they are too time consuming are could incorporate bugs, don't worry ;)

October 24, 2008, 06:38:42 am
Reply #214

bobby

  • Special Members
  • Hero Member

  • Offline
  • *

  • 322
    • Malzilla
Thanks.

@JohnC
Interesting, Kalimero freezes in a lot of situations. I didn't tested its robustness. I have used it just for getting HTML objects for LuckySploit.
About working without delimiter in Misc decoders - it is possible to do for encodings with fixed length of a number (e.g. hex), but it can't be done as general rule because of e.g. decimal numbers (1,10,100) where the length of one member can be 1 to 3.
You can insert a delimiter by using PScript, and example script for such task is already included with Malzilla (I believe it was added with Malzilla 0.9.3 or even 0.9.2.1).
It is not a problem to do insertion of delimiter, or decoding without delimiter. I'll wait a couple of days to see if there is more bug reports, and I'll push another release.

October 24, 2008, 07:34:18 am
Reply #215

bobby

  • Special Members
  • Hero Member

  • Offline
  • *

  • 322
    • Malzilla
Localized and fixed the Kalimero bug.
It was a stupid cleaning routine that was used to remove empty rows from the array - there was no exit if the array didn't have any row.

@JohnC
Please do some testing with caching HTTP headers (your request for this version)
btw. there is an option on Settings > Download tab > Add project info to saved files. That would also store all the relevant data into saved HTML documents, and this option is also present in Malzilla for very long time.

October 24, 2008, 12:52:15 pm
Reply #216

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
"Add project info to saved files" is enabled by default in MalZilla 1.1.0 but I'm not sure where I should be looking for the HTML files, I don't see them. When I load a cached page, I don't get the headers.

Also I noticed this strange bug.



The site in question is an NX domain site, so MalZilla couldn't access it. The cache file d41d8cd98f00b204e9800998ecf8427e is 0 bytes long. This is because MalZilla tries to save a cache for sites that don't work aswell it seems. If you test MalZilla trying to access any site that doesn't exist, it will create the 0 byte file in the cache folder, and if you try to load it, it will load the empty file. However if you visit another site which doesn't work it will not add this site to the cache because it has the same md5 hash as the other site. But if you try and open the original cached page, it will then give you that error.

And another little bug.



Clear the URL box. Expand the url box to see all visited urls but don't click any, so that the url box is still empty. Then click "Load from cache". It will produce the Debug error message.


October 24, 2008, 01:41:24 pm
Reply #217

Orac

  • Special Members
  • Hero Member

  • Offline
  • *

  • 723
    • malwareremoval.com
bobby, is version 1.1.0 available at anysite other than sourceforge, everytime i try and DL it, it crashes on me (not the first time ive had this problem with sourceforge !!)
Malware analysised using clarified analyzer to record and document how malware behaves in a networking environment

October 24, 2008, 01:49:08 pm
Reply #218

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

October 24, 2008, 02:49:12 pm
Reply #219

Orac

  • Special Members
  • Hero Member

  • Offline
  • *

  • 723
    • malwareremoval.com
Thanks John  ;D
Malware analysised using clarified analyzer to record and document how malware behaves in a networking environment

October 24, 2008, 03:32:15 pm
Reply #220

sowhat-x

  • Guest
Regarding SF downloads in general / for future reference...
Assuming that you know the exact name of the package you wanna download,
eg."malzilla_1.1.0.zip" in this case,then you can substitute the mirroring server's name as below...

Quote
http://heanet.dl.sourceforge.net/sourceforge/malzilla/malzilla_1.1.0.zip
http://dfn.dl.sourceforge.net/sourceforge/malzilla/malzilla_1.1.0.zip
http://surfnet.dl.sourceforge.net/sourceforge/malzilla/malzilla_1.1.0.zip
http://kent.dl.sourceforge.net/sourceforge/malzilla/malzilla_1.1.0.zip
http://switch.dl.sourceforge.net/sourceforge/malzilla/malzilla_1.1.0.zip
http://ovh.dl.sourceforge.net/sourceforge/malzilla/malzilla_1.1.0.zip

And it goes on...don't remember by heart all the available mirrors there... ;-)

Alternatively,someone could use the following...
but I think this one takes a bit more to update/mirror the revisions,not really sure about that:
http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/m/ma/malzilla/

October 24, 2008, 04:09:07 pm
Reply #221

bobby

  • Special Members
  • Hero Member

  • Offline
  • *

  • 322
    • Malzilla
@JohnC

About 0-byte files - it is so by design. Can you suggest better behavior which better suits your needs?

About "debug" message, it is from function that makes corrections in URL (hxxp > http and fxp>ftp).
I've removed the message.

btw. these is some features of Malzilla that I still didn't documented.

Command-line parameters:

-url "www.aa.aa" - open Malzilla and put the URL in URL box - this goes through URL fix routine mentioned above, so you can supply hxxp://... links
-html file.ext - open Malzilla and load file in Download tab
-js file.ext - open Malzilla and load file in Decoder tab

I'm still looking for solution to integrate Malzilla with browsers, so that the browser open Malzilla if hxxp link is clicked.

btw. Today I have done a lot of fixes (how dumb I was with handling of Unicode...)
Will push a bugfix release as soon as possible (0-bytes problem mentioned by JohnC need to be fixed when I get feedback from JohnC).

October 24, 2008, 04:12:36 pm
Reply #222

bobby

  • Special Members
  • Hero Member

  • Offline
  • *

  • 322
    • Malzilla
@JohnC
"Adding project info" affects just the files at saving from right-click menu > Save to file

@all
Please do not forget right-click menu. The best things are in that menu.
Just take a look at "Run script" sub-menu.

October 24, 2008, 04:32:03 pm
Reply #223

bobby

  • Special Members
  • Hero Member

  • Offline
  • *

  • 322
    • Malzilla
@Orac
Indeed, SF can be a PITA sometimes. I'll see what I can do (need to read the agreement with SF again, to see not to do something against the agreement).
I get the best results when downloading from Ireland mirror (can't recall the name).

October 24, 2008, 05:09:52 pm
Reply #224

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
@JohnC
"Adding project info" affects just the files at saving from right-click menu > Save to file

@all
Please do not forget right-click menu. The best things are in that menu.
Just take a look at "Run script" sub-menu.

It just seems to save the webpage, there aren't any HTTP headers saved with it.