Aug. 13th, 2014

chickencode: (Default)
For those that do not know I make my living as a "Cyber security analyst." Every day we recover tons of URL's from phish attacks that have base64 encoded user data attached to them, typically login information and more severly full credit card information.

This is what they look like.

http://www.unsecuresite.com/blah/example/phishdirectory/dGhpcw0KaXMgYW4gZXhhbXBsZQ0Kb2YgdGhlIHR5cGUNCm9mIGNyZWRlbnRpYWwgZGF0YQ0KbG9va3MgbGlrZSB3aGVuDQp3ZSBkaXNjb3ZlciBpdCBhdHRhY2hlZCB0bw0KYSBtYWxpY2lvdXMgdXJs/morejunk.php?


These base64 credentials really added up day to day and took quite a while to process as our then current way of recovering them was to parse the base64 out ourselves and run them individually through an online decoder that could only take one string at a time. Since I strictly run Linux on my workstation I would avoid the tool alltogether and just run them all in a for loop in bash.

for i in "base64_string1" "base64_string2" "base64_string3"
do
echo "$i" | base64 -d;
done


This method while faster and could take multiple strings still had me parsing the base64 data from the links myself manually. I knew I could devise a way pragmatically to do everything for me. Inspired I set off to build the simplest tool to use that was fast, could handle multiple credential links at one time, and needed no human intervention besides copy and paste.

So I came up with an approach of copying credential urls > pasting > clicking a button > success.

This last click step would require a gui of course so I set off to find a framework that I could build off and since I would rather not work in java this led me to GTK in python or QT in C/C++. Since I am a far better C programmer I went with the latter and found QT to be an amazing framework to really get up to speed and build your product with.

After a few hours of playing around and trying different things I had a working application that did everything I needed flawlessly, and just for the hell of it and because it was super easy to implement added a raw base64 multi string decoder and a clear fields button.


my QT C++ app that parses and decodes base64 data from URLS

It works great in the field, I use it every day now. My boss loves it, though now he wants me to rewrite it in php since thats what all of our other in house tools are written in. So looks like I'll be coming familiar with programming in that language too soon.

Profile

chickencode: (Default)
chickencode

March 2017

S M T W T F S
   1234
5 67891011
12131415161718
19202122232425
262728293031 

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Oct. 19th, 2017 07:04 am
Powered by Dreamwidth Studios