(Tool) FireShark: Aid for web incident response

The tool of the day is FireShark, a free web analysis tool.  This is great to have in your toolbox for IR.  FireShark will generate a mind map of a given webpage — think of it being a graphical representation of NoScript i.e. the map for Amazon.com would show quantcast.com, google-analytics.com, facebook.com, and twitter.com connected because it loads javascript and or images from those pages.  The tool consists of a Firefox plugin with some additional perl scripts.

Now, if the authors would add geolocation to the maps we could quickly see if a site is pulling from a server in Russia or China would could be an obvious sign of infection….

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s