Monday, April 12, 2010

Using Wget to surf SEO attacked websites link

There have couple of ways used to detect malicious redirects to malicious sites. For me, the safety way is used wget command-line tools. This tools works at Linux, Mac and Windows as well. You can simulate the traffic like normal browsers do by configuring such as referer, agent-string, and etc.

Example,
# wget --referer=http://www.google.com "http://www.malicioussite.com/"

# wget --referer=http://www.yahoo.com "http://www.malicioussite.com/"

Faking user-agent with Wget
wget --refer=http://www.google.com --user-agent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1)" "http://www.malicioussite.com/"

It is important to include user agent string because more and more sites excluding browsing by "unapproved" browsers.

Example:

wget -k -m --referer=http://www.google.com --user-agent="Mozilla/5.0 (Windows; U; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "http://visualflowdesigns.com/ecuuz.php?t=polish+president+killed"

--18:40:06-- http://visualflowdesigns.com/ecuuz.php?t=polish+president+killed
=> `visualflowdesigns.com/ecuuz.php@t=polish+president+killed'
Resolving visualflowdesigns.com... done.
Connecting to visualflowdesigns.com[66.96.131.146]:80... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: http://slv9a0.xorg.pl/in.php?t=cc&d=10-04-2010_x_1023&h=visualflowdesigns.com&p=http%3A%2F%2Fwww.google.com [following]
--18:40:07-- http://slv9a0.xorg.pl/in.php?t=cc&d=10-04-2010_x_1023&h=visualflowdesigns.com&p=http%3A%2F%2Fwww.google.com
=> `slv9a0.xorg.pl/in.php@t=cc&d=10-04-2010_x_1023&h=visualflowdesigns.com&p=http@3A@2F@2Fwww.google.com'
Resolving slv9a0.xorg.pl... done.
Connecting to slv9a0.xorg.pl[87.248.163.54]:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://www3.firesafe6.xorg.pl?p=op2dcWtaraLFapWfZlahqJ51yGGTlGjJU8%2FXoA%3D%3D [following]
--18:40:08-- http://www3.firesafe6.xorg.pl/?p=op2dcWtaraLFapWfZlahqJ51yGGTlGjJU8%2FXoA%3D%3D
=> `www3.firesafe6.xorg.pl/index.html@p=op2dcWtaraLFapWfZlahqJ51yGGTlGjJU8@2FXoA@3D@3D'
Resolving www3.firesafe6.xorg.pl... done.
Connecting to www3.firesafe6.xorg.pl[78.46.218.251]:80... connected.

Tools:
- wget (Download link)
at 10:52 PM
Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)