Skip to content
Compare two websites for unwanted extra JavaScript
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
LICENSE
README.md
buster.py
requirements.txt

README.md

Proxy Buster

Code Climate

Analyze mirrors of any website for injected JavaScript code

This application retrieves the HTML page of a website and its mirrors, then analyses its code for additional scripts (ads, exploit kits etc.) that evil mirrors may inject

Usage

Prerequisites

Install packages as the following:

$ pip install -r requirements.txt

Running

Run the script as the following:

$ python buster.py -u <original website URL> [<mirror website URL>, ...]

Switches

  • -u, --url: Original website to compare the mirrors
  • -i, --inline: (optional) Compare inline scripts
  • -e, --external: (optional) Compare URLs pointing to external scripts
  • -v, --verbose: (optional) Dump contents of inline and external scripts to command-line
  • -o, --output: (optional) Write result statistics into a CSV file
  • -m, --mirror-list: (optional) Supply list of mirrors from file instead the command-line. One URL per line.
  • -f, --file: (optional) Store raw HTTP responses in this file instead of mirrors.dat
  • -n, --nocheck: (optional) Get HTTP responses from raw file instead of the Internet

Data File

HTTP responses are stored on disk in mirrors.dat instead of memory. This allows to store raw results or resume operations for later.

Documentation

Comparing Inline Scripts

This test will return the number of additional inline scripts on website mirrors

$ python buster.py -i -u <original website URL> [<mirror website URL>, ...]

The application parses the HTML code of the original and mirror websites and extracts inline scripts between <script></script> tags. In case a mirror is injecting additional JavaScript code, the application will return the total number. When -v switch is on, it will also list the contents of these additional scripts.

Comparing External Script URLs

This test will return the number of additional URLs pointing to external scripts

$ python buster.py -e -u <original website URL> [<mirror website URL>, ...]

The application parses the HTML and extracts URLs from <script src=""> tags. If a mirror is injecting additional <script src=""> tags, the application will return the number of extra URLs. When -v switch is on, it will also list these additional links.

Comparing External Assets

This test will compare external scripts for modified code

$ python buster.py -a -u <original website URL> [<mirror website URL>, ...]

The application parses the HTML and extracts URLs from <script src=""> tags. In this case however, the test downloads these assets in case the path of the URL is matching. In case a mirror is injecting additional JavaScript into external scripts such as jQuery, it will return the differences.

Creating Statistics

This will execute all of the tests listed above and print results into a CSV file. This comes handy if we compare a website with a long list of mirrors.

$ python buster.py -o <filename> -u <original website URL> [<mirror website URL>, ...]

Contribute

Pull requests are welcome

Contributors

Credits

This project was inspired by the following project:

The project was first featured on the Rainbow and Unicorn security blog

License

See the LICENSE file for license rights and limitations (MIT)

You can’t perform that action at this time.