New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TinyCheck seems to not detect DNS queries to stalkerwares servers #51
Comments
Hello Léandre, Nice catch I have the same issue there, it put the domain Félix. |
Re Léandre, Ok, its not related to the engine but a typo, the whitelisted CIDR : 199.36.154.0/2 -_-. Sure that if we whitelist all the internet, and not the CIDR 199.36.154.0/23 it will not work. I'm gonna update the whitelist.json and also the update script to remove the entry. You can remove it by yourself by going to the backend, whitelist, search element and typing 199.36.154.0/2, after that, delete bouton. Have a good day, |
Thank you for the quick reply, It fixed everything, thank you ! I think i can close this issue. Have a nice day too, |
Hi,
After tested TinyCheck on a virtual environment (with a little bit of modifications in the code), i decided to test it on the purposed environment : a Raspberry Pi 4 (with a touchscreen).
But after fews tests with a stalkerware (in this test Snoopza) installed on a smartphone, i saw that it didn't detect first DNS query to
api.snoopza.com
( it is easily viewable on the capture.pcap with adns
filter).In every test, i wait at least 5 minutes, and i do some stuff like rebooting, taking photo, surfing, etc. On the Snoopza panel, i get informations on the smartphone, so there is communication between the smartphone and Snoopza's server.
On the virtual environment, I modified the
zeekengine.py
file to also loop on all dns queries and compare it with IOCs :I saw that this part is adding dns resolution to the analysis engine, but i don't understand why it seems to not work in my tests case :
I wonder if i am doing a thing wrong, or if the analysis needs to loop also on DNS queries ?
Thanks for the work on this amazing tool,
Léandre
The text was updated successfully, but these errors were encountered: