Permalink
Browse files

download-curl:

- add option for specifying shellcode download UA
- add default UA of "Mozilla/5.0 (Windows; U; MSIE 6.0; Windows NT 5.1;
  SV1; .NET CLR 2.0.50727)"
  • Loading branch information...
Georg Wicherski
Georg Wicherski committed Sep 12, 2011
1 parent 13fe662 commit 7bb64f301bd0931ab87f245f3be4c979e24e3322
Showing with 9 additions and 1 deletion.
  1. +5 −0 conf/download-curl.conf
  2. +3 −0 src/download-curl/download-curl.cpp
  3. +1 −1 src/download-curl/download-curl.hpp
@@ -22,4 +22,9 @@
#
#measurement-interval = 60;
#minimum-speed = 4096;
# download-curl will automagically download URLs identified in
# shellcode analysis; you can control the user agent here. The
# default is:
#shellcode-ua = Mozilla/5.0 (Windows; U; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)";
}
@@ -69,13 +69,15 @@ bool DownloadCurlModule::start(Configuration * moduleConfiguration)
{
m_measurementInterval = 60;
m_minimumSpeed = 4096;
m_shellcodeUserAgent = "Mozilla/5.0 (Windows; U; MSIE 6.0; Windows NT 5.1)";
LOG(L_INFO, "No configuration for download-curl module, assuming default minimum speed of 4 KiB/s measured over 60s intervals.");
}
else
{
m_measurementInterval = moduleConfiguration->getInteger(":measurement-interval", 60);
m_minimumSpeed = moduleConfiguration->getInteger(":minimum-speed", 4096);
m_shellcodeUserAgent = moduleConfiguration->getString(":shellcode-ua", "Mozilla/5.0 (Windows; U; MSIE 6.0; Windows NT 5.1)");
}
if(m_daemon->getEventManager()->subscribeEventMask("shellcode.download", this)
@@ -114,6 +116,7 @@ void DownloadCurlModule::handleEvent(Event * event)
curl_easy_setopt(easy, CURLOPT_LOW_SPEED_TIME, m_measurementInterval);
curl_easy_setopt(easy, CURLOPT_FOLLOWLOCATION, 1L);
curl_easy_setopt(easy, CURLOPT_INTERFACE, transfer->recorder->getDestination().name.c_str());
curl_easy_setopt(easy, CURLOPT_USERAGENT, m_shellcodeUserAgent.c_str());
curl_multi_add_handle(m_curlMulti, easy);
++m_refcount;
@@ -121,7 +121,7 @@ class DownloadCurlModule : public Module, public EventSubscriber, public Timeout
private:
Daemon * m_daemon;
string m_directory;
string m_directory, m_shellcodeUserAgent;
size_t m_refcount;
bool m_shuttingDown;

0 comments on commit 7bb64f3

Please sign in to comment.