5/26/2023 0 Comments Wget with proxy![]() ![]() Wgettorref (useful for malware that looks for a referer, use as wgetttorref "referer" "site") Torsocks wget -max-redirect 100 -no-check-certificate -S -U "" "$1" ![]() Wgettornoua (useful for malware that detects UA or use a keep-alive only type of request) Torsocks wget -recursive -no-parent -no-check-certificate -R index.html* -S -U 'Mozilla/5.0 (Windows NT 6.3 WOW64 Trident/7.0 rv:11.0) like Gecko' "$1" ![]() Torsocks wget -max-redirect 100 -no-check-certificate -S -U 'Mozilla/5.0 (Windows NT 6.3 WOW64 Trident/7.0 rv:11.0) like Gecko' "$1" Set ExitNodes country codes for geolocked sites ()Īll scripts use '$1" as site ie "wgettor I usually use a single quote like: wgettor ' wgettor (grab single file) wget can talk to a HTTP/HTTPS proxy, so you can setup such a proxy between Tor and wget.ī You just instruct curl to use the Tor socks proxy with option -socks5-hostname:Ĭurl -socks5-hostname localhost:9050 -D headers.txt -o sample.virįor wget, it's a bit more complex, because wget can't talk to Socks directly. On Windows, you can use Tor but not torsocks.įor curl, that's not a problem. And Tor nodes might also be blocked in countries where you want to download samples from. Mind you, the Tor network can be slow or unstable sometimes, which may interfere with the sample download. Torsocks curl -D headers.txt -o sample.vir You install the tor and torsocks packages for your distro, start tor, and then launch your curl or wget command via torsocks. On Linux and OSX, it's quite easy to do so. ![]() One way to do this, is to use the Tor anonimity network. If you don't want to disclose your public IP address when retrieving malware, you can use proxies. exe and if you don't specify the full path to the resource then ensure its directory is part of the path environment variable.A couple of years ago, Lenny Zeltser wrote a diary entry on how to use curl to retrieve malware samples. If you are going to be using cmd utilities make sure you append.
0 Comments
Leave a Reply. |