this post was submitted on 26 Mar 2026
12 points (92.9% liked)

Linux

16857 readers
5 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
MigratingtoLemmy@lemmy.world
12
Swap web addresses in source: any tricks to share? (lemmy.world)
submitted 4 days ago* (last edited 4 days ago) by j4k3@lemmy.world to c/linux@lemmy.world
8 comments fedilink hide all child comments
 

Going through a bunch of JavaScript I do not trust and it has a ton of web address comments like citations but likely some bad stuff in there too. What could be swapped with the address to instead act as a local tripwire or trap?

Just a mild curiosity for scripting stuff.

you are viewing a single comment's thread
view the rest of the comments
[–] j4k3@lemmy.world 0 points 3 days ago (1 children)

Yeah, I could do it. The question is how to redirect a web address to do something useful locally. Like maybe setup an Apache server or something to capture and log any such attempts regardless of how the address is called.

[–] sin_free_for_00_days@sopuli.xyz 2 points 3 days ago (1 children)

If it's a link to an external site, redirecting to local won't really do anything useful. I still feel like I'm missing something. I'll give it a last try.

If I start a local super basic webserver:

python3 -m http.server 8000 2>&1 | tee -a logfile.txt

so that I'm running a server on localhost, port 8000 creating logfile.txt, I can do something like this on the file:

sed 's|"http://\([^/]*\)|"http://0.0.0.0:8000//1|'

which should rewrite a url from:

http://foo.bar/testing/link

to

http://0.0.0.0:8000/foo.bar/testing/link

Now if you click on that link, it won't do anything except give you an error, but:

$ cat logfile.txt
127.0.0.1 - - [27/Mar/2026 00:12:49] code 404, message File not found
127.0.0.1 - - [27/Mar/2026 00:12:49] "GET /foo.bar/testing/link HTTP/1.1" 404 -

so you'd now have a log of all attempts which would be easy to clean up.

[–] j4k3@lemmy.world 1 points 2 days ago

Awesome. Now how would you strace/ptrace the active process correlated with the return packet?

This is way past my pay grade in the territory of edge-of-abstract – understanding.

See one of my problems is that the malicious software is running across Python, JavaScript, and a ton of dubious packages scattered throughout the machine. It is all interconnected and using unconventional operations. Right now I am just removing a package one and a time and seeing what breaks. I will likely miss how things are interconnected. I am not at all familiar with this type of thing, and learning as I go. The system used unshare, manually created no-label packets with all records obfuscated, used a hidden daemon function in systemd, and no-account to operate outside of namespaces.