Wiki
Clone wikiaiengine / MobileMalwareRuby
Mobile Malware
Nowadays mobile malware is growing fast on the networks, by the following example we could attach the engine to a GN interface and take advantage of the functionalities that the engine provides. Lets see how works now in Ruby:
require "ruaiengine"
def callback_domain(flow) d = flow.dns_info if (d) printf "Malware on IP %s domain %s" , flow.src_ip, d.domain_name end end
def load_bad_domains d = DomainNameManager.new file = File.new("malwaredns.dat","r") while (line = file.gets) dom = DomainName.new("Domain %s" % line.chomp,line.chomp) dom.callback = method(:callback_domain) d.add_domain_name(dom) end file.close return d end
s = StackMobile.new pd = PacketDispatcher.new pd.stack = s
s.total_udp_flows = 500000
d = load_bad_domains() s.set_domain_name_manager(d,"DNSProtocol")
pd.open("ens7") begin pd.run() rescue print "Stop capturing packets" end pd.close()
Updated