History

Web analysis

With Bokken basic website analysis is posible and the GUI offers some helpful tools to aid in the study of potentially dangerous webs.

When working with websites the GUI differs slightly from the standard one.

The left panel

The left pannel will show parsed data from the web site, the URL headers and the cookies obtained.

The resources found inside the HTML will be divided in two groups:

  • Those that seem remote or external from the site because they have a full path.
  • The ones that have a relative path.

By double clicking in each of the elements of the tree, it's position in the code will be highlighted. The same can be donde by right clicking and selecting "Search".

The right panel

The right panel will remain the same as with other targets but not it's contents.

  • The Code tab will show the website HTMl code instead of the disassembly. This code will be formated if the uTidy library is available (see Installation).
  • The Callgraph tab will show a visual representation of all the elements found in the HTML of the website and all those links with parameters will be shown parsed and grouped.

  • A new elements tab will show most of the web site elements like forms, comments o javascript code.

Other views

The rest of the views are also available: Hexdump, String representation and Strings. To learn more about them and the Interactive view go to the PE/Elf wiki entry.

bokken-web.png (188.3 kB) Hugo Teso Torío, 27/11/2011 20:38

web-graph.png (94.5 kB) Hugo Teso Torío, 27/11/2011 20:38

web-elements.png (89.9 kB) Hugo Teso Torío, 27/11/2011 20:38