how to detect a spyware over http?
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
I am trying to detect a spyware on my pc by traffic analysis. I am connected to a vps (the sniffer) by a vpn and I am going to select all the sent data by the post method. Is this correct ? I mean the only way to send data out is through the POST method ? (leaving out CONNECT)
forensics spyware
add a comment |
up vote
2
down vote
favorite
I am trying to detect a spyware on my pc by traffic analysis. I am connected to a vps (the sniffer) by a vpn and I am going to select all the sent data by the post method. Is this correct ? I mean the only way to send data out is through the POST method ? (leaving out CONNECT)
forensics spyware
I recommend tracing the spyware back to where you first downloaded it. Have you recently downloaded a malicious file? They’re also a number of programs that can help you find and eliminate the spyware. I recommend taking a look at forest’s answer.
– CoderPE
5 hours ago
add a comment |
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I am trying to detect a spyware on my pc by traffic analysis. I am connected to a vps (the sniffer) by a vpn and I am going to select all the sent data by the post method. Is this correct ? I mean the only way to send data out is through the POST method ? (leaving out CONNECT)
forensics spyware
I am trying to detect a spyware on my pc by traffic analysis. I am connected to a vps (the sniffer) by a vpn and I am going to select all the sent data by the post method. Is this correct ? I mean the only way to send data out is through the POST method ? (leaving out CONNECT)
forensics spyware
forensics spyware
asked 6 hours ago
MysticDog
284
284
I recommend tracing the spyware back to where you first downloaded it. Have you recently downloaded a malicious file? They’re also a number of programs that can help you find and eliminate the spyware. I recommend taking a look at forest’s answer.
– CoderPE
5 hours ago
add a comment |
I recommend tracing the spyware back to where you first downloaded it. Have you recently downloaded a malicious file? They’re also a number of programs that can help you find and eliminate the spyware. I recommend taking a look at forest’s answer.
– CoderPE
5 hours ago
I recommend tracing the spyware back to where you first downloaded it. Have you recently downloaded a malicious file? They’re also a number of programs that can help you find and eliminate the spyware. I recommend taking a look at forest’s answer.
– CoderPE
5 hours ago
I recommend tracing the spyware back to where you first downloaded it. Have you recently downloaded a malicious file? They’re also a number of programs that can help you find and eliminate the spyware. I recommend taking a look at forest’s answer.
– CoderPE
5 hours ago
add a comment |
1 Answer
1
active
oldest
votes
up vote
4
down vote
There are countless ways spyware can exfiltrate information, including, but not limited to:
HTTP using a method such as GET, POST, PUT, etc.
Raw TCP or UDP payload contents.
Hidden in TCP or even IP headers (e.g. smuggled in the URG pointer).
ICMP payload contents, which are normally hidden.
Checking for sensitive data sent over HTTP POST will not help you detect spyware as there are so many other ways to exfiltrate information from a compromised server. Unfortunately, you will need to know what you are looking for in order to detect spyware traffic. However, if the spyware is not particularly advanced, there are many operating system-specific tools that you can use which will tell you what processes are communicating with the network. This of course assumes that the spyware is not running as a privileged user, otherwise it could hide from any such tools.
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
There are countless ways spyware can exfiltrate information, including, but not limited to:
HTTP using a method such as GET, POST, PUT, etc.
Raw TCP or UDP payload contents.
Hidden in TCP or even IP headers (e.g. smuggled in the URG pointer).
ICMP payload contents, which are normally hidden.
Checking for sensitive data sent over HTTP POST will not help you detect spyware as there are so many other ways to exfiltrate information from a compromised server. Unfortunately, you will need to know what you are looking for in order to detect spyware traffic. However, if the spyware is not particularly advanced, there are many operating system-specific tools that you can use which will tell you what processes are communicating with the network. This of course assumes that the spyware is not running as a privileged user, otherwise it could hide from any such tools.
add a comment |
up vote
4
down vote
There are countless ways spyware can exfiltrate information, including, but not limited to:
HTTP using a method such as GET, POST, PUT, etc.
Raw TCP or UDP payload contents.
Hidden in TCP or even IP headers (e.g. smuggled in the URG pointer).
ICMP payload contents, which are normally hidden.
Checking for sensitive data sent over HTTP POST will not help you detect spyware as there are so many other ways to exfiltrate information from a compromised server. Unfortunately, you will need to know what you are looking for in order to detect spyware traffic. However, if the spyware is not particularly advanced, there are many operating system-specific tools that you can use which will tell you what processes are communicating with the network. This of course assumes that the spyware is not running as a privileged user, otherwise it could hide from any such tools.
add a comment |
up vote
4
down vote
up vote
4
down vote
There are countless ways spyware can exfiltrate information, including, but not limited to:
HTTP using a method such as GET, POST, PUT, etc.
Raw TCP or UDP payload contents.
Hidden in TCP or even IP headers (e.g. smuggled in the URG pointer).
ICMP payload contents, which are normally hidden.
Checking for sensitive data sent over HTTP POST will not help you detect spyware as there are so many other ways to exfiltrate information from a compromised server. Unfortunately, you will need to know what you are looking for in order to detect spyware traffic. However, if the spyware is not particularly advanced, there are many operating system-specific tools that you can use which will tell you what processes are communicating with the network. This of course assumes that the spyware is not running as a privileged user, otherwise it could hide from any such tools.
There are countless ways spyware can exfiltrate information, including, but not limited to:
HTTP using a method such as GET, POST, PUT, etc.
Raw TCP or UDP payload contents.
Hidden in TCP or even IP headers (e.g. smuggled in the URG pointer).
ICMP payload contents, which are normally hidden.
Checking for sensitive data sent over HTTP POST will not help you detect spyware as there are so many other ways to exfiltrate information from a compromised server. Unfortunately, you will need to know what you are looking for in order to detect spyware traffic. However, if the spyware is not particularly advanced, there are many operating system-specific tools that you can use which will tell you what processes are communicating with the network. This of course assumes that the spyware is not running as a privileged user, otherwise it could hide from any such tools.
answered 6 hours ago
forest
25.5k127993
25.5k127993
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197432%2fhow-to-detect-a-spyware-over-http%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
I recommend tracing the spyware back to where you first downloaded it. Have you recently downloaded a malicious file? They’re also a number of programs that can help you find and eliminate the spyware. I recommend taking a look at forest’s answer.
– CoderPE
5 hours ago