Use Thug YARA URLclassifiers

mhils / HoneyProxy

This project is now part of @mitmproxy.

https://github.com/mitmproxy/mitmproxy/

MIT License

198 stars 43 forks source link

Use Thug YARA URLclassifiers #76

Open nsmfoo opened 10 years ago

nsmfoo commented 10 years ago

I could see the benefit in having Thug's YARA rules (or other repository) integrated into Honeyproxy and mark matches in the webinterface. This would speed up detection when working with malware analyzes.

URL: https://github.com/buffer/thug/tree/master/src/Classifier/rules/urlclassifier

Good or bad idea?

mhils commented 10 years ago

Hi Mikael,

thanks for the input. I think that's something quite useful for the specific use case. With the mitmproxy merge, I'm not sure whether this is something we want to apply on the python level (new dump format soon) or something we want to apply on the JS level. I'll leave this issue open until these things have cleared up.

Cheers, Max

nsmfoo commented 9 years ago

Oops I did not respond back to you, sorry. If you do decided to implement this, I would gladly help out testing the functionality .

Regards Mikael