What settings should be used on jsunpack

General discussion about the NoScript extension for Firefox
Post Reply
luntrus
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

What settings should be used on jsunpack

Post by luntrus »

Hi Giorgio Maone,

At times I go and visit jsunpack to check out on a suspicious or malcoded javascript.
This site is for experts only, so users that know what they are doing, because malicious code may run or spill over out of there.
Therefore the visitors of jsunpack are advised to have NS installed and active.
As I present the code in question on a forum i take a screenshot of the browser with Nightly Tester Tools or the active window via PickPick and sometimes I will minimize the gif image of it to have the picture of the non-benign code as an attached picture. Sometimes I even use PhotoFiltre when I have to make personal data there anonymous. This is a good policy because live suspicious code can be detected through an av web-/netshield scan, and an alert from a txt file with code evenas txt without any harm or payload would scare the beJ..... out of unaware visitors. That is why I am a propagator of presenting malcious script as a picture where it can be safely viewed by everyone without further ado. But on the jsunpack site, for example here: http://jsunpack.jeek.org/dec/go?list=1 I do not have that protection of it being presented as a picture file, I need the best NoScript protection there is, because the script is unpacked and classified there as either benign, suspicious or outright malicious. What are the preferred settings for my NS-extension to venture out there with minimal risks, also it is advised to go there with RequestPolciy installed and up, and to run the browser in a virtual environment. When I get an av flag for instance for a script virus, I launch the particular url into Malzilla and take a screendump from there. Of course after having established online that I do not run additional risks (scanning with urlvoid metascanner, finkan live url scan). If it is a file infector, well I should be a bit cautious. So the unaware should not do this at home. Again my question, how to tweak NS to venture out there?

luntrus
Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.0.16) Gecko/2010021011 Firefox/3.0.16 Flock/2.5.6
Post Reply