diff --git a/modules/ROOT/images/polish_site_screenshot_phishing.png b/modules/ROOT/images/polish_site_screenshot_phishing.png index bdcab64..1bb0e88 100644 Binary files a/modules/ROOT/images/polish_site_screenshot_phishing.png and b/modules/ROOT/images/polish_site_screenshot_phishing.png differ diff --git a/modules/ROOT/images/polish_site_screenshot_phishing_select.png b/modules/ROOT/images/polish_site_screenshot_phishing_select.png index 85a6e4f..11459d1 100644 Binary files a/modules/ROOT/images/polish_site_screenshot_phishing_select.png and b/modules/ROOT/images/polish_site_screenshot_phishing_select.png differ diff --git a/modules/ROOT/images/polish_site_virus_total.png b/modules/ROOT/images/polish_site_virus_total.png index 1a126cf..c9dc80b 100644 Binary files a/modules/ROOT/images/polish_site_virus_total.png and b/modules/ROOT/images/polish_site_virus_total.png differ diff --git a/modules/ROOT/images/sample_github.png b/modules/ROOT/images/sample_github.png index 418f1f9..a50e0b7 100644 Binary files a/modules/ROOT/images/sample_github.png and b/modules/ROOT/images/sample_github.png differ diff --git a/modules/ROOT/images/sample_github_legend.png b/modules/ROOT/images/sample_github_legend.png index 106c142..80cc582 100644 Binary files a/modules/ROOT/images/sample_github_legend.png and b/modules/ROOT/images/sample_github_legend.png differ diff --git a/modules/ROOT/pages/dev-docs.adoc b/modules/ROOT/pages/dev-docs.adoc index 7314cce..eb20a81 100644 --- a/modules/ROOT/pages/dev-docs.adoc +++ b/modules/ROOT/pages/dev-docs.adoc @@ -45,6 +45,7 @@ and start/kill it manually. If you change anything in `website/web/static/` you must run `tools/generate_sri.py` before restarting the website in order to update the link:https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity[SRI hashes] of each resources. If you don't do that, your browser will refuse to load them and you will be frustrated. +Or set `ignore_sri` to `true` in `config/generic.json` in order to ignore the SRI hashes. == Modules diff --git a/modules/ROOT/pages/lookyloo-interface.adoc b/modules/ROOT/pages/lookyloo-interface.adoc index 56fd478..132498c 100644 --- a/modules/ROOT/pages/lookyloo-interface.adoc +++ b/modules/ROOT/pages/lookyloo-interface.adoc @@ -16,32 +16,58 @@ Lookyloo displays a tree of the domains that call one another. == Lookyloo Menu -* *Capture Details*: Show details about the capture -* *Lookyloo Manual*: Link to this documentation -* *Homepage*: Return to the index page (list of all the captures) -* *Page screenshot*: Show the screenshot of the page as it yould be displayed in the browser -* *Tree statistics*: Overview of the number of unique URLs/Hostnames, and cookies present in the capture -* *Third party reports*: (Optional) Query 3rd party services and display the result -* *Run Subsequent Captures*: List all the URLs in the landing page and trigger subsequest capture while keeping the session (useragent, cookies, referer) -* *Contact Local Administrator*: (Optional) Send a notification to the entity managing the platform +* *New capture*: Start a new capture +* *Monitor capture*: (Optional) Monitor the capture +* *Report suspicious capture*: (Optional) Send a notification to the entity managing the platform +* *Capture* +** *Capture Details*: Show details about the capture +** *Statistics*: Overview of the number of unique URLs/Hostnames, and cookies present in the capture +** *Page screenshot*: Show the screenshot of the page as it yould be displayed in the browser +* *Analytical Tools* +** *Third Party Reports*: (Optional) Query 3rd party services and display the result +** *Historical lookups*: Historical data and context about this capture +** *Hashlookup hits*: Hits in Hashlookup +** *Resources*: All resources contained in the tree +** *Hostnames*: All hostnames contained in the tree +** *URLs*: All URLs contained in the tree +** *Favicons*: Favicons found on the rendered page +** *(Fuzzy)Hashes types*: Compare hashes of the rendered page +** *Other Identifiers*: Identifiers found on the rendered page +* *Actions* +** *Subsequent Captures*: List all the URLs in the landing page and trigger subsequent capture while keeping the session (useragent, cookies, referer) +** *Re-Capture*: Submit the URL again +** *Download elements*: Download specific elements of the capture +* *Admin only* +** *Rebuild capture*: Rebuild the capture +** *Hide capture*: Remove the capture from the public side and hide it +** *Remove capture*: Remove the capture from Lookyloo +** *Prepare push to MISP*: (Optional) Push the URL to MISP +** *Search events in MISP*: (Optional) Look for events in MISP containing the URLs +** *Logout*: Log out the current user +* *Extras* +** *Manage categories*: (Optional) Manage the categories +** *Unbookmark all nodes*: (Optional) Unbookmark all marked nodes +** *Mark all the captures' entries as known*: (Optional) Mark the capture as legitimate +* *?*: Link to Lookyloo's documentation == Legend image::sample_github_legend.png[] -* *Insecure requests*: At least one for the requests in the node is unencrypted (HTTP). +* *Unencrypted requests*: At least one for the requests in the node is unencrypted (HTTP). * *Empty responses*: All the responses in the node are empty. -* *Javascript*: The responses contain javascript. * *Cookie received*: The responses contain cookies. * *Cookie read*: The requests contain cookies (cookies are sent to the server). * *Redirect*: The requests contain redirects. +* *iFrame*: The responses are loaded from iFrames. +* *Javascript*: The responses contain javascript. * *Font*: The responses contain fonts. * *HTML*: The responses contain HTML. * *JSON*: The responses contain Json. * *CSS*: The responses contain CSS. * *EXE*: The responses contain executables. -* *Image*: The responses contain images -* *Video*: The responses contain videos -* *iFrame*: The responses are loaded from iFrames. -* *Content type not set/unknown*: The content of the responses is unknown. +* *Image*: The responses contain images. +* *Video*: The responses contain videos. +* *Unknown content*: The content of the responses is unknown. +* *Downloaded file*: The node contains a downloaded file. diff --git a/modules/ROOT/pages/phishing-use-case.adoc b/modules/ROOT/pages/phishing-use-case.adoc index 92fa298..ab04e79 100644 --- a/modules/ROOT/pages/phishing-use-case.adoc +++ b/modules/ROOT/pages/phishing-use-case.adoc @@ -23,7 +23,7 @@ As represented by the lock icon, the site contains insecure requests (HTTP). image::polish_site_screenshot_phishing_select.png[] -As indicated in the tree of domains, a user is redirected to a series of insecure sites, before a request is sent to `pay.ecard.pi`. +As indicated in the tree of domains, a user is redirected to a series of insecure sites, before a request is sent to `pay.ecard.pl`. image::polish_site_virus_total.png[]