Write-up to CyberChef

Write-up to CyberChef #

I use the online tool CyberChef, that can send http requests and contains modules to quickly evaluate something. The following examples should illustrate the functionality.

Task 1 - Extract email address #

The email addresses of a web page are to be extracted.

The page is https://mcs.unibnf.ch/lecturers-list/ and is also “paged”. https://mcs.unibnf.ch/lecturers-list/page/XXX/ where XXX is a number from 2 - 5.

Implementation #

The target website has not relaxed the SOP with CORS, which is why the browser does not get the response from mcs.unibnf.ch. However, this can easily be circumvented if we put a proxy in between and set the access-control-allow-origin header to *. Alternatively the browser can also disable certain security mechanisms.

The proxy setup in ZAP is set up under Tools/Replacer Options:

ZAP cors settings

We create web requests with the URLs:

So the tool has to make 5 requests with one condition included because the first URL is different.

So the flow is like this:

  1. start 5 threads
  2. check if I am the first
    1. if yes, then jump to the first request type
    2. if no, then jump to the second request type
  3. merge all threads
  4. extract all emails from the result
  5. sort
  6. remove duplicates

The Recipe for CyberChef can be used with input 1, 2, 3, 4, 5.

Task 2 - Forking #

An input is to be taken as a list and then transformed into a list of hashes.

The output is as follows:

  • Checksums:
  • ===== NEXT ======

Implementation #

The process is like this:

  1. fork
  2. generate all hashes
  3. search & replace with regex replace last character with ===== NEXT
  4. implicit merge

The Recipe for CyberChef

Task 3 - Forking & Web Requests #

Implementation #

  • Fork: Similar to C, the following code is executed per input “group”. The group can be a simple line or selected with regex.
  • Merge: Similar to C, all branches are merged again, and the following code is on a “path”.
  • Register: Stores an input “group” in a register. The first group is stored in $RO. Together with Fork, a for_each loop can be built this way. The register is used as input for other blocks (example at the bottom of the recipe).

The procedure to find the email addresses is like this:

  1. fork
  2. send a web request
  3. extract email
  4. merge
  5. make list unique
  6. read number in output window

The Recipe for CyberChef

Calendar December 26, 2021