Circumvented by malware.

3 posts, 0 answers
  1. Jason
    Jason avatar
    2 posts
    Member since:
    Feb 2014

    Posted 22 Feb 2014 Link to this post

    How easy would it be for a virus, trojan etc to modify fiddler output? Such as modifying what IP addresses are showing.
  2. EricLaw
    EricLaw avatar
    67 posts
    Member since:
    Oct 2012

    Posted 24 Feb 2014 in reply to Jason Link to this post

    Is Fiddler running directly on the machine infected with malware?

    Generally speaking, malware running on a machine has the ability to change every byte in the user's memory space and every pixel on the screen, so in theory, it would be quite trivial for malware to interfere with Fiddler or any other software. In practice, however, malware doesn't bother interfering with Fiddler (if it did, it would probably bypass it entirely) and as a consequence professional forensic investigators do use Fiddler to inspect the behavior of malware.

    To ensure that malware can't "modify" what's seen in Fiddler, run Fiddler on a different PC and point the infected PC's proxy settings at the clean PC running Fiddler. See http://www.fiddlerbook.com/fiddler/help/hookup.asp#Q-NonWindows for more details.
  3. Jason
    Jason avatar
    2 posts
    Member since:
    Feb 2014

    Posted 24 Feb 2014 in reply to EricLaw Link to this post

    Excellent, thank you for getting back to me on that I really appreciate it.

    Have a good one mate!

Back to Top