• Become An Endpoint with LazyEye

    by  • November 21, 2014 • Uncategorized

    For the past couple of years I have written Chrome extensions to do my bidding, but never shared them out in the open. Some would modify the Virustotal website and include data from Hypertotal, while others would highlight indicators inside of my browser content. I wanted to release one of the extensions I have used for quite some time and that’s LazyEye. The concept is simple, every analyst becomes a collection point while making no changes to their workflow.

    LazyEye inspects each page viewed by the user who has the extension installed and uses regex values in attempt to extract domains, email addresses, IP addresses and hashes. Once the data has been collected, it’s assembled into a large object that includes context (website, time, user-agent, etc.) and posts it back to a configurable endpoint.

    If you are interested in extending the extension or giving it a test run, clone it at Github. If users are worried about privacy and only want certain URLs crawled, create an approval list on the same endpoint server and return the contents before attempting to extract data. That, or you can just filter using  a list of websites on the backend server. If you have any feedback or ideas, just use Github. Lastly, I suck at writing regex.

    About