Author Posts

January 7, 2018 at 12:30 pm

Hi
I am trying to automate a manual tasks of checking if our vendor product used as Web proxy is blocking malicious URLs correctly at various points in time.

My main question is that since most malware are designed to infect browsers or plugins in browser like Java or Flash, will this be safe to access the malicious website output in a URL and check the status code of the request? In other words, is running invoke-webrequest on a windows box to check if a malicious URL is accessible as bad and equivalent to browsers to it in IE with all the chances of infections associated with it?

Or since the output is walled off in the variable in memory and cant interact with browsers or plugins in this format mean that it is sandboxed even if it does contain a drive-by malware

A sample code is below

$a = invoke-webrequest -uri $dodgyurl
if ($a.statusCode -eq '200')
{ write-host "Dodgy URL is accessible, need to do something!"}
if ($a.statuscode -eq '403')
{write-host "Dodgy URL is blocked. Yay!}

January 7, 2018 at 4:08 pm

You could simply use Test-Connection to check if the urls are accessible or not, don't you?

January 7, 2018 at 10:42 pm

Test-Connection and Test-Netconnection does not use the proxy settings so they dont work as well as invoke-webrequest

Also, invoke-webrequest allows you to easily get the status code of 200 and 403

In any case, my main concern was if the malware embedded in the webpage would be able to infect the machine if we connect to the webpage using pwoershell

Is there some documentation that can shed light on this?