Invoke-Webrequest and malware infections

This topic contains 2 replies, has 2 voices, and was last updated by  EjazR 4 months, 2 weeks ago.

  • Author
    Posts
  • #90986

    EjazR
    Participant

    Hi
    I am trying to automate a manual tasks of checking if our vendor product used as Web proxy is blocking malicious URLs correctly at various points in time.

    My main question is that since most malware are designed to infect browsers or plugins in browser like Java or Flash, will this be safe to access the malicious website output in a URL and check the status code of the request? In other words, is running invoke-webrequest on a windows box to check if a malicious URL is accessible as bad and equivalent to browsers to it in IE with all the chances of infections associated with it?

    Or since the output is walled off in the variable in memory and cant interact with browsers or plugins in this format mean that it is sandboxed even if it does contain a drive-by malware

    A sample code is below

    $a = invoke-webrequest -uri $dodgyurl
    if ($a.statusCode -eq '200')
    { write-host "Dodgy URL is accessible, need to do something!"}
    if ($a.statuscode -eq '403')
    {write-host "Dodgy URL is blocked. Yay!}
    
  • #90988

    Olaf Soyk
    Participant

    You could simply use Test-Connection to check if the urls are accessible or not, don't you?

    • #90998

      EjazR
      Participant

      Test-Connection and Test-Netconnection does not use the proxy settings so they dont work as well as invoke-webrequest

      Also, invoke-webrequest allows you to easily get the status code of 200 and 403

      In any case, my main concern was if the malware embedded in the webpage would be able to infect the machine if we connect to the webpage using pwoershell

      Is there some documentation that can shed light on this?

You must be logged in to reply to this topic.