PC security researcher has released plug-in for Firefox that gives wealth of data on Web sites that compromised with nasty code. The plug-in called Fireshark was out on Wednesday at Black Hat conference. Open source free tool is intended to address shortcomings in other programs utilized to analyze nasty Web sites, said Stephan Chenette, principal safety researcher at Websense, which allows Chenette develop Fireshark in course of his job.

Hackers frequently target legal Web sites with code that can either taint a machine with nasty software or send a user to bad Web page. Websense focuses in detecting Web pages that have been infected, as many site administrators don't know that their sites are unsafe to visitors or have trouble reverse-engineering nasty code. Fireshark "show you exact details of mass compromise," Chenette said.
Fireshark should be run in virtual machine to avoid infection. Users input list of Web sites for study. Fireshark exposes 7Web sites' code. Nasty code is frequently obfuscated, so it is hard to tell what it does, Chenette said. But obfuscated code has to run in browser to work. Fireshark exposes code, which can't be viewed, when it runs in browser's memory.

After code exposed, it's then possible to do more examination and see if other Web sites are affected, Chenette said. Fireshark show vulnerability and exploits on Web sites. Many Web sites infected with code that either sends malware or redirects users to bad Web sites. Tools produce maps of those redirections, which give clues as to who behind the attacks. Fireshark gathers data in ".yml" file, which is like XML file, Chenette said. The ".yml" file included into other security analysis tools. Data that Fireshark gathers is all held locally, and none of it is shared with Websense.