pKaji: The PHP Analyzer

pKaji is a free service provided by MyCERT that allows one to analyze  PHP codes.  It facilitates detection of network activities and other potentially malicious activities within the code by using the ‘hooking’ technique. Basically, it uses the APD (Advance PHP Debugger) extension to hook the original PHP built-in function. Using pKaji To use pKaji, […]

Hooking pBot

I’m working on analyzing remote file inclusion (RFI) code. For pBot class which uses  an IRF server as their command and control (C&C) ,  we are interested to get the IP addresses of the C&C,  the channel name and  the nickname used to connect to irc server. Below are sample of output: