Hello and welcome to the Friday, May 22nd,

2006 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the Sands.edu graduate certificate program in cyber security engineering.

Last week, Rob wrote a diary about a tool called proxy fire. Proxifier is neat because it allows you to intercept traffic with a proxy from specific applications.

Of course, that's great for reverse analysis and such. Yes, you could

just proxy all traffic, but then, of course, you have to deal with all the noise that you're

getting in addition to the traffic from the application you're interested in. The trick here is

that proxy fire only works on Macs and on Windows.

Yes, there is sort of an Android version, but no sort of generic Linux versions.

I looked into, well, how do you do it in Linux?

And as far as I know, there are really sort of three different ways of doing it.

Number one, you can set specific environment variable,

HTTP underscore proxy and HDPS underscore proxy. Many sort of HTTP libraries are looking for

these environment variables and will use any proxy. So before starting the application, you

just set these environment variables.

You can do it a little bit with IP tables, but with IP tables,

you're kind of only able to redirect traffic from a particular user.

So you have to make sure that this application, well,

is the only application being run by a particular user.

And then I think sort of the neatest and often overlooked feature is, Well, it's the only application being run by a particular user.

And then I think sort of the needest and often overlooked feature in Linux is network namespaces,

...