Forum Discussion

Bronze III

8 months ago

Solved

Events & Breaches: Magecart Skimmer

Hello - I need a hand locating the domain. (Q7) I've found the name of the file that contains the skimmer then exported that. I have then opened that in a text editor and searched for "http://" and...

defensive cyber

ChrisWood
7 months ago
Once you finish the checkout, look for a request sent to another server with the unencrypted details. You can do this inside of Fiddler. Alternatively, you can search for the fake information you entered, which should help you find what you're looking for!

MadelineDadamio

Community Support

8 months ago

Hi Gus!

Thank you for raising this! To locate the domain of the drop server, the user needs to navigate to the website and checkout using fake/random details. Then, you will be able to find the drop server domain used by the skimmer in Fiddler.

Let me know if you have any additional questions.

GusC

Bronze III

8 months ago

Hi Madeline - I had done that previously. I'm still stuck.

I went to checkout, then only when about to complete checkout with fake card data I launched fiddler to capture. Once checkout had completed I closed Firefox. Then exported all sessions as raw files then grepped on the results using

grep -Eorh 'https?://[^\s]+'

None of the results match Q7.

Forum Discussion

Events & Breaches: Magecart Skimmer

Featured Places

Help & Support Forum

Related Content

This Week in The Human Connection

AI-pril Fools: The Return of the Puppetmaster Virtual Crisis Sim LIVE

Combatting Software Vulnerabilities with GenAI

Breaking Down Walls to Make Way for AI

A Threat Hunter’s Guide to Defending Against Risks Posed by GenAI

Recent Discussions

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

Privilege Escalation: Windows – Finding Passwords

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.

Malware Analysis: Shlayer

CSP Hash Incorrect Despite Correct Script and Hash (CSP Lab Issue?)