Animal Farm: Protection From Client-side Attacks by Rendering Content With Python and Squid.

Client-side attacks against networks are becoming omnipotent. Arguably, the bar to land successful client-side attacks is lower due to toolkits like the Social Engineering Toolkit (SET), capable of producing malicious Adobe portable documents (PDFs), or BeEF, capable of producing browser-based exploits. In this paper, we examine the signatures and characteristics of several of these client-side attack vectors. And in response to them, we examine some techniques of rendering content as it passes through our proxy server. Using the Squid Web Proxy and the Python scripting language, as well as third-party tools, we produce and explain several scripts to remove malicious content from data as it passes through our proxy.