Whitetrash – Dynamic Web White-listing for Squid

Keep on Guard!

This is a pretty neat tool for those using Squid Cache and looking for a pro-active tool for securing web acccess in their company (or house if you have a devious sibling).

The goal of Whitetrash is to provide a user-friendly and sysadmin-friendly proxy that makes it significantly harder for malware to use HTTP and SSL for:

  • initial compromise;
  • data exfiltration; and
  • command and control.

Whitetrash features:

  • Provides whitelisting for HTTP and SSL that is good for both users and sysadmins, but defends against malware and browser exploits.
  • A HTML rendered whitelist report that can be viewed by all users. Can also be used to generate static whitelists for popular domains.
  • Fast: no noticeable impact on users browsing urls already in the whitelist, and adding a new URL is very quick.
  • Secure: As this is a security product, great care has been taken to sanitise input, flow control etc. so that the whitelist cannot be easily circumvented or exploited.
  • Users can delete their own whitelist entries (optional). Admins can delete any whitelist entry. A HTML report that lists all domains requested but not whitelisted – good for tracking down malware/adware and generating static blacklists.
  • Configurable authentication: any sort of authentication can be used. Squid provides plugins for NTLM, basic, and digest but has an extensible interface for other authentication schemes.
  • NEW: A CAPTCHA system has been implemented to prevent malware adding itself to the whitelist. CAPTCHA can be enabled for HTTP, SSL, or both. This is available in the source tree and will be included in the next release.

Whitetrash whitelists web traffic at the domain level, and is a powerful technique to eliminate (or at least make difficult) communications for a lot of malware.

You can download Whitetrash here:

whitetrash 0.2RC1

Or read more here.

Posted in: Countermeasures, Security Software

Latest Posts:

GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.
QualysGuard - Vulnerability Management Tool QualysGuard – Vulnerability Management Tool
QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service.
Memcached DDoS Attacks Will Be BIG In 2018 Memcached DDoS Attacks Will Be BIG In 2018
So after the massive DDoS attack trend in 2016 it seems like 2018 is going to the year of the Memcached DDoS amplification attack with so many insecure Memcached servers available on the public Internet.
libsodium - Easy-to-use Software Library For Encryption libsodium – Easy-to-use Software Library For Encryption
Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API.
XSStrike - Advanced XSS Fuzzer & Exploitation Suite XSStrike – Advanced XSS Fuzzer & Exploitation Suite
XSStrike is an advanced XSS detection suite, which contains a powerful XSS fuzzer and provides zero false positive results using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads.

8 Responses to Whitetrash – Dynamic Web White-listing for Squid

  1. goodpeople December 28, 2007 at 8:39 am #

    Good work! This will certainly help.

  2. Pantagruel December 29, 2007 at 10:01 am #

    The squid was just added an extra ‘arm’, let’s see if it indeed caters the filtering needs.

  3. eM3rC January 6, 2008 at 9:55 pm #

    Great post! Like Pantagruel said, this is an extra arm.

  4. Sir Henry January 8, 2008 at 8:59 pm #

    Although this is not something that I will be implementing on my home network right now (I do not think the wife would be particularly pleased with having to justify where she goes on the web), I know that something of this sort will most certainly be in place when my son is old enough to try and maneuver the web. I like what I have seen with this, however.

  5. goodpeople January 8, 2008 at 10:23 pm #

    My son is 6 now and talks about games he plays online at a friends house. So I’m afraid I’ll be installing this very soon. For now I’m probably the only person in the world that isn’t running squid.

  6. Sir Henry January 8, 2008 at 10:53 pm #

    Actually, you are the second person in the world, for I am not running squid, either. ;)

  7. goodpeople January 9, 2008 at 12:12 am #

    hahaha, good to know that I’m not alone in this world.

    But all the fun stuff aside, does anyone have anything additional to say on the subject? I’m very interrested in other people opinions.

  8. eM3rC January 9, 2008 at 3:08 am #

    I wont be using it either, but I think stuff like this would be a helpful addition to small business networks or possibly schools (if they aren’t already using something like websense).