Honk Finder

Find obfuscated/suspicious code in the page body.

Find suspicious encoded/obfuscated code on site scraped page bodies. It takes times to look through thousands of lines of code, let this extension find and convert those items for you. Details: Honk in this case is a synonym for suspicious activity/code. This extension will look at the page body and give the option to search for Base64, Hex or possible indication of specific site compromises using regex (SocGholish, Balada and Parrot TDS). The use case here would be during threat or incident response research where you are reviewing a page via a third-party tool like Urlscan. In that instance you can see the entire dom as a body result where this tool can be leveraged. Use: To use this tool, look at the result of a page via some type of site scrapping tool and view the dom there. Open up dev tools and look at the console window. After clicking the tool icon and selecting the needed option, the results will be presented in the console window with a popup. The console will show all of the hits along with the conversion and the popup window will show how many possible hits along with how many it was able to convert. In addition, it will replace the found body text (where possible) and highlight that hit. Note: You should never visit suspicious sites directly, use a third party tool. This extension won't parse script tags anyway, only body.