Lookyloo Interface

Capture Visualization

The Lookyloo interface is comprised of the following:

  • Tree of Domains

  • Menu (left and top)

  • Legend

GitHub Capture

Tree of Domains

Lookyloo displays a tree of the domains that call one another.

Lookyloo Menu

  • New capture: Start a new capture

  • Monitor capture: (Optional) Monitor the capture

  • Report suspicious capture: (Optional) Send a notification to the entity managing the platform

  • Capture

    • Capture Details: Show details about the capture

    • Statistics: Overview of the number of unique URLs/Hostnames, and cookies present in the capture

    • Page screenshot: Show the screenshot of the page as it yould be displayed in the browser

  • Analytical Tools

    • Third Party Reports: (Optional) Query 3rd party services and display the result

    • Historical lookups: Historical data and context about this capture

    • Hashlookup hits: Hits in Hashlookup

    • Resources: All resources contained in the tree

    • Hostnames: All hostnames contained in the tree

    • URLs: All URLs contained in the tree

    • Favicons: Favicons found on the rendered page

    • (Fuzzy)Hashes types: Compare hashes of the rendered page

    • Other Identifiers: Identifiers found on the rendered page

  • Actions

    • Subsequent Captures: List all the URLs in the landing page and trigger subsequent capture while keeping the session (useragent, cookies, referer)

    • Re-Capture: Submit the URL again

    • Download elements: Download specific elements of the capture

  • Admin only

    • Rebuild capture: Rebuild the capture

    • Hide capture: Remove the capture from the public side and hide it

    • Remove capture: Remove the capture from Lookyloo

    • Prepare push to MISP: (Optional) Push the URL to MISP

    • Search events in MISP: (Optional) Look for events in MISP containing the URLs

    • Logout: Log out the current user

  • Extras

    • Manage categories: (Optional) Manage the categories

    • Unbookmark all nodes: (Optional) Unbookmark all marked nodes

    • Mark all the captures' entries as known: (Optional) Mark the capture as legitimate

  • ?: Link to Lookyloo’s documentation

Legend

sample github legend

  • Unencrypted requests: At least one for the requests in the node is unencrypted (HTTP).

  • Empty responses: All the responses in the node are empty.

  • Cookie received: The responses contain cookies.

  • Cookie read: The requests contain cookies (cookies are sent to the server).

  • Redirect: The requests contain redirects.

  • iFrame: The responses are loaded from iFrames.

  • Javascript: The responses contain javascript.

  • Font: The responses contain fonts.

  • HTML: The responses contain HTML.

  • JSON: The responses contain Json.

  • CSS: The responses contain CSS.

  • EXE: The responses contain executables.

  • Image: The responses contain images.

  • Video: The responses contain videos.

  • Unknown content: The content of the responses is unknown.

  • Downloaded file: The node contains a downloaded file.