Whitetrash 1.0

Makes it significantly harder for malware to use HTTP and SSL for initial compromise, data exfiltration, etc.
  2 Screenshots
Whitetrash is a user-friendly and sysadmin-friendly proxy that makes it significantly harder for malware to use HTTP and SSL for:

- initial compromise;
- data exfiltration; and
- command and control.

Main features:

  • Provides whitelisting for HTTP and SSL that is good for both users and sysadmins, but defends against malware and browser exploits.
  • A HTML rendered whitelist report that can be viewed by all users. Can also be used to generate static whitelists for popular domains.
  • Fast: no noticeable impact on users browsing urls already in the whitelist, and adding a new URL is very quick.
  • Secure: As this is a security product, great care has been taken to sanitise input, flow control etc. so that the whitelist cannot be easily circumvented or exploited.
  • Users can delete their own whitelist entries (optional). Admins can delete any whitelist entry.
  • A HTML report that lists all domains requested but not whitelisted - good for tracking down malware/adware and generating static blacklists.
  • Configurable authentication: any sort of authentication can be used. Squid provides plugins for NTLM, basic, and digest but has an extensible interface for other authentication schemes.

last updated on:
August 7th, 2009, 23:41 GMT
license type:
GPL (GNU General Public License) 
developed by:
ROOT \ Internet \ HTTP (WWW)
Download Button

In a hurry? Add it to your Download Basket!

user rating



Rate it!
2 Screenshots
What's New in This Release:
  • Integration with the Google Safebrowsing API, so that urls are checked against the Google malware and phishing blacklists. Blacklisted domains cannot be whitelisted by normal users.
  • Improved authentication using the Django web framework. Adding new authentication methods is simple. LDAP support means user passwords and permissions can be centrally managed, with simple integration with Windows domain controllers and OpenLDAP servers.
  • Authentication can be disabled, which when used in conjunction with the CAPTCHA system, provides most of the security benefits without the overhead of user management.
  • A CAPTCHA system has been implemented to prevent malware adding itself to the whitelist. CAPTCHA can be enabled for HTTP, SSL, or both.
read full changelog

Add your review!