begood Posted March 4, 2010 Report Posted March 4, 2010 Imposter is a flexible framework to perform Browser Phishing attacks. Once the system running Imposter is configured as the DNS server to the victims, the internal DNS server of Imposter resolves all DNS queries to itself. When the victim tries to access any website the domain resolves to the system running Imposter and Imposter’s internal web server serves content to the victim. Depending on the configuration appropriate payloads are sent to the victim. Data stolen from the victim is sent back to Imposter and this is stored in a SQLite database in a folder created with its name based on the date and time of the attack.Imposter can perform attacks:- Steal cookies- Set cookies- Steal Local Shared Objects- Steal stored passwords from FireFox- Steal cached files- Poison browser cache- Steal files from the victim’s local file system through – Internet Explorer- Run SQL queries on the victim’s Google Gears database and – transfer the results- Create ResourceStore and Managed ResourceStore on the – victim’s Google Gears LocalServerPre reqisiteAdministrative Rights:Imposter listens on ports 53/UDP and 80/TCPThe ‘File Stealer’ module runs an internal snifferSystem running Imposter should have the IP address 192.168.1.3Internal DNS server resolves all domains to 192.168.1.3WinPcap must be installed on the systemFile Stealer module reqires :- Linux Virtual Machine with IP address 192.168.1.2 configured in ‘bridged’ networking mode.- A samba network share named ‘imp’ with anonymous read access on the Linux VM.- This network share should a smbmount of the ‘imp’ folder that comes along with Imposter.- ‘imp’ folder containing ‘imposter.swf’ must be in the same directory as the Imposter binaryImposter is one of its freeware phishing attacks tool very useful for black hat penetration testing , To collect passwords ,financial informations and much more .Download Imposter Here Quote
