begood Posted March 19, 2010 Report Posted March 19, 2010 What is Imposter?Imposter is a flexible framework to perform Browser Phishing attacks. Once the system running Imposter is configured as the DNS server to the victims, the internal DNS server of Imposter resolves all DNS queries to itself. When the victim tries to access any website the domain resolves to the system running Imposter and Imposter’s internal web server serves content to the victim. Depending on the configuration appropriate payloads are sent to the victim. Data stolen from the victim is sent back to Imposter and this is stored in a SQLite database in a folder created with its name based on the date and time of the attack.Capabilities:Imposter can perform the following attacks: 1. Steal cookies 2. Set cookies 3. Steal Local Shared Objects 4. Steal stored passwords from FireFox 5. Steal cached files 6. Poison browser cache 7. Steal files from the victim’s local file system through Internet Explorer 8. Run SQL queries on the victim’s Google Gears database and transfer the results 9. Create ResourceStore and Managed ResourceStore on the victim’s Google Gears LocalServerFor the attacks related to Google Gears, the payload generated by Imposter automatically checks if the victim has installed and permitted Gears. This prevents any pop-up alerts to the user.General Requirements: 1. Administrative Rights: Reasons: * Imposter listens on ports 53/UDP and 80/TCP * The 'File Stealer' module runs an internal sniffer 2. System running Imposter should have the IP address 192.168.1.3 Reasons: * Internal DNS server resolves all domains to 192.168.1.3 3. WinPcap must be installed on the systemSpecial requirements for the File Stealer module: 1. Linux Virtual Machine with IP address 192.168.1.2 configured in 'bridged' networking mode. 2. A samba network share named 'imp' with anonymous read access on the Linux VM. 3. This network share should a smbmount of the 'imp' folder that comes along with Imposter. 4. ‘imp’ folder containing ‘imposter.swf’ must be in the same directory as the Imposter binarySteps by step set-up instructions: 1. Share the 'imp' folder in the Imposter directory with name 'imp_win'. 2. In the Linux VM create a folder '/imp' and map it to the 'imp_win' share with this command: mount -t smbfs -o username=<win user name> //192.168.1.3/imp_win /imp 3. Add the following lines to the ‘smb.conf’ file: [imp] path = /imp read only = yes public = yes 4. Restart the smb service.more : Attack and Defense Labs - User Guide | Imposter, Browser Phishing Tooldownload : http://andlabs.org/tools/imposter/imposter_v0.9.zipvideos : Attack and Defense Labs - Videos | Security Tools and Techniques Quote
Alexander33 Posted March 20, 2010 Report Posted March 20, 2010 (edited) niiice pacat ca merge din parti si cred ca din cauza ca am router deci este inutil celor care au router Edited March 29, 2010 by Alexander33 Quote
