Imposter v0.9 - Browser Phishing Tool
Imposter is a flexible framework to perform Browser Phishing attacks. Once the system running Imposter is configured as the DNS server to the victims, the internal DNS server of Imposter resolves all DNS queries to itself.
When the victim tries to access any website the domain resolves to the system running Imposter and Imposter’s internal web server serves content to the victim. Depending on the configuration appropriate payloads are sent to the victim. Data stolen from the victim is sent back to Imposter and this is stored in a SQLite database in a folder created with its name based on the date and time of the attack.
The lists of attacks performed are:
- Steal cookies
- Set cookies
- Steal Local Shared Objects
- Steal stored passwords from FireFox
- Steal cached files
- Poison browser cache
- Steal files from the victim’s local file system through Internet Explorer
- Run SQL queries on the victim’s Google Gears database and transfer the results
- Create ResourceStore and Managed ResourceStore on the victim’s Google Gears LocalServer
General Requirements:
- Administrative Rights:
Reasons:
-
- Imposter listens on ports 53/UDP and 80/TCP
- The ’File Stealer’ module runs an internal sniffer
- System running Imposter should have the IP address 192.168.1.3
Reasons:
-
- Internal DNS server resolves all domains to 192.168.1.3
- WinPcap must be installed on the system
Read the User Guide
Videos
More information: here
Thank you to Lavakumar Kuppan, from AnD Labs to sharing this tool with us.
Post scriptum
Compliance Mandates
|