When the victim tries to access any website the domain resolves to the system running Imposter and Imposter’s internal web server serves content to the victim. Depending on the configuration appropriate payloads are sent to the victim. Data stolen from the victim is sent back to Imposter and this is stored in a SQLite database in a folder created with its name based on the date and time of the attack.

The lists of attacks performed are:

• Steal cookies
• Set cookies
• Steal Local Shared Objects
• Steal stored passwords from FireFox
• Steal cached files
• Poison browser cache
• Steal files from the victim’s local file system through Internet Explorer
• Run SQL queries on the victim’s Google Gears database and transfer the results
• Create ResourceStore and Managed ResourceStore on the victim’s Google Gears LocalServer

General Requirements:

• Administrative Rights:

Reasons:

• Imposter listens on ports 53/UDP and 80/TCP
• The ’File Stealer’ module runs an internal sniffer

• System running Imposter should have the IP address 192.168.1.3

Reasons:

• Internal DNS server resolves all domains to 192.168.1.3

• WinPcap must be installed on the system

Read the User Guide Videos

More information: here

Thank you to Lavakumar Kuppan, from AnD Labs to sharing this tool with us.