PoisonTap - siphons cookies, exposes internal router & installs web backdoor on locked computers

All credits go to samy kamkar.
He is the guy that released this.
I just thought I would share it here.

PoisonTap - siphons cookies, exposes internal router & installs web backdoor on locked computers.

PoisonTap is built for the $5 Raspberry Pi Zero without any additional components other than a micro-USB cable & microSD card, or can work on any Raspberry Pi (1/2/3) with an Ethernet-to-USB/Thunderbolt dongle, or can work on other devices that can emulate USB gadgets such as USB Armory and LAN Turtle.

When PoisonTap (Raspberry Pi Zero & Node.js) is plugged into a locked/password protected computer, it:
emulates an Ethernet device over USB (or Thunderbolt)
hijacks all Internet traffic from the machine (despite being a low priority/unknown network interface)
siphons and stores HTTP cookies and sessions from the web browser for the top 1,000,000 websites
exposes the internal router to the attacker, making it accessible remotely via outbound WebSocket and DNS rebinding (thanks Matt Austin for rebinding idea!)
installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies via cache poisoning
allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain
does not require the machine to be unlocked
backdoors and remote access persist even after device is removed.

Comments

Sign In or Register to comment.