Jump to content

PoisonTap by Samy Kamkar


TheHermit

Recommended Posts

Samy Kamkar has released a tool called PoisonTap - https://samy.pl/poisontap/

tldr; 

siphons cookies, exposes internal router & installs web backdoor on locked computers

Created by @SamyKamkar || https://samy.pl

When PoisonTap (Raspberry Pi Zero & Node.js) is plugged into a locked/password protected computer, it:

  • emulates an Ethernet device over USB
  • hijacks all Internet traffic from the machine (despite being a low priority/unknown network interface)
  • siphons and stores HTTP cookies and sessions from the web browser for the Alexa top 1,000,000 websites
  • exposes the internal router to the attacker, making it accessible remotely via outbound WebSocket and DNS rebinding (thanks Matt Austin for rebinding idea!)
  • installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies via cache poisoning
  • allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain
  • does not require the machine to be unlocked
  • backdoors and remote access persist even after device is removed and attacker sashays away

He says it should be possible to run on a Lan Turtle,

Quote

PoisonTap is built for the $5 Raspberry Pi Zero without any additional components other than a micro-USB cable & microSD card, but can work on other devices that can emulate USB gadgets such as USB Armory and LAN Turtle.

 

Anyone familiar with creating modules happy to look at this? Else you have to wait till i learn how to write modules. 

 

 

  • Upvote 2
Link to comment
Share on other sites

  • 2 weeks later...

Has anyone gotten the poisontap to work successfully? It appears to function properly when looking at tcpdump on the target; but I never get anything reaching out to the nodejs control server. Also, how does one interact with the nodejs server? Navigating to the server's interface:port give a "sorry unknown url" error.

Link to comment
Share on other sites

On 11/19/2016 at 3:21 PM, Sebkinne said:

The issue is that it requires NodeJS.

NodeJS required FPU or FPU emulation in the kernel, and is a rather large binary. Sadly, this won't happen anytime soon.

 

Link to comment
Share on other sites

  • 3 months later...
On 11/19/2016 at 1:21 PM, Sebkinne said:

The issue is that it requires NodeJS.

NodeJS required FPU or FPU emulation in the kernel, and is a rather large binary. Sadly, this won't happen anytime soon.

@Sebkinne I understand that I could build a custom kernel that enables FPU support in order to get Node running, but what is the issue with the size of the node binary?  Disk space or RAM?  Is that a big enough problem that you think running Node code isn't viable on the Pineapple, even once FPU support is in the kernel?  Thanks!

Link to comment
Share on other sites

16 hours ago, elimisteve said:

@Sebkinne I understand that I could build a custom kernel that enables FPU support in order to get Node running, but what is the issue with the size of the node binary?  Disk space or RAM?  Is that a big enough problem that you think running Node code isn't viable on the Pineapple, even once FPU support is in the kernel?  Thanks!

You may JUST be able to get node installed and have some room to breathe, but I honestly don't know without giving it a shot. It would also not run very smoothly, but it might be enough for poisiontap to work.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...