Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Phishing attack w/HTML5 offline cache framework based on Squid proxy
PHP
branch: master

README

SQUID-IMPOSTER

Project makes it easy to create Squid-based proxy injecting your own content to chosen website URLs. Modified content is then persisted in client's browser even when the client no longer connects through your proxy thanks to HTML5 Offline cache features.
Injected content may for example be used to form a phishing attack during penetration test.

This is a port of HTML5 offline cache poisoning features introduced in Imposter to Squid/Apache/PHP setup.

Imposter: http://www.andlabs.org/tools/imposter/imposter.html by Lavakumar Kuppan
Port by Krzysztof Kotowicz <kkotowicz at gmail dot com>

Architecture
============
Diagram describing squid-imposter architecture is in squid-imposter.png file. You may also consult
andlabs.org for further explanations on what Imposter is and what can it do.

Requirements
============
- PHP 5.2
- Apache
- mod_php
- Squid


Instalation
===========
1. Put the files somewhere within Apache document root. Note the URL to the directory with the files and insert it into config.ini 'imposter' setting

2. Setup squid rewrite program: in /etc/squid/squid.conf insert the line:
   url_rewrite_program /absolute/path-to/rewrite.php

   Default installation of squid on Ubuntu will do just fine with this single-line change.

   This will make squid pass every URL requested by client to rewrite.php script for possible silent redirection.

3. Setup targetted websites

   Edit config.ini file and insert a section for each website. Section name will be the site id. Each section should have a payload= and manifest= values. For example, to spoof example.com login page, enter:
   [example_com]
   payload=http://example.com/login.asp
   manifest=http://example.com/images/blank.gif

   'payload' is the URL that should be replaced in the offline cache. 'manifest' is the cache manifest file. Choose some static file present on the live domain to make the attack more permanent (browsers will try to refresh cache manifest on each page load).

4. Prepare the payload files

   At most three files will be used for each website:
    - <site-id>.payload is the payload file. It's a copy of a website page with additional decorations made by you (e.g. form values stealing, script injection etc.)
    - <site-id>.manifest is the injected cache manifest file.
    - <site-id>.append (optional) - instead of using .payload file, the actual URL will be fetched by the server and this file will be appended right before </body>. Not as bulletproof as .payload file, but may sometimes be simpler to set up. If .payload and .append files are present, .payload takes precedence.
    
   There are also default.manifest and default.append files used when there is no specific file for a given site id.       

   In every file you may use these strings:
    %%manifest%% - manifest URL
    %%payload%% - payload URL

   Also, <html manifest=> declaration and appropriete 'cache for 10 years' HTTP headers will be added automatically to payload.

5. Set up squid proxy in the HTML5-supporting browser (or make an open access point serviced by the squid proxy) and enjoy :)
   Default squid port is 3128.


When you're changing config.ini entries, be sure to restart squid (sudo /etc/init.d/squid restart) to refresh the changes.

License
=======

Copyright (c) 2010 Krzysztof Kotowicz

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
Something went wrong with that request. Please try again.