fingerprint_browser
fingerprint_browser copied to clipboard
Description
- This tool identifies the version of the browser and browser plugins (java/flash/reader) and exploits them via Metasploit.
- The target browser also reports back the plugins and their versions back to the tool.
Requirements
- Python2.7
- MITMProxy
- Ettercap / Responder / Intercepter-NG
Installation Steps
- Install MITMProxy 0.9.1 https://github.com/mitmproxy/mitmproxy/archive/v0.9.1.zip
- git clone https://github.com/milo2012/fingerprint_browser.git
- cd fingerprint_browser
- python2.7 webserver.py
- Run the ettercap ARP spoofing command as shown on screen
Installation instructions for MITMproxy can be found here
https://github.com/milo2012/fingerprint_browser/blob/master/installation.md
The javascript code for the plugins version detection is from https://browserscan.rapid7.com/scanme. Thank you for the awesome code.
Demo video available at [http://youtu.be/m8Yb-d7kzwQ]
To Do Wish Lists
- Obfuscate the Java browser exploits in Metasploit (refer to http://martin.swende.se/blog/java-exploits.html)
- Replace documents (pdf,word documents) on the fly with infected version via ARP spoofing
- Inject infected documents into browsers via WPAD