samy kamkar
samy kamkar
I'd like to release the DNS code but it's currently tied to a custom DNS server I've developed that's integrated into a few other things I work on. I'll need...
Did you adjust YOUR.DOMAIN in backdoor.html and target_backdoor.js? Are you running backend_server.js on YOUR.DOMAIN?
Sounds like your browser may not be hitting it. I'd open the Network tab of devtools to verify the websocket is being made (there's a "WS" attribute you can select...
Yes -- you should see the PT animation (I've just committed an updated version that allows you to disable the animation). If not, perhaps a DNS poisoning issue or network...
It should as your internal network should still be accessible while PT is plugged in. Actually, I probably should include an auto-reconnecting websocket in target_injected_xhtmljs.html (essentially backdoor.html) -- that way...
You're running into many sites that have now implemented HSTS to prevent HTTPS downgrade attacks. I chose http://nfl.com as an example as it doesn't use HSTS. businessinsider.com and cbsnews.com are...
Actually the connection refused error is interesting -- for one of those, what IP is the hostname pointing to? You may need an iptables rule on PT to forward back...
That's correct, PoisonTap cannot communicate with the Internet (unless you want to add a gateway). The goal of PT is to first extract cookies from the target machine, then to...
The websocket connection is currently only in the cached /PoisonTap pages (backdoor.html), and isn't very resilient in its current incarnation (it doesn't retry on fail). I'll need to add it...
Honestly copying the html from backdoor.html to (an HTML section of) target_injected_xhtmljs.html should do it. To keep reconnecting on failure, probably changing the socket-related backdoor.html code to do something like:...