PoisonTap - exploiting locked machines w/Raspberry Pi Zero
PoisonTap - siphons cookies, exposes internal router & installs web backdoor (reverse tunnel) on locked/password protected computers with a $5 Raspberry Pi Zero and Node.js. https://samy.pl/poisontap/
By Samy Kamkar
Full details and source code at https://samy.pl/poisontap/
Buy a Raspberry Pi Zero here: https://amzn.to/2eMr2WY
Buy cement for your USB ports here: https://amzn.to/2fX0I1e
When PoisonTap (Raspberry Pi Zero & Node.js) is plugged into a locked/password protected computer (Windows, OS X or Linux), it:
emulates an Ethernet device over USB (or Thunderbolt)
takes over all Internet traffic from the machine (despite being a low priority network interface)
siphons and stores HTTP cookies from the web browser for the Alexa top 1,000,000 websites
exposes the internal router to the attacker, making it accessible remotely
installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies
allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain
does not require the machine to be unlocked
backdoors and remote access persist even after device removal
Music by Darin Leach & Samy Kamkar (Epoch Rises / epochrises )
Intro graphics by Darin Leach: https://darinleachgraphics.com
https://samy.pl/poisontap/
Watch video PoisonTap - exploiting locked machines w/Raspberry Pi Zero online without registration, duration hours minute second in high quality. This video was added by user samy kamkar 16 November 2016, don't forget to share it with your friends and acquaintances, it has been viewed on our site 864,208 once and liked it 11 thousand people.