You must be aware of Imposter, a tool that we wrote about here. That tool was meant specifically for Windows operating systems and also contains a module that uses HTML5 offline cache to store the payload permanently in all supporting browsers. Squid-Imposter just add the HTML5 offline cache storage functionality to the application and has been ported to Linux.
Squid-imposter makes it easy to create Squid based proxy injecting your own content to chosen website URLs. Modified content is then persisted in client’s browser even when the client no longer connects through your proxy thanks to HTML5 Offline cache features! Additionally, standard HTTP cache headers set the page to cache for 10 years. Injected content may for example be used to form a phishing attack during penetration test. In other words, it is a port of HTML5 offline cache poisoning features introduced in Imposter to Squid/Apache/PHP setup with an open source (MIT) license.
So, now you can easily spoof websites that will be stored in victim’s browser cache forever. It’s a MITM/sidejacking attack technique by pretending to be that website. Here is how you work with the Squid-Imposter:
Choose a website URL you’d like to spoof (e.g. GMail login page)
Prepare a modified version of the page (e.g with a submit button that also sends login/password to you)
Look for any other URL on the domain that user won’t be likely to visit (this will be the manifest URL). It might something tiny like a blank.gif file.
Setup Squid-imposter with payloads and URLs
Convince a victim to connect to squid-imposter (e.g. hijack victim’s proxy entries, make him connect to your rogue Wi-Fi, etc.)
When victims enters the URL, squid returns the modified page and a manifest file that tells user to store the page in offline cache.
Two years later, the user is no longer connected to your proxy, but the modified page is still served by victim’s browser.
QQ群⑧:
窥视卡
雷达卡
发表于 2017-4-17 17:22:44
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡