FakeNet is an intelligent tool for Windows that attempts to detect and display the common attempts to Web access on your PC.
The program is not only a packet capture tool. Instead FakeNet redirects Internet traffic and managed locally, so there are attempts to download "www.server.com/trojan.exe" but will not succeed.
No installation required. Just unzip the download, launch FakeNet from a high window system and change the DNS settings to point to localhost.
Collect email, open a browser or do something else and FakeNet shows the DNS, URL and other details in your Web console of the linked window.
FakeNet answers itself some applications. It will send DNS responses, for example. Test.com/test.jpg in your browser type and FakeNet used an image, use the test.html and you get a simple text file. This could help persuade their software that is monitored online, and is able to download any payload.
That worked pretty well in our tests, with FakeNet detection and reporting HTTP data traffic, HTTPS, DNS and ICMP and listen to some common ports (8000, 8080, 1337). We saw that our programs have been able to do it, but they could not.
There are some obvious gaps here. What about other protocols, ports, IP addresses hard-coded? There are some more detailed settings "catch-all" but only XP. FakeNet and can be extended to support multiple protocols, but will write Python scripts to do it.
The program should be used with caution, too. DNS settings by default launch is redirected, but these will not be restored if they close properly. If you run FakeNet from a browser window, for example, and close the command window by clicking on the top right of "x", the DNS will not be restored and still be offline. (There is a switch to reload its original configuration, but be aware that it exists.)
These are not major issues for the target audience. FakeNet run on a virtual machine with a snapshot in hand, as well as other legal tools that could be very useful. This looks like this? Give it a try.
FakeNet is an open source application for Windows XP and later.
No comments:
Post a Comment