Enhancement: Break out each exploit code into a separate module

samyk / poisontap

Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.

https://samy.pl/poisontap/

6.22k stars 993 forks source link

Enhancement: Break out each exploit code into a separate module #37

Open pbnj opened 7 years ago

pbnj commented 7 years ago

@samyk how do you feel about breaking out the exploits into independent modules (e.g. network hijacking, cookie siphoning, remote web backdoors, remote router backdoor) that can distributed through NPM and potentially be re-used in other projects?

samyk commented 7 years ago

Sounds cool. They're separated out into functions, although the cookie siphoning + cache poisoning are joined for efficiency (cookie siphoned upon HTTP request, cache poisoned via the response)

pbnj commented 7 years ago

Are those functions confined to target_injected_xhtmljs.html?

samyk commented 7 years ago

Well, all of the attacks require the injection of target_injected_xhtmljs.html + the running Node server (pi_poisontap.js) to deliver payloads and log cookies.