PoisonTap – exploiting locked machines w/Raspberry Pi Zero

PoisonTap – siphons cookies, exposes internal router & installs web backdoor (reverse tunnel) on locked/password protected computers with a $5 Raspberry Pi Zero and Node.js. https://samy.pl/poisontap/

By Samy Kamkar

Full details and source code at https://samy.pl/poisontap/

Buy a Raspberry Pi Zero here: https://amzn.to/2eMr2WY
Buy cement for your USB ports here: https://amzn.to/2fX0I1e

When PoisonTap (Raspberry Pi Zero & Node.js) is plugged into a locked/password protected computer (Windows, OS X or Linux), it:
– emulates an Ethernet device over USB (or Thunderbolt)
– takes over all Internet traffic from the machine (despite being a low priority network interface)
– siphons and stores HTTP cookies from the web browser for the Alexa top 1,000,000 websites
– exposes the internal router to the attacker, making it accessible remotely
– installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies
– allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain
– does not require the machine to be unlocked
– backdoors and remote access persist even after device removal

Music by Epoch Rises: https://soundcloud.com/epochrises
Intro graphics by Darin Leach: https://goo.gl/HDKRFG