Freitag, 1. Juni 2007

MITM - Google Desktop

Hier zeigt jmd. einen MITM - Angriff auf einen user der "einfach nur in Google (-Desktop) sucht".
Ein interessanter und garnicht mal so doofer Trick. Die Ausführung gefällt sehr. :)

[google 2726113702646327649]

Es wird folgendes gezeigt:

  • User goes to Google and performs a search.

  • Man in the middle detects the action and proceeds to inject their own content.

  • The attacker injects a peice of JavaScript that creates an iframe to the target URL as well as makes the iframe follow the mouse (typically this would be invisible to the user, but for demonstration purposes I made it visible). 

  • He then frames another search query to correctly position the content inside the follow mouse script. 

  • As the evil search query loads, he injects a meta refresh to reload the same page forcing Google Desktop to load. In the example video below I am launching hyperterm, but you could make it any program already installed on the victim machine that is indexed by Google Desktop. 

  • User inadvertantly clicks on evil Google Desktop query which actually runs the associated program.