[Silica] SILICA v7.20
Oren Isacson
oren at immunityinc.com
Mon Apr 6 13:22:29 EDT 2015
Immunity is proud to announce the release of SILICA v7.20!
- SSL stripping: this new module performs an man-in-the-middle attack
against stations connected to the fake access point. HTTP traffic is
modified on the fly to change HTTPS links to HTTP ones. Cookies are
expired to try to force the targets to re-authenticate, with the
intention of obtaining user and passwords.
- Self signed certificates: the new module also performs spoofed SSL
certificate attacks. The HTTPS traffic is intercepted using self-signed
certificates. Successfully decrypted traffic is parsed for cookies and
user/password combinations.
To view a demostration of this new features visit
https://vimeo.com/122117823
- Bug fix: better handling of module stopping.
- Accomplice plugin fixes.
For any questions or support please email silica at immunityinc.com
Videos can be found at:
Exploiting Android WebView.addJavaScriptInterface -
http://vimeo.com/109831748
Password stealing -
http://partners.immunityinc.com/movies/Silica-BrowserAutoFill-Take2.mov
AP less WEP cracking -
http://silica.immunityinc.com/AP_less_WEP_cracking.mov
Access point impersonation -
http://partners.immunityinc.com/movies/Access_point_impersonation.mp4
Custom traffic injection -
http://partners.immunityinc.com/movies/Traffic_injection.mp4
General overview -
http://www.immunityinc.com/movies/SILICA_7.5_New_Features.mov
Wireless Window -
http://www.immunityinc.com/movies/SILICA_Wireless_Window.mp4
Key retrieval (WEP, LEAP, WPA1,2) -
http://partners.immunityinc.com/movies/Lightning_Demo_SilicaU02.mp4
Passive session hijacking (facebook, twitter, gmail etc) -
http://partners.immunityinc.com/movies/Lightning_Demo_SilicaU_01.mp4
SILICA Team
More information about the SILICA
mailing list