[Silica] SILICA v7.20
Oren Isacson
oren at immunityinc.com
Mon Apr 6 13:51:07 EDT 2015
Immunity is proud to announce the release of SILICA v7.20!
-SSL Stripping
This new module performs a man-in-the-middle attack
against stations connected to the fake access points. HTTP traffic is
modified on the fly to change HTTPS links to HTTP. Cookies
expire to force the targets to re-authenticate, with the
intention of obtaining user names and passwords.
- Self Signed Certificates
The new module performs spoofed SSL certificate attacks. The HTTPS
traffic is intercepted using self-signed certificates. Successfully
decrypted traffic is parsed for cookies and
user/password combinations.
- Bug Fix: Better handling of module stopping.
- Accomplice Plug-in Fixes
To view a demonstration of these new features visit:
https://vimeo.com/122117823
For any questions or support please email silica at immunityinc.com
Videos can be found at:
Exploiting Android WebView.addJavaScriptInterface -
http://vimeo.com/109831748
Password stealing -
http://partners.immunityinc.com/movies/Silica-BrowserAutoFill-Take2.mov
AP less WEP cracking -
http://silica.immunityinc.com/AP_less_WEP_cracking.mov
Access point impersonation -
http://partners.immunityinc.com/movies/Access_point_impersonation.mp4
Custom traffic injection -
http://partners.immunityinc.com/movies/Traffic_injection.mp4
General overview -
http://www.immunityinc.com/movies/SILICA_7.5_New_Features.mov
Wireless Window -
http://www.immunityinc.com/movies/SILICA_Wireless_Window.mp4
Key retrieval (WEP, LEAP, WPA1,2) -
http://partners.immunityinc.com/movies/Lightning_Demo_SilicaU02.mp4
Passive session hijacking (facebook, twitter, gmail etc) -
http://partners.immunityinc.com/movies/Lightning_Demo_SilicaU_01.mp4
SILICA Team
More information about the SILICA
mailing list