Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

5.26 (U) Viewing Windex Alerts
(S) To view alerts related to Windex (browser redirect) actions, click the “View
Windex Alert” link (see Figure 47).
Figure 47: Cherry Web View Windex Alerts Page
(S) The table lists Windex alert info, including Target identifier, time of the event, status,
Windex Session ID, Flytrap, client MAC and IP, and the URL the client originally
requested. Windex Status has the following types:
Pending indicates that the Target has been detected, but has not yet gone to a root
web page to initiate the browser redirect
Redirected indicates that the Target’s browser has been redirected
Active indicates that Windex has an Active session with the redirected client
Success indicates that Windex has successfully exploited the client
Failure indicates that Windex was not able to exploit the client
Unknown indicates that the current status is unknown (e.g., the CT could not
contact the Windex server for a status update)
(S) Windex Session ID can be used on a Windex Server to fetch more detailed
information about the Windex exploitation event (in particular if a failure occurs).
61
View
Windex Alerts

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh