Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//20350112
(S) Windex requires that all URL’s contain one or more parameters that are used to
authenticate the Target. These parameters are appended to the end of the URL. These
parameters must be obtained from the Windex system.
(S) When using the Windex “Redirect” technique (i.e., not the Windex “Double Iframe”
technique), the Windex URL needs to be created using the following format:
http://<windex>/submit?a=user&b=pass&__url=<site>
(S) Note that “<windex>” is the address of the Windex web server and “site” is the site to
direct the Target to after the browser has been exploited. If “site” is left blank, the Flytrap
will fill in the site that the Target was originally requesting before the Redirect. For
example,
http://<windex>/submit?a=user&b=pass&__url=http://www.cnn.com
would direct the Target to cnn.com after the browser has been exploited, and:
http://<windex>/submit?a=user&b=pass&__url=
would allow the Flytrap to fill in the __url “site” parameter based on where the Target
had originally requested. Note that there are two underscores in “__url”.
(S) See Windex documentation for Windex setup/installation/operation, and how to
create/assign users and passwords that can be used in Flytrap Redirects.
68
SECRET//20350112

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh