Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
Elsa User Manual.doc
34
SECRET//NOFORN
(S) It is important to note that Elsa currently will not attempt to re-resolve a parse failure.
It is assumed that subsequent resolution attempts will produce similar errors, which could
be alerting to the server. However, there are certain cases where this is not true,
especially in the presence of the 'captive portals' or 'paywalls' often encountered at hotels
and Internet cafes. In these situations, the tool may detect the presence of an active
Internet connection before the user has clicked through the paywall. In that case the tool
will send geolocation requests before a connection is truly available to the 3
rd
party
database. Since these types of access points resolve ALL url requests to the paywall
webserver Elsa will unsuccessfully search through the returned paywall HTML for the
geolocation.
(S) The upshot of this is that the most reliable way to obtain geolocations is to save all
wifi access point information so that it can be used to resolve locations offline. If the
current version of the tool is set to delete access point information after a geolocation
attempt, the ability to obtain any geolocation after the fact may be lost.