PoisonTap
Exploits locked computers via USB to hijack internet traffic, steal browser cookies, and install persistent web backdoors using a Raspberry Pi Zero.
What is PoisonTap?
PoisonTap is a security research tool that demonstrates how a locked computer can be compromised via a USB device. It emulates an Ethernet-over-USB device to hijack all internet traffic, enabling cookie theft, installation of persistent web backdoors, and remote access to the internal router, even after the device is removed.
Security researchers, penetration testers, and cybersecurity professionals who need to demonstrate physical access vulnerabilities and protocol weaknesses in locked systems.
Developers choose PoisonTap for its ability to bypass multiple security mechanisms like lock screens, routing priorities, HttpOnly cookies, and two-factor authentication in a single, cascading attack, providing a comprehensive demonstration of USB-based network hijacking and persistent compromise.
Overview
Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.
Use Cases
Best For
- Demonstrating physical access vulnerabilities via USB on locked computers.
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
