The purpose of this project has been just for education and this isn't a real malware. This project is a malicious Firefox extension with a command and control server and a target website for test type of different attacks. You can send malicious JavaScript code from command and control server and the extension run it on any website that you want. Some of the attacks are being here.
Python3.*
Firefox web browser
At first you should clone the repository:
Then install requirements with pip3.*:
sudo pip3 install flask
After That open the new terminal and start the command and control:
cd malware-extension/command_and_control
python3 manage.py -i [SERVER-IP-ADDRESS] -p [PORT] -f [ATTACK-FILE]
for example:
python3 manage.py -i 0.0.0.0 -p 5005 -f command_and_control/attacks/clickjacking.json
Next you should run target website in a new terminal:
cd malware-extension/target_website
python3 server.py
Now it run on on 0.0.0.0:5004
Finally load malware extension on Firefox. You can read this document to do this.
NOTE
You should change TARGET-WEBSITE-ADDRESS with your target website IP address in:
- command_and_control/attacks/*
- target_website/templates/bank.html
- target_website/templates/run.html
and ATTACKER-ADDRESS with your command and control IP address in:
- malware_extension/background.js
- command_and_control/malware_control/templates/phishing-bank.html