FinFly Web / Release Notes FINUSB SUITE 1 SPECIFICATIONS FINFISHER: FinFly Web 4.0 Release Notes FinFly Web / Release Notes FINUSB SUITE 2 SPECIFICATIONS Copyright 2013 by Gamma Group International, UK Date 2013-08-09 Release information Version Date Author Remarks 1.0 2010-06-29 ht Initial version 1.1 2010-07-05 pk Review 1.2 2010-09-24 Pk Add changes for release 1.4 1.3 2012-02-05 PK Add changes for release 2.0 1.4 2012-03-16 PK Add changes for release 2.1 1.5 2012-05-12 PK Add changes for release 2.2 1.6 2013-01-08 PK Add changes for release 3.0 1.7 2013-03-26 PK Add changes for release 3.1 1.8 2013-05-17 PK Add changes for release 3.2 1.9 2013-08-09 PK Add changes for release 4.0 FinFly Web / Release Notes FINUSB SUITE 3 SPECIFICATIONS Table of Content 1 Overview ............................................................................................................................................... 4 2 ChangeLog ............................................................................................................................................. 5 3 Limitations........................................................................................................................................... 14 FinFly Web / Release Notes FINUSB SUITE 4 SPECIFICATIONS 1 OVERVIEW FinFly Web is designed to help Law Enforcement and Intelligence Agencies to covertly install Remote Monitoring software onto Target Systems through Websites which install the software by using the Web-browser module functionalities. The product can generate a wide-range of attack codes that can be implemented into any given Website and which will infect the Target when visiting the website. Tactical IT Intrusion Portfolio 3 Remote Monitoring & Infection Solution FinSpy FinUSB Suite Tactical IT Intrusion Portfolio FinSpy Mobile FinIntrusion Kit FinFly FinFireWire . USB . Web IT Intrusion Training Program FinTraining . LAN . ISP FinFly Web / Release Notes FINUSB SUITE 5 SPECIFICATIONS 2 CHANGELOG Version: 4.0 Component Change Description Modules Code Review Optimize Source Code of different modules Modules Update Optimize all modules to support latest version of all browsers. Module New Information Gathering Each module can be extended by an Module information gathering module. This module will collect information from target PC (e.g. OS, Language, Timezone, IP-Address etc.) Module Replacement / New The existing IFRAME module was replaced by a Module (Iframe / new module. In previous releases the FFWeb Framebuster) code could be rejected by some webpages, to prevent the content can be shown in an IFRAME. The new module require php pre- installed on the webserver. The new version will bypass IFRAME Framebustering technique. Module New Feature / Anti- A special encoder script was written, to prevent Debugging an easy debugging / interception of javascript code. Module New Module (IE Click Once) A new module was added. It runs only in an Internet Explorer browser. A click once application will be loaded. User has to accept the application only once. Code signing with a trusted certificate is integrated. GUI Update New enhanced content check was integrated, which detects if all necessary files will be successfully written. Mobile Targets Update All modules were tested and optimized for mobile targets. FinFly Web / Release Notes FINUSB SUITE 6 SPECIFICATIONS Version: 3.2 Component Change Description Module Removal of XPI Plugins The XPI-based plugins have been temporary suspended. We are working on new functionalities and techniques which work on all common browsers and are not limited to certain vendors" GUI Fix Input Validation “~”- character can be used inside Java Payload URL. FinFly LAN/ISP Fix Configuration File HTTP/HTTPS protocol will be detected automatically. Module Fix All Module Linux Payload without any file extension will generate an output filename without any file extension too. Documentation User Manual / Training Both documents were updated. Slides Version: 3.1 Component Change Description GUI Fix Fixed button size in the wizard. GUI New Feature Reset previous selected payload is possible now. Installer Bugfix Fix update error if FinFly Web was installed with user permission. Version: 3.0 Component Change Description FinFly Lan / ISP Module Support Update Support / Update for Mobile Targets FinFly Web / Release Notes FINUSB SUITE 7 SPECIFICATIONS Module Code Obfuscating Implementation of Java Script Code Obfuscating. Module Bugfix / Java – Module Fix UAC bypass to start non-UAC payload. Module XPI – Module Add possibility to change version number of XPI Add-On. Module Java – Module Java Applet can be signed with a *.pfx/*.p12 certificate file. Modules Mobile Targets Modules were improved to support Mobile Targets: - Android - iOS - Blackberry - Windows Mobile - Symbian Modules Add support for more New Browser are supported: Browser - Opera Mini / Mobile - Dolphin - Skyfire - Blackberry / Symbian Default Browser - IE for Windows Mobile Modules Code Review Optimize Source Code of different modules Modules OS-Detection Update for Mobile Targets GUI Improvements - Module Selection with Preview - Comfortable Payload Selection FinFly Web / Release Notes FINUSB SUITE 8 SPECIFICATIONS Version: 2.2 Component Change Description FinFly Lan / ISP Module Support Update Add condition tag, which specified the “user agent”, “domain” and “protocol”. FinFly Lan / ISP Module Resource Fix Extensions of resources will be written in lower- case. FinFly Lan / ISP Module Init Fix Remove empty Body/Attribute tag for XPI- Popup Module Bugfix / Java – Modules Java – URL will be checked after focus out and not immediately anymore. Module XPI – Modules Parameter for XPI-Popup and XPI-Plugin-Bar will be saved in different xml-tags. Both XPI modules can have their own configuration. Module Bugfix / XPI-Modules Preview of generated XPI-Module in Firefox Browser blocked output folder. Module XPI-Popup – Modules Change all default values from Realplayer into Flashplayer (Plugin Name, Vendor Name, Vendor URL etc.) Payload Mac OSX – Payload Mac OS X – Installer (= *.pkg) files are also supported now. Updates Bugfix *.msi – Installer are supported now. Target Improvements New browser versions are supported: Chrome: 11/12/13/14/15/16/17/18 Firefox: 3/3.5/4/5/6/7/8/9/10/11/12/13 Internet Explorer: 7/8/9 Opera: 10/11 Safari: 4/5 Seamonkey: 2.4/2.5/2.6/2.7/2.8/2.9 FinFly Web / Release Notes FINUSB SUITE 9 SPECIFICATIONS Version: 2.1 Component Change Description FinFly Lan Module Support Introduced support for the Infection proxy in all modules, specifically the modules which make use of Iframes and in the past would fail to load inside the infection proxy. New routines were added to the following modules: XPI-Popup XPI-Plugin Bar IFrame Java Module Bugfix / XPI – Modules This version fixes a bug where the page wouldn’t load if one of the XPI modules (xpi_popup and xpi_bar) is loaded in a different web browser than Firefox or Seamonkey. Both modules will now load the Iframe only and will not run any code that involves the actual XPI loading and executing. This affected not only Internet Explorer, the fix supports all general available web browsers. Module Improvement / XPI – The web browser Seamonkey (that is derived Modules from Mozilla Firefox) is now supported in the XPI modules (XPI Popup and XPI Plugin-Bar). Module Improvement / XPI – Handling of the payload was changed. Modules These modules don’t rely on a cookie and can detect if the XPI is actually installed or not, now. This fix patch two issues of the past release: The page now loads after the installation of the XPI, but does not attempt to install the XPI again - no popup is shown. After a de-installation of the XPI the module allows new attempts to install the XPI again. Module Bugfix / Improvement XPI- The popup image for all relevant modules is Modules now un-selectable. Module Bugfix / XPI – Popup The XPI - Popup module supports newlines now. Module Bugfix / XPI – Plugin Bar Modified the “click-coordinates” of the XPI – Plugin Bar module to make it run properly. GUI Improvement / Bugfix Modified Output Folder and FinFly Lan Settings can be configured. FinFly Web / Release Notes FINUSB SUITE 10 SPECIFICATIONS Version: 2.0 Component Change Description GUI Multiple Language Support GUI can be translated into different languages GUI Improvement / Rewrite Improve GUI / Implement Wizard for an easy creation process. GUI Summary Page After a new module was generated, a summary page lists all module configurations, a supported browser list and a status message. Module Improve Static Module New / Improved Features: - Module was completely rewritten - Auto-Scale Popup Image - Session – Cookie Implementation - Multi – OS – Payload Support - OS Auto-Detection - Improve Display / Blocking Behavior if browser will be resized Module Improve Iframe Module New / Improved Features: - Module was completely rewritten - Auto-Scale Popup Image - Frame Buster implementation - Session – Cookie Implementation - Multi – OS – Payload Support - OS Auto-Detection - Improve Display / Blocking Behavior if browser will be resized Module Improve Java Module New / Improved Features: - Applet Name can be defined - Improve Validation Period of Certificate to prevent Warning - Module was completely rewritten - Multi – OS – Payload Support - OS Auto-Detection Module Improve XPI Plugin Bar New / Improved Features: Module - Frame Buster Support for Iframe - Plugin Bar will be shown in OS specific Theme - More example screenshots