FakeNet-NG is a next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions of Windows. FakeNet-NG is based on the excellent Fakenet tool developed by Andrew Honig and Michael Sikorski.
The tool allows you to intercept and redirect all or specific network traffic while simulating legitimate network services. Using FakeNet-NG, malware analysts can quickly identify malware’s functionality and capture network signatures. Penetration testers and bug hunters will find FakeNet-NG’s configurable interception engine and modular framework highly useful when testing application’s specific functionality and prototyping PoCs.
The configuration file is broken up into several sections.
* [FakeNet] – Controls the behavior of the application itself. The only valid option at this point is DivertTraffic. When enabled, it instructs the tool to launch the appropriate diverter plugin and intercept traffic. If this option is disabled, FakeNet-NG will still launch listeners, but will rely on another method to direct traffic to them (e.g. manually change DNS server).
* [Diverter] – Settings for redirecting traffic. Covered in detail below.
* [Listener Name] – A collection of listener configurations. Each listener has a set of default settings (e.g. port, protocol) as well as listener specific configurations (e.g. DumpHTTPPosts for the HTTPListener).
+ Python 2.7.x
+ Python Module: requests, pydivert, dnslib & dpkt
git clone https://github.com/fireeye/flare-fakenet-ng && cd flare-fakenet-ng
pip install requests pydivert dnslib dpkt
python setup.py install
python fakenet.py -h