Update Fakenet v-1.0c : a tool that helps with the dynamic analysis of malicious software.

Release Notes New in version 1.0:

  1. Added the –r feature
  2. Added the DumpHTTPPosts option which dumps any POST requests from clients to a file.
  3. TCP packets are now sent in reasonable sized blocks of 1024 bytes per packet.  In prior versions all data which confused some clients because it’s in violation of IP protocol.
  4. Produce a hex dump for the user in the case of malformed DNS requests.  This is useful if malware transmits data in a malformed DNS request.
  5. Lots of bug fixes and improvements in error messages

FakeNet is Windows network simulation tool designed for malware analysis. It redirects all traffic leaving a machine to the localhost (including hard-coded IP traffic and DNS traffic) and implements several protocols to ensure that malicious code continues to execute and can be observed by an analyst.

The tool supports DNS, HTTP, and SSL protocols and provides a python extension interface for implementing new or custom protocols. It also the capability to listen for traffic to any port as well as create packet capture on the localhost.

Right now the tool only supports WinXP Service Pack 3. The tool runs fine on Windows Vista/7 although certain features will be automatically disabled.

If the application fails to initialize, then you need to download and install the Visual Studio 2008 redistributables (http://www.microsoft.com/download/en/details.aspx?id=29). This is a temporary workaround until this issue can be properly fixed.


  • Supports DNS, HTTP, and SSL
  • HTTP server always serves a file and tries to serve a meaningful file; if the malware request a .jpg then a properly formatted .jpg is served, etc.  The files being served are user configurable.
  • Ability to redirect all traffic to the localhost, including traffic destined for a hard-coded IP address.
  • Python extensions, including a sample extension that implements SMTP and SMTP over SSL.
  • Built in ability to create a capture file (.pcap) for packets on localhost.
  • Dummy listener that will listen for traffic on any port, auto-detect and decrypt SSL traffic and display the content to the console.

Video : https://cc.readytalk.com/cc/playback/Playback.do?id=edviq7

Download :  Fakenet1.0c.zip (9.9 MB) http://sourceforge.net/projects/fakenet/files/Fakenet1.0c.zip/download
Find Other Version | http://sourceforge.net/projects/fakenet/files/
read more in here : http://practicalmalwareanalysis.com/FakeNet/
Our post Before : http://seclist.us/fakenet-v-10b-released.html