The Finest Hand-Selected Downloads
Individually reviewed & tested
Store News

Discover what malware is doing online with FakeNet

07 October 2016, Mike Williams

FakeNetFakeNet is a clever Windows tool which tries to detect and display common web access attempts on your PC.

The program isn’t just another packet capture tool. Instead FakeNet redirects internet traffic and handles it locally, so you’ll see any attempts to download “www.server.com/trojan.exe” but they won’t succeed.

There’s no installation required. Just unzip the download, launch FakeNet from an elevated command window and it changes your DNS settings to point at localhost.

Collect email, open a browser or do anything else web-related and FakeNet displays the DNS, URL and other details in its console window.

FakeNet responds to some requests itself. It’ll send DNS responses, for instance. Type test.com/test.jpg in your browser and FakeNet serves an image, use test.html and you’ll get a simple text file. This might help persuade your monitored software that it’s online, and able to download any payload.

FakeNet

Watch internet activity in FakeNet’s console window

This worked reasonably well in our tests, with FakeNet detecting and displaying details of HTTP traffic, HTTPS, DNS and ICMP, as well as listening to some common ports (8000, 8080, 1337). We saw what our programs were able to do, but they couldn’t do it.

There are some obvious gaps here. What about other protocols, ports, hard-coded IP addresses? There are some more thorough “capture everything” settings, but they’re XP-only. And FakeNet can be extended to support more protocols, but you’ll need to write Python scripts to do it.

The program needs to be used with caution, too. By default it redirects your DNS settings on launch, but these will only be restored if you close it down properly. If you run FakeNet from an Explorer window, say, and close its command window by clicking the top-right “x”, your DNS won’t be restored and you’ll still be offline. (There’s a switch to get your original settings back, but you’ll need to know it exists.)

These aren’t big issues for the target audience. Run FakeNet in a virtual machine, with a snapshot to hand, alongside other forensic tools and it could be very useful. Sounds like you? Give it a try.

FakeNet is an open-source application for Windows XP and later.

Your Comments & Opinion

35,872,430
Downloads
Secure & Tested Software
6,342
Reviews
Instant Download 24/7
305,011
Members
10+ Years of Service