Network Injector monitors all the HTTP connections and, following the injection rules, identifies the target's connections and injects the agent into the connections, linking it to the resources the target is downloading from Internet.
There are two Network Injector types:
Both Network Injectors let you automatically identify the target devices and infect them according to the set rules via their control software (Appliance Control Center or Tactical Control Center). Tactical Network Injectors also permit manual identification. See "What you should know about Appliance Control Center", "What you should know about Tactical Control Center".
Resources that can be infected by RCS are any type of files.
NOTE: Network Injector is not able to monitor FTP or HTTPS connections.
To create a rule:
If information is already known on target devices, numerous rules can be created, adapting them to the target's different habits, then enabling the most efficient rule or rules according to the situations that arise during a certain time in the investigation.
If no information is known on target devices, use Tactical Network Injector which allows operators to observe the target, identify the device used and infect it since on the field.
TACTICAL must be indicated in the injection rule Pattern field for this type of manual control.
RCS routinely communicates with Network Injector to send rules and acquire logs. All rules enabled in RCS Console are automatically sent to Network Injectors. A disabled rule is saved but will not be sent nor made available at the next synchronization.
Select one of the available rules to enable a specific injection on Network Injector.
After Network Injector receives the infection rules, it is ready to start an attack.
During the sniffing phase, it checks whether any of the devices in the network meets the identification rules. If so, it sends the agent to the identified device and infects it.
RCS9.5 | User manual | © COPYRIGHT 2014