FakeNet is a clever Windows tool which is designed to help you understand what malicious programs are doing online.

Launch FakeNet from an elevated command window and it redirects internet traffic to the localhost. Run your target software and if it tries to go online, most requests (DNS, HTTP, HTTPS) will be intercepted by FakeNet and displayed in a console window.

You could use this to see if a program is contacting some web service, maybe downloading further malware from somewhere, but without allowing these requests to succeed. Watch the console and if the app does try to access something like www.server.com/ransomware.exe, it'll be redirected to FakeNet and displayed to you.

It's an interesting tool, but there are some potential gotchas you need to bear in mind.

FakeNet doesn't guarantee your protection. Software may be able to bypass it by using fixed IP addresses or other protocols, and of course malware may be able to compromise your system without downloading anything at all. Run it in a virtual machine for safety.

The program installs Winsock hooks on Windows XP to more reliably capture traffic. This should work, but might cause issues with other software. Again, it's safest to run it in a virtual machine.

Also, FakeNet alters your DNS settings while it's operating. If it crashes, or you forcibly close the program, the DNS redirect remains in place and you won't be able to get online.

To avoid problems, run FakeNet manually from an elevated command line, and press Ctrl+C when you're done to close the program properly.

If the program fails mid-session, re-run it with a -r command line switch (fakenet.exe -r) to restore the default settings. Alternatively, restore the DNS settings yourself (right-click the network connection > Properties > select TCP/IP v4 > Properties and select "Obtain DNS server address automatically".)


FakeNet is a simple way to discover more the URLs a program might be contacting. It's not foolproof, though-- you'll need to use it alongside other software (like virtual machines) to stay safe.