i am a security engineer & senior software developer from France.
Twitter: @graniet75
Chromebackdoor is a PoC of pentest tool, this tool use a MITB technique for generate a windows executable ".exe" after launch run a malicious extension or script on most popular browsers, and send all DOM datas on command and control.
How to remove root user, or change default pass!
When trying to run python chromebackdoor.py
getting error:
ImportError: /usr/local/lib/python2.7/dist-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv3_method
Kubuntu 16.10
Python 2.7.12+
M2Crypto 0.25.1
When I run chromebackdoor over http everything is OK and chromebackdoor work correctly But when i change server to https chromebackdoor not work.
I Check SSL Verification and Everything is OK and chromepanel run on it But when run chromebackdoor extension on a chrome device although it run and request my url and response will be correct (Status Code: 200 OK) But in chromepanel nothing add. Means bots panel is empty
But for example when i request
https://mydomain:myport/mychromebackdoorfolder/web/gate.php??add=exampleip&version=Build001
It run and add to bots menu in chromepanel
I dont know whats the problem.
Please help me.
Thanks.
Is is possible to install the extension silently to chrome browser?
Dear Graniet,
Please make a video for web install.
Thank you in advance,
Alisson Moretto, 4w4k3.
Form grabber or computer history not show https pages.
python chromebackdoor.py
File "chromebackdoor.py", line 26
print "["+bcolors.OKGREEN+"+"+bcolors.ENDC+"] Listing payloads..."
^
SyntaxError: invalid syntax
Thanks for idea graniet.
I created chrome extension with module keylogger and install in a another computer. But when I use chrome, it is not appear in the server 's bot list. Same happen with firefox addon. How to fix that ?
Hi Bro, You would have a manual for a better understanding of the use ?. Greetings.
Hi, I came cross by your project, and surprised by the efficiency of your project. I am curious about how to install the extension on the chrome without any interaction。And by checking your program, I found this execution path seems like setup.exe => load.exe => fcnl.exe。
However, there is no source code provided by the project, which makes me confused about the theory. Could u plz kindly share the source code of load.exe?
Merci Bourque!
I am using Kali (Rolling) and test it with Chrome in this OS.
I have followed the installation video, however seems like the script have changed a lot. So, the installation step seems to be odd during this part: https://youtu.be/uc4817555Fc?t=114
However, I managed to setup web, mysql, CRX installation on Chrome properly.
However once I did surf some websute and refresh the C&C, the web interface didn't show any sign of bot connectivity at all.
How to debug or fix it?
Note: "pip install wine32" also produced and error about
"Downloading/unpacking wine32
Could not find any downloads that satisfy the requirement wine32
Cleaning up...
No distributions at all found for wine32
Storing debug log for failure in /Users/cmaster/.pip/pip.log"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.