imcpwn / browser-backdoor Goto Github PK

View Code? Open in Web Editor NEW

344.0 27.0 98.0 257 KB

BrowserBackdoor is an Electron Application with a JavaScript WebSocket Backdoor and a Ruby Command-Line Listener

License: MIT License

HTML 4.04% JavaScript 38.05% Ruby 54.15% Shell 3.76%

backdoor electron javascript-backdoor

browser-backdoor's Introduction

BrowserBackdoor

BrowserBackdoor is an Electron application that uses a JavaScript WebSocket Backdoor to connect to the listener.

BrowserBackdoorServer is a WebSocket server that listens for incoming WebSocket connections and creates a command-line interface for sending commands to the remote system.

The JavaScript backdoor in BrowserBackdoor can be used on all browsers that support WebSockets. It will not have access to the Electron API of the host computer unless the BrowserBackdoor Client application is used.

Some things you can do if you have access to the Electron API:

Open new browser windows that can point to any website. (already built-in. See: server/modules/openURL.js).
Change and read the clipboard. (already built-in. See: server/modules/readClipboard.js and server/modules/writeClipboard.js).
Access cross-platform Operating System notifications and the tray on OS X and Windows.
Take screenshots. (already built-in. See: server/modules/screenshot.js).
Execute arbitrary system commands. (already built-in. See: server/modules/execCmd.js)
Run at startup. (already built-in. See: client/main.js and server/modules/manageStartup.js).

Support

If you find an issue with the program please use the issue tracker: https://github.com/IMcPwn/browser-backdoor/issues

Wiki

Screenshots are avaliable on the Wiki! https://github.com/IMcPwn/browser-backdoor/wiki/Screenshots

More information will be added to it soon.

Usage

The client application will run in the background and provide no user interface while running. To check that it's running, quit it, or enable/disable system startup press Command (OS X) OR Control (Windows/Linux) + Alt + \ or whatever you configured the shortcut as in client/main.js.

The server application's usage can be accessed by typing help in the command line.

Installing

Requirements for client:

Latest Node.js and npm

Requirements for server:

Ruby 2.1+ and the gems in the Gemfile

BrowserBackdoor Client is supported on all devices supported by Electron. Currently that is Windows 32/64, OS X 64, and Linux 32/64.

BrowserBackdoorServer has been tested on Ubuntu 14.04, Debian 8, and Kali Linux. It should work on any similar Linux operating system.

To install anything, first, clone the repository. All the rest of the commands shown assume you are in the root of the repository.

git clone https://github.com/IMcPwn/browser-backdoor
cd browser-backdoor

How to install and run the BrowserBackdoor client application:

cd client
npm install
#
# Configure index.html and main.js before the next command.
#
npm start

How to build client executables (see here for more information):

cd client
npm install electron-packager -g
electron-packager . --all

How to run BrowserBackdoorServer:

cd server
gem install bundler
bundle install
#
# Configure config.yml before the next command
#
ruby bbsconsole.rb

License

MIT

Disclaimer

This is a personal development project, please do not use it for nefarious purposes. The author bears no responsibility for any misuse of the program.

Contact

This program is made by IMcPwn .

Contact information such as email, twitter, and other methods of contact are avaliable here: https://imcpwn.com

browser-backdoor's People

Contributors

Stargazers

Watchers

Forkers

akiraaisha vasco2016 lucabongiorni jwrush 94883r caoimhinp sucof hawksleym ttxx9999 caineqt eniac888 logan-lu wflk testzzzz yuang1516 fork42541 johnjohnsp1 sh1nu11bi filipposm h3ll0world xybyrgy naylamp6 frankamente kbahaxor samyoyo security-geeks cyber-forensic akustolin followmaster hongyunnchen az0ne 453483289 xingkongtianyu psuedoelastic suriya73 almaddy95 gabouh antonio24 olivierh59500 0thm4n3 devopsberlin xuseman toin0u puppycodes sabriallani rexfordkelly-on-electron team-firebugs tfxrdz jack51706 joncv conqu3r monkeym4ster cfthemaster av1080p tardummy01 j9t5k8bx1ny4h2pr ykankaya bilportistivraboti fingerleakers ro9ueadmin opt9 thatisissa 277800076 ynx0 p3t3rp4rk3r projecthaidar 01karmen010mcguire10 whoamisysteminfo attackgithub gnobus alexwyoup gwg422 vantier ex624 icysun qwqdanchun-fork zhelectron tnexperts bytjn1416124

browser-backdoor's Issues

The space character is not supported when using the exec command directly

Improve the module system

I would like to create a Metasploit-style module system where you can "use module" then type the module command for the JavaScript in the module file to be executed on the selected session.

At the moment I do not know how to implement this, I will be doing further research on the topic.

File upload module

Add a module that will allow filesystem access with upload/download of files.

Colors!

Everyone likes command line applications with colors.

Support iOS and Android

Possibly using a framework such as Cordova.

Use readline with execCommandLoop()

Specify required JavaScript runtime for uglifyJS

Auto updates for client application

Always increment session IDs

With this implemented the session ID of -2 is no longer necessary.

Add client generation script

Add a script to create the client programmatically given the options (URL, timeout, configURL).

Improve ls command

Add colored output, make directories look different then files.

Improve command-line help

Missing auto-launch module in electron-packager apps

Show if module is interactive with 'modules' command

downloadFile crashes client on files larger than 60MB

It has been reported that downloadFile causes the client to crash downloading files larger than 60MB.

Obfuscate module code when sending to client

VNC module

Can we string a couple diffs of the screenshots together to get vnc like functionality?

webcamMicrophone.js does not work

[X] Error converting incoming encoded webm to webm automatically (Webm is empty). Attempting to save as .txt
[*] Response received but is too large to display (20 characters). Saved to out/bb-result-XXXX-XXXX.txt

Example to use?

Tks

Add logging

Make travis.yml test better

Travis does not test any Ruby code besides syntax. Even so, it doesn't test anything besides commands in server/ which does not include server/lib/

Detect result type during onmessage

Automatically convert screenshots to PNGs, etc with a detectResult() method in the WebSocket class.

Validate configuration variables

idle time module

electron-packager needs wine

This will need to be added to .travis.yml

Save responses to a file

Have a class variable in Bbs::WebSocket that stores the past 5 responses and add a save command to save a certain amount to a file.

Feature request: REST based fallback for older clients

Would it be possible to create an option which simply starts an HTTP(S) REST server which a browser can continuously ping for updated commands.

Example

Server starts with the --rest option
Server starts an HTTP(S) server on the configured ports
Client executes code, but doesn't support websockets
Client switches to REST and uses an HTTP GET call to get a buffer of code every x milliseconds
Server sends response and clears the buffer for related session
Client eval's the code passed to it, and POST's it back to the server as a response
Server echoes the output to the user

Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.