Hi everyone!
I recently open-sourced a tool I'd been working on for a while at https://github.com/flancast90/ChromePE, and am looking for some more experienced hackers to give me some feedback on it.
Basically, the tool (written in Python using Selenium) is designed for post-exploitation use, and allows an attacker to remotely get the victim's Chrome passwords, bookmarks, downloads, and history, as well as supports redirects using a specified URL with an optional keylogger there. I have already gotten some good ideas from Discord servers, such as support returns of localStorage and cookies, but am looking for some other things to add, too.
Some possible use cases I can imagine are in open-systems, such as library computers, etc, where an attacker could fake a required login to say, Google, with a forced redirect, and from there get the user's password and data. Another possibility would be where an attacker could upload files to a system, or could bundle the files in a malicious download.
The tool is at https://github.com/flancast90/ChromePE for all of you interested, and Thank You!
[link] [comments]
from hacking: security in practice https://ift.tt/3cV1aZD
Comments
Post a Comment