• Stars
    star
    189
  • Rank 204,649 (Top 5 %)
  • Language
    JavaScript
  • Created over 1 year ago
  • Updated 9 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Session Hijacking Visual Exploitation

Session Hijacking Visual Exploitation

alt Logo

Session Hijacking Visual Exploitation is a tool that allows for the hijacking of user sessions by injecting malicious JavaScript code.

Installation

Prerequisites

To run Session Hijacking Visual Exploitation, you will need to have the following software installed:

  • Node.js (version 19.0.0 is recommended due to compatibility issues with newer versions)
  • npm
  • nvm (Node Version Manager, recommended for easily switching between Node.js versions)

Server Installation

To install the server, follow these steps:

  1. Clone the repository from GitHub:

git clone [email protected]:doyensec/Session-Hijacking-Visual-Exploitation.git

  1. Navigate to the server directory:

cd Session-Hijacking-Visual-Exploitation/server

  1. Install the server dependencies:

npm install

Client Installation

Session Hijacking Visual Exploitation provides pre-compiled client applications, which you can download directly from the GitHub releases. If you want to compile the application yourself or develop further, follow these steps:

Direct Download:

  1. Go to the Releases section of the GitHub repository.
  2. Download the suitable package for your OS.
  3. Install the application as you would with any other software on your OS.

Compile & Build Using Electron Builder:

  1. Clone the repository:

    git clone [email protected]:doyensec/Session-Hijacking-Visual-Exploitation.git

  2. Navigate to the client directory:

    cd Session-Hijacking-Visual-Exploitation/client

  3. Install client dependencies:

    npm install

  4. Build the application for your OS:

    npm run pack

This will generate executable files for your Operative System. The resulting files will be in the dist directory.

Node.js Version Recommendation

Due to compatibility issues with recent Node.js versions, we recommend using Node.js version 19.0.0. You can easily switch to this version using nvm:

  1. Install nvm by following the instructions here.

  2. After installing nvm, install and use Node.js version 19.0.0:

nvm install
nvm use

With the above commands, your terminal session will now be using Node.js version 19.0.0.

Usage

To use Session Hijacking Visual Exploitation, follow these steps:

  1. Start the server:

cd Session-Hijacking-Visual-Exploitation/server

npm start

The first time the server starts, it will require an initial setup. Follow the provided steps for configuration

  1. Start the client:

  2. Log in with the previously created user (it will be required during the configuration)

  3. On the client, use the button to download the certificate and install it

  4. Inject the malicious JavaScript in the browser (You can obtain the script in the payloads page)

Configuration

We provide several options for configuration:

  • npm run createUser: Create a new user
  • npm run regenerateToken: Regenerate the token used for JWT signatures
  • npm run setConfig: Establish server ports and specify whether SSL will be used. If SSL is to be used, add the privateKey.pem and certificate.pem files to the files directory

Modes

On the tool you will notice there are two different modes:

  1. Interactive: It will allow you to access to the different websites using the victim browser's security context
  2. Visual: It will show you what the victim is seing and doing in the hooked browser

Templates

After starting the server and the client, you have the ability to utilize templates for advanced exploitation:

  • Office Document Templates: By uploading templates with the extensions .docm, .pptm, or .xslm, the tool will search for URLs pointing to Word, Excel, or PowerPoint documents. Upon finding them, it downloads the documents, injects the macros from the uploaded templates, and alters the download URL. Consequently, users will download the original document injected with the specified macros. You can view these office documents by clicking on the 'List Files' button.

  • HTML Template for CORS Exploitation: If you upload an HTML template, it's primarily used to exploit CORS misconfigurations. Under /connect, the uploaded HTML content will be displayed, also injecting the malicious JS. This results in a new client that can be used interactively with sites vulnerable due to improper CORS configurations.

Screenshots

alt Screenshot_0 alt Screenshot_1

More Repositories

1

inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
Python
1,510
star
2

electronegativity

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.
JavaScript
953
star
3

regexploit

Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)
Python
779
star
4

awesome-electronjs-hacking

A curated list of awesome resources about Electron.js (in)security
558
star
5

burpdeveltraining

Material for the training "Developing Burp Suite Extensions โ€“ From Manual Testing to Security Automation"
Java
345
star
6

wsrepl

WebSocket REPL for pentesters
Python
194
star
7

PESD-Exporter-Extension

PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams
HTML
94
star
8

ajpfuzzer

A command-line fuzzer for the Apache JServ Protocol (ajp13)
Java
91
star
9

safeurl

A Server Side Request Forgery (SSRF) protection library. Made with ๐Ÿ–ค by Doyensec LLC.
Go
89
star
10

CSPTBurpExtension

CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
Java
79
star
11

Prototype-Pollution-Gadgets-Finder

Python
73
star
12

StandardizedImageProcessingTest

A test suite built with Mocha/Chai to test for behavioral differences between image libraries for the web
JavaScript
68
star
13

PoiEx

๐ŸŒ Visualize and explore IaC โœ’๏ธ Create and share notes in VS Code ๐Ÿค Sync notes and findings in real-time with friends
TypeScript
68
star
14

GQLSpection

GQLSpection - parses GraphQL introspection schema and generates possible queries
Python
64
star
15

HopperTheme

Doyensec theme for the Hopper Disassembler - chill and functional for long RE nights
55
star
16

oidc-ssrf

An Evil OIDC Server
Go
49
star
17

cloudsec-tidbits

Blogpost series showcasing interesting cloud - web app security bugs
HCL
44
star
18

confuser

Dependency Confusion Security Testing Tool
Python
39
star
19

vbox-fuzz

Companion to the "Introduction to VirtualBox security research" Blog Post
C++
29
star
20

CVE-2022-39299_PoC_Generator

A Simple CVE-2022-39299 PoC exploit generator to bypass authentication in SAML SSO Integrations using vulnerable versions of passport-saml
Python
17
star
21

VSCode_PoC_Oct2019

Proof of Concept for a VSCode Python Extension Code Execution Vulnerability
Python
16
star
22

r2pickledec

Pickle decompiler plugin for Radare2
C
14
star
23

imagemagick-security-policy-evaluator

The ImageMagick Security Policy Evaluator allows developers and security experts to check if an XML Security Policy is hardened against a wide set of malicious attacks. It assists with the process of reviewing such policies, which is usually a manual task, and helps identify the best practices for ImageMagick deployments.
JavaScript
14
star
24

webext_boilerplate

Web extension boilerplate files for web application testers.
JavaScript
7
star
25

db-race-conditions-playground

Database Race Condition Playground. Made with ๐Ÿงก by Doyensec LLC.
JavaScript
6
star
26

ThereAreBugsEverywhere

Doyensec Wallpapers - ThereAreBugsEverywhere Theme
5
star
27

libajp13

AJPv1.3 Java Library
Java
4
star
28

wallet-info

A web service providing Ethereum Dapp information. Made with ๐Ÿ–ค by Doyensec LLC.
Go
4
star
29

SoloKeys-2020Q1-fw-downgrade-PoC

SoloKeys firmware downgrade proof of concept
Python
3
star
30

libressl-portable

C
1
star