Published on June 16th, 2016 📆 | 7877 Views ⚑
0BrowserBackdoor – Secure JavaScript WebSocket Backdoor and a Ruby Command-Line Listener
-
Open new browser windows that can point to any website. (already built-in. See: server/modules/openURL.js ).
-
Change and read the clipboard. (already built-in. See: server/modules/readClipboard.js andserver/modules/writeClipboard.js ).
-
Take screenshots. (already built-in. See: server/modules/screenshot.js ).
-
Execute arbitrary system commands. (already built-in. See: server/modules/execCommand.js )
Installing
NodeJS and NPM are required for BrowserBackdoor.
Ruby 2.1+ and the gems in the Gemfile are required for BrowserBackdoorServer.
BrowserBackdoor is supported on all devices supported by Electron. Currently that is Windows 32/64, OS X 64, and Linux 32/64 .
BrowserBackdoorServer has been tested on Ubuntu 14.04, Debian 8, and Kali Linux. It should work on any similar Linux operating system.
To install anything, first, clone the repository. All the rest of the commands shown assume you are in the root of the repository.
git clone https://github.com/IMcPwn/browser-backdoor
cd browser-backdoor
How to install and run the BrowserBackdoor Electron application.
cd client
npm install
# Configure index.html and main.js before the next command
npm start
Building executables for all platforms. (see here for more information)
cd client
npm install electron-packager -g
electron-packager . --all
How to install and run BrowserBackdoorServer.
cd server
gem install bundler
bundle install
# Configure config.yml before the next command
ruby bbsconsole.rb
Screenshots of the console
The blank space in the pictures where it looks like there is missing text are redacted unique identifiers for sessions.
- The command line console with default configuration.
- The help screen (text will change over time).
- What it looks like when a session is opened (3 in this case).
- Sending a command to all sessions (as seen by session ID -1).
- Targeting a specific session then taking a screenshot of the client.
[adsense size='1']
Gloss