Skip to content

Commit a30934c

Browse files
EsonhughEsonhugh
committed
update: README for technique info
1 parent dfc52a6 commit a30934c

File tree

1 file changed

+17
-1
lines changed

1 file changed

+17
-1
lines changed

README.md

+17-1
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,16 @@ and create a simple http proxy service at local.
55

66
You can make request via http proxy and that request will send to the browser which executed payloads and let the browser request on behalf of you.
77

8+
## How to
9+
10+
The "ProxyInBrowser" project will established an HTTP proxy through a browser to execute web requests. It leverages the fetch API to allow a victim's browser to make customized requests as per the attacker's parameters, enabling the attacker to receive responses from the victim's browser.
11+
12+
A typical use case for this project is in XSS (Cross-Site Scripting) attacks where, after injecting a generated malicious script, the payload from this project is automatically loaded, and JavaScript is executed to establish a WebSocket connection back to the attacker. The WebSocket is for command and control communication, which can bypass some CSP but will not automatically rebuilt unless the XSS trigger is reactivated. Also it will persist by using a specific client trace id inside localstorage, which allows controller backend knows which client is.
13+
14+
The main security measure against such exploits is a well-configured Content Security Policy (CSP) that can prevent XSS and block tools like ProxyInBrowser.
15+
16+
The primary technical challenge involves stripping browser HTTPS requests by using a methodology similar to Burp Suite to create an HTTP proxy and performing MITM attacks with self-signed CA certificates. This setup allows manipulation of Fetch API calls and CORS responses to bypass security measures in browsers, considering ongoing updates and security enhancements.
17+
818
## Installation
919

1020
### Pre-requisites
@@ -34,10 +44,16 @@ paste payload on website or developer kit console.
3444
Console> help
3545
```
3646

37-
## Usage Demo
47+
### Usage Demo
3848

3949
[![ProxyInBrowser Usage Demo](https://markdown-videos-api.jorgenkh.no/url?url=https%3A%2F%2Fyoutu.be%2FoJyczopfzrc)](https://youtu.be/oJyczopfzrc)
4050

51+
## Known Issue
52+
53+
no-cors mode fetch command will let chrome broswer ban javascript get response from some where. It will happen when cross site CDN js/image resource is included in that website.
54+
55+
So Fetch can't impersonate any request that browser does. :(
56+
4157
## Sponsor
4258

4359
[Patreon](https://patreon.com/Skyworshiper?utm_medium=unknown&utm_source=join_link&utm_campaign=creatorshare_creator&utm_content=copyLink)

0 commit comments

Comments
 (0)