Skip to content

nexon33/EvilPuppetJS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
.vscode
.vscode
 
 
components
components
 
 
public
public
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
app.js
app.js
 
 
config.js
config.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

EvilPuppet

DISCLAIMER: EvilPuppet is for educational and research purposes only. Do not use this tool for illegal activities. The author is not responsible for any misuse of this tool.

Overview

EvilPuppet is a proof-of-concept man-in-the-middle(MITM) tool that uses Puppeteer in the background to capture and stream HTML content to a target browser. More than just streaming, it provides an interface that allows the target browser to remotely control the Puppeteer browser instance, simulating a real user's actions.

Features

  • Stream Puppeteer controlled web content to target browsers.
  • Allow remote control of the Puppeteer browser instance from the target browser.
  • Simulate real user behaviors like clicking, scrolling, and typing.

Prerequisites

  • Node.js

Installation

  1. Clone the repository:
git clone https://github.com/nexon33/EvilPuppetJS.git
  1. Navigate into the directory:
cd EvilPuppetJS
  1. Install the dependencies
npm install

Usage

  1. Set config inside config.js

  2. Start the server:

node app.js
  1. Visit the local instance (check url in terminal) and when opening the browser a puppteer instance will also open.

Known problems

  • Syncing the textfields between the browsers can be improved.

  • diffDOM library issues which end up also being EvilPuppet's problems.

  • Many other things too much to list for now.

TODO

  • Make use of MutationObserver instead of a loop to detect changes. (Maybe getting rid of diffDOM?)

  • Improve syncing between text fields.

  • Further improve typing

  • Add support for copy/paste and autofill

  • Complete refactoring the code and convert it to typescript.

  • Add mouse hover and drag.

  • fix the cssparser and html parser to make it more robust in edgecases. Especially get rid of regex.

  • Fix clicking and other functions inside iframes. (only rendering currently works)

  • ...

Safety and Responsibility

This tool is powerful and can be misused. Always get proper permissions before conducting any testing. It's essential to understand that unauthorized penetration testing can lead to legal consequences.

Contribution

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

License

This project is licensed under the MIT License - see the LICENSE.md file for details.

Note:

Please make sure that you always use such tools ethically and responsibly. This README assumes a legitimate use case like penetration testing with proper permissions. Always obtain permission before testing on any system or network.

About

Browser streaming MITM proxy

Resources

Readme

License

MIT license
Activity

Stars

41 stars

Watchers

5 watching

Forks

16 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages