What is this about?
“Browser Rider” is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.
Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there are unmainted, not updated and not documented. Browser Rider wants to fill those gaps by providing a better alternative.
What are the features?
^ Easily create powerful payloads and plugins
^ Manage payloads automatically with plugins
^ All data can be saved in a database
^ Obfuscation
^ Polymorphisme
^ Control more than one zombie at a time
^ Simple administration panel
Why create Browser Rider?
› Fun
› The challenge of creating something better than what is already existing
› Browser Rider can be used as a better XSS tunnel than the other tools during a pentest
› General hacking
Technical requirements
› PHP 5, with json installed
› Mysql
› Apache with url_rewrite on (optional since 25/01/09)
› Targets must have Javascript turned on
Download it!
› SVN
› Browser Rider v20090204 (changelog) stable
› Browser Rider v20090125 (changelog) beta
› Browser Rider v20081124 (changelog) stable
› Browser Rider v20080908 (changelog) stable
› Browser Rider v20080627 beta
Online demo
To test the framework, first open this page in a new window and do not close it. You can then go on the administration panel and you should see your ip in the zombie list.
Documentation
The documentation for the project can be found on our mediawiki.
› Installation
› Programming using the framework
› Writing, editing and using payloads
Public payloads
| append_iframe | append an iframe to the target's DOM |
| auto_refresh | automatically reload BrowserRider to check for updates |
| box_alert | load an alert box |
| box_prompt | load a prompt box to ask something and save the answer |
| cookie_stealing | automatically steals your zombies' cookie |
| exec_javascript | executes some javascript code |
| fieldlogger | Steals data from forms |
| get_DOM | downloads the victim page's DOM |
| keep_alive | puts targets in a frame |
Public plugins
| referer_attack | Automatically attach a zombie to certain payloads if comes from a certain referer |
Public obfuscators
| Dean Edwards | http://dean.edwards.name/packer/ |
Public tools
| BR-CodeGEN | Helps you generate malicious javascript codes using the packers provided by the application. |
| BR-AppFinder | This tool is an extension to the get_DOM payload that searches for known web applications within the stolen Html pages. |
Note from the developpers
› One of the challenges we are facing is browser compatibility. We cannot guaranty that Browser Rider will be compatible
with each and every browser out there.
› You'll understand that with the current legislations on computer security that we cannot provide you public awesome
payloads. However we will discuss on the forum and the blog, new security flows, where some concepts may be explained. Feel free
to then develop your own proof of concept and test them in a safe environment.