bLackhammer: November 2008

Browser Rider is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.

Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there are unmaintained, not updated and not documented. Browser Rider wants to fill those gaps by providing a better alternative.

Features

Easily create powerful payloads and plugins
Manage payloads automatically with plugins
All data can be saved in a database
Obfuscation
Polymorphism
Control more than one zombie at a time
Simple administration panel

Requirements

PHP 5, with json installed
Mysql
Apache with url_rewrite on
Targets must have Javascript turned on

You can download Browser Rider here:

Browser Rider v20081124 (changelog)

Or read more here.

MultiInjector claims to the first configurable automatic website defacement software, I’m not sure if that’s a good thing – or a bad thing.

But well here it is anyway.

Features

Receives a list of URLs as input
Recognizes the parameterized URLs from the list
Fuzzes all URL parameters to concatenate the desired payload once an injection is successful
Automatic defacement – you decide on the defacement content, be it a hidden script, or just pure old “cyber graffiti” fun
OS command execution – remote enabling of XP_CMDSHELL on SQL server, subsequently running any arbitrary operating system command lines entered by the user
Configurable parallel connections exponentially speed up the attack process – one payload, multiple targets, simultaneous attacks
Optional use of an HTTP proxy to mask the origin of the attacks

The author highly recommend running a HTTP sniffer such as IEInspector HTTP Analyzer in order to see all attack requests going out to the targets.

bLackhammer

Browser Rider – Web Browser Exploitation

MultiInjector – Automated Stealth SQL Injection Tool

About Me

Categories

Blog Archive

Labels