Tracy Software
ASP.NET

Hook The Browser

The Browser The Way You Want It!

I'm hooking the browser and applying new features to the core mechanism.
Using Reverse Engineering tools, OllyDbg and Spyxx we can find strings and relevant screens HWND (Windows Handle) to manipulate and change the browser.
My goal was to inject new JS JavaScripts functions into the DOM Document Object Model,

Without using extensions.
It's easy to find vulnerabilities in the browsers, automate them & use them for later inject good things!
I found that using a unique vulnerability technique it appears the devtool can be automated to do special things.
In the investigation process, We have the target application, Browser.exe
We will start the investigate from the very first place we encounter the software.
If it's a downlodable browser; We check if it got x64 and x86 versions, does it have multi language versions ? does it have older deprecated versions we can use for our purpose ?

ASP.NET
(lets check the browser.exe,..
After checking these issues, we start by creating abnormalities

Creating abnormalities

What will happen when the user is running the browser.exe with a networking dll from old version of the browser ?
what will happened when we run the legit browser process but with legit and incorrect language component ?
there are many options ahead, and its a very creative moment.

Automating the abnormalities

Say we found that browser.exe is working great in Remote Browser Isolation solutions,
but when the target isolated machine got infected, we can control the content presented to the users in the endpoint ?
Is it possible to trick the user or manipulate the Remote isolated protocol.

Creating a shield

After finding these vulnerabilities, its time to create a software preventing these types of viruses from using them.
ASP.NET

Injecting the protection!

no! not yet, lets first learn what we can do..

DEV-TOOLS!!

Lets type some cross browser or cross site instructions to the DOM by using the DEVTOOL Console!
Hook the browser
Open devtool in hidden mode,
Inject dll,
Inject JS Code
Manipulate the broweer pages
and then tada!!
We have a security issue to fix !
Adding a security Password to the DEVTOOL ? and adding security password to the browser setting options.
Lets Investigate and write some code to fix the issue.


To be continue..