Skip to content
/ EvilChrome Public

This advanced Proof of Concept (PoC) demonstrates critical browser security vulnerabilities by implementing a sophisticated Chrome browser manipulation framework. It serves as a research tool for understanding potential attack vectors and developing better browser security measures.

License

MIT license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vibheksoni/EvilChrome

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
chrome_controller
chrome_controller
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

EvilChrome: Advanced Chrome Security Research PoC

Python Selenium Status

⚠️ Educational Purposes Only

This advanced Proof of Concept (PoC) demonstrates critical browser security vulnerabilities by implementing a sophisticated Chrome browser manipulation framework. It serves as a research tool for understanding potential attack vectors and developing better browser security measures. For educational and research purposes only.

🎯 Project Overview

EvilChrome exposes potential security flaws in Chrome's architecture through a comprehensive monitoring system that demonstrates:

  • Undetectable Chrome instance manipulation
  • Real-time session hijacking capabilities
  • Form data interception mechanisms
  • Cookie theft and manipulation techniques
  • Stealth profile access methodologies
  • Cross-origin request forgery possibilities

🛠️ Technical Implementation

  • Undetected Chrome Driver integration
  • Multi-threaded event monitoring system
  • Domain-specific action triggers
  • Cookie and input field tracking
  • Alert handling system
  • Graceful cleanup and shutdown

🚀 Quick Start

# Clone the repository
git clone https://github.com/vibheksoni/EvilChrome.git

# Install dependencies
pip install -r requirements.txt

# Run the PoC
python main.py

🔍 Key Attack Vectors Demonstrated

  • Profile Manipulation: Unauthorized access to Chrome user profiles
  • Silent Monitoring: Undetectable browser activity tracking
  • Data Interception: Real-time form submission and cookie capture
  • Session Hijacking: Browser session manipulation techniques
  • Stealth Operation: Anti-detection mechanisms using undetected-chromedriver

🛡️ Security Implications

This PoC highlights several security concerns:

  • Browser profile access vulnerabilities
  • Form data exposure risks
  • Cookie manipulation possibilities
  • Browser activity monitoring potential

⚖️ Legal Disclaimer

This tool is for educational purposes only. Users are responsible for complying with applicable laws. The author is not responsible for any misuse or damage caused by this program.

🤝 Contributing

Feel free to contribute to this project by opening issues or submitting pull requests. Please ensure your contributions align with the educational purpose of this project.

📝 Author

Vibhek Soni

📜 License

This project is licensed under the MIT License - see the LICENSE file for details.

About

This advanced Proof of Concept (PoC) demonstrates critical browser security vulnerabilities by implementing a sophisticated Chrome browser manipulation framework. It serves as a research tool for understanding potential attack vectors and developing better browser security measures.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages