This advanced Proof of Concept (PoC) demonstrates critical browser security vulnerabilities by implementing a sophisticated Chrome browser manipulation framework. It serves as a research tool for understanding potential attack vectors and developing better browser security measures. For educational and research purposes only.
EvilChrome exposes potential security flaws in Chrome's architecture through a comprehensive monitoring system that demonstrates:
- Undetectable Chrome instance manipulation
- Real-time session hijacking capabilities
- Form data interception mechanisms
- Cookie theft and manipulation techniques
- Stealth profile access methodologies
- Cross-origin request forgery possibilities
- Undetected Chrome Driver integration
- Multi-threaded event monitoring system
- Domain-specific action triggers
- Cookie and input field tracking
- Alert handling system
- Graceful cleanup and shutdown
# Clone the repository
git clone https://github.com/vibheksoni/EvilChrome.git
# Install dependencies
pip install -r requirements.txt
# Run the PoC
python main.py- Profile Manipulation: Unauthorized access to Chrome user profiles
- Silent Monitoring: Undetectable browser activity tracking
- Data Interception: Real-time form submission and cookie capture
- Session Hijacking: Browser session manipulation techniques
- Stealth Operation: Anti-detection mechanisms using undetected-chromedriver
This PoC highlights several security concerns:
- Browser profile access vulnerabilities
- Form data exposure risks
- Cookie manipulation possibilities
- Browser activity monitoring potential
This tool is for educational purposes only. Users are responsible for complying with applicable laws. The author is not responsible for any misuse or damage caused by this program.
Feel free to contribute to this project by opening issues or submitting pull requests. Please ensure your contributions align with the educational purpose of this project.
Vibhek Soni
- GitHub: @vibheksoni
This project is licensed under the MIT License - see the LICENSE file for details.