Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WiP: Adds an example of toolbox script #4

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

WiP: Adds an example of toolbox script #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cfecf14
Added an example of toolbox script
SakiiR Sep 2, 2020
70ccff3
List -> Table
SakiiR Sep 2, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 29 additions & 24 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.

If you are a chrome user you can check https://github.com/nccgroup/autochrome.
If you are a chrome user you can check https://github.com/nccgroup/autochrome.

- [PwnFox](#img-srcfirefoxiconsiconsvg-width30-pwnfox)
- [Features](#features)
Expand All @@ -18,27 +18,24 @@ If you are a chrome user you can check https://github.com/nccgroup/autochrome.
- [Burp](#burp)
- [Changelog](#changelog)


## Features

![popup](/screenshots/popup.png)

### Single click BurpProxy

Connect to Burp with a simple click, this will probably remove the need for other addons like foxyProxy. However if you need the extra features provided by foxyProxy you can leave this unchecked.
Connect to Burp with a simple click, this will probably remove the need for other addons like foxyProxy. However if you need the extra features provided by foxyProxy you can leave this unchecked.

### Containers Profiles
### Containers Profiles

PwnFox give you fast access to the Firefox containers. This allow you to have multiple identities in the same browser.
PwnFox give you fast access to the Firefox containers. This allow you to have multiple identities in the same browser.
When PwnFox and the `Add container header` option are enabled, PwnFox will automatically add a `X-PwnFox-Color` header to hightlight the query in Burp.

PwnFoxBurp will automatically highlight and strip the header, but you can also specify your own behavior with addons like logger++.

![tabs](/screenshots/tabs.png)
![burp](/screenshots/burp.png)



### PostMessage Logger

PwnFox add a new message tab in you devtool. This allow you to quickly visualize all postMessage between frames.
Expand All @@ -47,54 +44,61 @@ PwnFox add a new message tab in you devtool. This allow you to quickly visualize

You can also provide your own function to parse/filter the messages.
You get access to 3 arguments:
* data -> the message data
* origin -> the window object representing the origin
* destion -> the window object representing the destination

- data -> the message data
- origin -> the window object representing the origin
- destion -> the window object representing the destination

You can return a string or a JSON serializable object.

![](/screenshots/post-dual.png)


### Toolbox

Inject you own javascript code on page load. The code will be loaded as soon as possible. This can used to add dangerous behavior detection, or just to add extra function to your js console.

**Be carefull, the injected toolbox will run in the window context. Do not inject secret in untrusted domain.**


![settings](/screenshots/settings.png)

I will publish some of my toolbox soon (ENOTIME)
#### Examples

| **Name/Link** | **Description** |
| :-------------------------------------------- | :--------------------------------------------- |
| [checkGit.js](./toolbox_examples/checkGit.js) | Catching .git/ exposed on the visited websites |
| TODO | TODO |

### Security header remover

Sometime it's easier to work with security header disabled. You can now do it with a single button press. Don't forget to reenable them before testing your final payload.

Headers stripped:
* Content-Security-Policy
* X-XSS-Protection
* X-Frame-Options
* X-Content-Type-Options

## Installation
- Content-Security-Policy
- X-XSS-Protection
- X-Frame-Options
- X-Content-Type-Options

## Installation

You can find the latest build here:
* [https://github.com/B-i-t-K/PwnFox/releases](https://github.com/B-i-t-K/PwnFox/releases)

- [https://github.com/B-i-t-K/PwnFox/releases](https://github.com/B-i-t-K/PwnFox/releases)

### Firefox
- visit `about:addons` and choose install from file, then select `PwnFox-$version.xpi`
- or install from
[https://addons.mozilla.org/en-US/firefox/addon/pwnfox/](https://addons.mozilla.org/en-US/firefox/addon/pwnfox/)

- visit `about:addons` and choose install from file, then select `PwnFox-$version.xpi`
- or install from
[https://addons.mozilla.org/en-US/firefox/addon/pwnfox/](https://addons.mozilla.org/en-US/firefox/addon/pwnfox/)

### Burp

- Go to extender and add `PwnFox-Burp.jar` as a java extension.

## Build

### All

```shell
./build.sh
# Pwnfox-firefox.zip and PwnFox-burp.jar are available in /bin
Expand All @@ -111,6 +115,7 @@ web-ext sign --api-key="$KEY" --api-secret="$SECRET"
# the xpi file is available in /firefox/web-ext-artifacts/pwnfox-${version}.xpi

```

### Burp

```shell
Expand All @@ -121,5 +126,5 @@ gradle build

## Changelog

* v1.0.2
* First public release
- v1.0.2
- First public release
74 changes: 74 additions & 0 deletions toolbox_examples/checkGit.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
class PwnfoxGitChecker {
static GIT_HEAD_HEADER = "ref: refs/heads/";
static KEY = "pwnfoxGitCheckedAt";
static INTERVAL = 60 * 60 * 24;

static timestamp() {
return new Date().getTime() / 1000;
}

static getPaths() {
try {
const data = JSON.parse(localStorage.getItem(PwnfoxGitChecker.KEY));
if (data == null) return {};
return data;
} catch (_) {
return {};
}
}

static addPath(path) {
const paths = PwnfoxGitChecker.getPaths();

paths[path] = PwnfoxGitChecker.timestamp();
localStorage.setItem(PwnfoxGitChecker.KEY, JSON.stringify(paths));
}

static hasToBeChecked(path) {
const paths = PwnfoxGitChecker.getPaths();

// No entry yet
if (!(path in paths)) return true;

const ts = paths[path];

// Expired
const now = PwnfoxGitChecker.timestamp();
if (now - PwnfoxGitChecker.INTERVAL > ts) return true;

return false;
}

static async checkPath(path) {
while (path.endsWith("/")) {
path = path.slice(0, -1);
}

const url = `${path}/.git/HEAD`;

if (!PwnfoxGitChecker.hasToBeChecked(url)) return false;

const response = await fetch(url);

PwnfoxGitChecker.addPath(url);

if (
response.status === 200 &&
(await response.text()).startsWith(PwnfoxGitChecker.GIT_HEAD_HEADER)
) {
PwnfoxGitChecker.triggerNotification(url);
return true;
}
return false;
}

static async run() {
await PwnfoxGitChecker.checkPath(location.pathname);
}

static triggerNotification(path) {
alert(`GitDetector: Possible '.git/' exposed @ '${path}'!`);
}
}

PwnfoxGitChecker.run();