CursedChrome, hacker proxy that originates from a plain browser is out now.
CursedChrome can turn a computer’s plain browser into a proxy that hackers can operate through. A researcher recently proved that plainly browsing can give way for hackers to enter.
Matt Bryant, a security researcher released a tool that he called CursedChrome. Bryant introduced the tool on Github last week as an open-source project.
Hackers invade browsers through CursedChrome
The security specialist elaborated on how the code can turn into a platform that hackers can penetrate. He said that the vehicle does not go beyond the web socket connection.
He described the tool to have two parts. The first is the Chrome extension itself or the client-side component. The second is the control panel where CursedChrome bots report. It is also called the server-side of the counterpart of the browser.
The extension should be installed on a browser. Once installed, the hacker establishes a secure connection with the victim by logging into the CursedChrome.
The unsuspecting victim will see the classic Http reverse proxy function through the WebSocket connection.
The user will not notice that there is a transaction going on between the device extension and an outside control panel operated by a hacker.
As the user navigates on the browser, as usual, the hackers on the other end hi-jack all the logged-in sessions. Hackers can even gather sensitive information, and enter confidential data.
Cyber-security community responds to CursedChrome
CursedChrome gained the attention of the cyber-security community. The community believes that exposing the vehicle to the public only increases the security risk.
A report said that the community Bryant could be lowering the security entry bars. The team believed that the project makes it easier for the attackers to develop their own versions of such.
The security researcher explained his goal in response to the cyber-security community rumblings. Bryant replied saying that was not his intention.
The analyst stated that CursedChrome should help to accurately simulate the ‘malicious browser-extension’ scenario. He clarified that he open-sourced the project for the pen testers and professional red teamers.
He explained that he disclosed CursedChrome because he wanted to make it a tool. He stated that it was for cybersecurity professionals who are paid to break into companies.
He added that he understands how open sourcing helps pen testers and red teamers. He knows that they always work on tight schedules.
Image courtesy of Caio/Pexels