Skip to content

0x4meliorate/SEBUA

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
pictures
pictures
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
payload.js
payload.js
 
 

Repository files navigation

SEBUA

SEBUA custom image

Created by myself and MalwareMonster.

⚠️ Warning: Only use this software according to your current legislation. Misuse of this software can raise legal and ethical issues which I don't support nor can be held responsible for.

Description

SEBUA is described as a 'Social Engineering Browser Update Attack'. This attack requires user interaction and is highly deceiving.

How it Works

  • Browser Detection: SEBUA detects the browser type (Chrome, Firefox, or Edge).
  • Data Injection: Uses document.write in JavaScript to inject data into the webpage.
  • UI Deception: Displays an overlay mimicking the official browser download page.
  • Fake Update Prompt: Demands an update to view content, triggering a download when the 'Update' button is clicked.
  • Post-Download Behavior: Sets a key in the browser's localStorage to prevent overlay reappearance after the binary execution.
  • End Result: Ideally leads to a beacon after the binary execution.

Examples

Chrome overlay Firefox overlay Edge overlay
Chrome Firefox Edge

Additional Information

The primary component is the payload.js file. To create this payload:

  1. Use document.write with obfuscated HTML in payload.js.
  2. Employ html-obfuscator for obfuscation and de-obfuscation.

Credits & Resources

About

Social Engineering Browser Update Attack.

Topics

javascript malware phishing xss penetration-testing malware-research phishing-attacks social-engineering redteam browser-attacks

Resources

Readme

License

MIT license
Activity

Stars

54 stars

Watchers

2 watching

Forks

9 forks
Report repository