Proof-of-concept JavaScript malware implemented as a Proxy Auto-Configuration (PAC) File
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
client
server
.gitignore
DEMO1.txt
DEMO2.txt
INSTALL
LICENSE
README.md

README.md

Pacdoor

Pacdoor is a proof-of-concept JavaScript malware implemented as a Proxy Auto-Configuration (PAC) File. Pacdoor includes a 2-way communication channel, ability to exfiltrate HTTPS URLs, disable access to cherry-picked URLs etc.

It was released as part of the Crippling HTTPS with Unholy PAC talk given at BlackHat USA 2016 conference by Itzik Kotler and Amit Klein from SafeBreach Labs.

Slides are availble here

Version

0.1.0

Installation

Pacdoor requires Python 2.7.x to run.

$ git clone https://github.com/SafeBreach-Labs/pacdoor.git
$ cd pacdoor
$ cd server
$ pip install -r requirements.txt

License

BSD 3-Clause