Session Hijacking Visual Exploitation is a tool that allows for the hijacking of user sessions by injecting malicious JavaScript code.
To run Session Hijacking Visual Exploitation, you will need to have the following software installed:
- Node.js (version 19.0.0 is recommended due to compatibility issues with newer versions)
- npm
- nvm (Node Version Manager, recommended for easily switching between Node.js versions)
To install the server, follow these steps:
- Clone the repository from GitHub:
git clone git@github.com:doyensec/Session-Hijacking-Visual-Exploitation.git
- Navigate to the server directory:
cd Session-Hijacking-Visual-Exploitation/server
- Install the server dependencies:
npm install
Session Hijacking Visual Exploitation provides pre-compiled client applications, which you can download directly from the GitHub releases. If you want to compile the application yourself or develop further, follow these steps:
- Go to the Releases section of the GitHub repository.
- Download the suitable package for your OS.
- Install the application as you would with any other software on your OS.
-
Clone the repository:
git clone git@github.com:doyensec/Session-Hijacking-Visual-Exploitation.git -
Navigate to the client directory:
cd Session-Hijacking-Visual-Exploitation/client -
Install client dependencies:
npm install -
Build the application for your OS:
npm run pack
This will generate executable files for your Operative System. The resulting files will be in the dist directory.
Due to compatibility issues with recent Node.js versions, we recommend using Node.js version 19.0.0. You can easily switch to this version using nvm:
-
Install
nvmby following the instructions here. -
After installing
nvm, install and use Node.js version 19.0.0:
nvm install
nvm useWith the above commands, your terminal session will now be using Node.js version 19.0.0.
To use Session Hijacking Visual Exploitation, follow these steps:
- Start the server:
cd Session-Hijacking-Visual-Exploitation/server
npm start
The first time the server starts, it will require an initial setup. Follow the provided steps for configuration
-
Start the client:
-
Log in with the previously created user (it will be required during the configuration)
-
On the client, use the button to download the certificate and install it
-
Inject the malicious JavaScript in the browser (You can obtain the script in the payloads page)
We provide several options for configuration:
npm run createUser: Create a new usernpm run regenerateToken: Regenerate the token used for JWT signaturesnpm run setConfig: Establish server ports and specify whether SSL will be used. If SSL is to be used, add the privateKey.pem and certificate.pem files to the files directory
On the tool you will notice there are two different modes:
- Interactive: It will allow you to access to the different websites using the victim browser's security context
- Visual: It will show you what the victim is seing and doing in the hooked browser
After starting the server and the client, you have the ability to utilize templates for advanced exploitation:
-
Office Document Templates: By uploading templates with the extensions
.docm,.pptm, or.xslm, the tool will search for URLs pointing to Word, Excel, or PowerPoint documents. Upon finding them, it downloads the documents, injects the macros from the uploaded templates, and alters the download URL. Consequently, users will download the original document injected with the specified macros. You can view these office documents by clicking on the 'List Files' button. -
HTML Template for CORS Exploitation: If you upload an HTML template, it's primarily used to exploit CORS misconfigurations. Under
/connect, the uploaded HTML content will be displayed, also injecting the malicious JS. This results in a new client that can be used interactively with sites vulnerable due to improper CORS configurations.
