v3.0 Released - Post exploitation of desktops with new beacons

[hoodoer]

JS-Tap Version 3 goes in a fun new direction. JavaScript is sadly all over the endpoint, not just served up by web app servers. Browser extensions, electron apps, node/bun apps, all of which run JavaScript with reduced sandboxing over what happens in the DOM, where the original JS-Tap beacon runs. All our favorite monkey patching tricks still work in these application environments.

Version three brings 3 new beacons to the table integrated into the JS-Tap C2.

• BEX Beacon — a browser extension (Chrome/Firefox) that passively captures cookies (including httpOnly), localStorage, sessionStorage, and request headers across all browsing, and can drop DOM Beacons into specific domains on command. Pair it with the new Sidecar native binary for OS-level file browsing and command execution through native messaging browser features (not as stealthy as Atom and V8 beacon OS access).

• Atom Beacon — an implant for Electron desktop apps (Slack, Signal Desktop, VS Code, Discord, etc.). Patch it into the app's ASAR and it injects into every window: keystrokes, inputs, cookies, network calls, plus native OS access and screenshots. No separate sidecar binary needed for OS access.

• V8 Beacon — an implant for Node.js and Bun CLI tools (Gemini CLI, Claude Code, etc.). No app patching, just drop the beacon .js file to local disk and set the appropriate environment variables. Node/Bun will pull in the malicious JavaScript at runtime and you get the usual JS-Tap beacon features, network intercepts, keylogs, etc. Also provides OS level filesystem and command access without a sidecar binary needed.

The original beacon for web application DOMs still works just fine.

Also new:

• JS-Tap Proxy — route your own traffic through a victim's browser, electron app, or node/bun process via WebSocket relay. Provides access to internal network application servers.

• JS-Tap Conductor — a Firefox extension that clones captured session data (cookies, headers, storage, User-Agent) so you can browse as the victim. Also automatically reconfigures your browser to proxy through JS-Tap C2 and a BEX, Atom, or V8 beacon that has proxy enabled.

Plugins — runtime-loadable modules for electron app-specific attacks, shipping with plugins for Mattermost, Slack, Signal, VS Code, and 1Password. These are not terribly difficult to create, and an example plugin is provided.