Security Professional - Paul Jang

Browser Rider

Browser Rider is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit. Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there are unmainted, not updated and not documented. Browser Rider wants to fill those gaps by providing a better alternative.

Download

http://engineeringforfun.com/browserrider.html

Requirement

- PHP 5, with json installed

- Mysql

- Apache with url_rewrite on

- Targets must have Javascript turned on

1. create a mysql table for Browser rider and dump the create.sql file in it

2. edit the .htaccess file for url rewriting to work. To give you an example, on my localhost BR is located at the following url:

http://localhost/projects/BrowserRider/ so my .htaccess file contains

the following line:

RewriteBase /projects/BrowserRider/

3. the final step is to edit the configuration.php file located in the 'lib' folder. You can follow the current documentation to do so: http://www.engineeringforfun.com/wiki/index.php/Browser_Rider_Installation under the section "Editing lib/configuration.php". What needs to be updated are: your mysql login and password, the 'BASE_URL' constant and the $FALSE_URL_REWRITING_VARS variable.

Appendix

json installation

1. download from http://www.aurore.net/projects/php-json/win32/1.1.1/

2. add the follow line to php.ini

extension=php_json.dll