Browser Rider Changelog

From Engineering For Fun


Contents

Browser Rider v20090204

  • Bug fix in index.php
  • Bug fix in web-applications.xml
  • Bug fix in BRApp-Finder
  • Bug fixes in the payloads to improve compatibility

Browser Rider v20090125

  • alternative to url rewriting implemented
  • administration panel compatible with IE
  • general improvements in the code
  • new plugin 'fieldlogger', thanks to X-Tense

Browser Rider v20081124

  • insertion of the base64.js file the utils/ directory
  • insertion of the md5.js file in the utils/ directory
  • creation of the create_iframe.js file in lib/plouf/payloads/javascript/utils/
  • creation of the Plouf library
  • creation of BR AppFinder
  • creation of the get_DOM payload that allows to steal targets' DOMs and view it
  • many miscellaneous modifications in the code of the framework

03/11/2008

  • new architecture, more flexible, better organized.
  • creation of BR CodeGEN
  • creation of the keep_alive payload which puts the victims in a frame

04/10/2008

  • url rewriting bug fixed
  • improvements of the payloads' SQL to avoid data redundancy
  • fixe the box_alert payload so that it can automatically send several messages
  • improvements of the payloads' interfaces

Browser Rider v20080908

08/09/2008

  • Changes in the Zombie class
  • Improvement of HTTPRequest class
  • Plugin referer_attack created & added
  • Payload cookie_stealing compatible with IE

06/09/2008

  • Ability to manage offline zombies
  • Plugins implemented, basically plugins will run before payloads and will add one logic layer to be able to do stuff like:
    • if a zombie comes from a website X then attach him automatically with the following payloads
    • if we detect a certain web application on the page, we attach the zombie with payloads to exploit this application

Adding a logic layer will provide the ability to make more powerful and flexible attacks.

05/09/2008

  • Filtering inputs coming from the database as extra security
  • Improvements of the zombie interface
  • Minify automatically payload when not obfuscated except if PayloadModule::$minify == false
  • Browser Rider tested under Google Chrome, works perfect
  • payload append_iframe compatible with IE & changed to have a code more random
  • Ability to detach a zombie from a payload

04/09/2008

  • Integration of JSMin
  • AttackAPI library added
  • JQuery library added
  • JQuery timer library added
  • Mootools library added
  • Possibility to add libraries
  • payload auto_refresh compatible with IE
  • payload box_prompt compatible with IE
Retrieved from "http://www.engineeringforfun.com/wiki/index.php/Browser_Rider_Changelog"
Personal tools