Browser Pivoting implementation for Internet Explorer
Report Bug
·
Request Feature
BrowserPivotingIE implements the browser pivoting technique for Internet Explorer. Additional information about the technique can be found here.
This repo is split into multiple parts:
Static library project that handles the parsing of HTTP messages
DLL project that implements that the meat of the technique. Upon being loaded, the DLL will host an HTTP proxy on port 8080. Requests will be sent to the destination using WinINET APIs. As a consequence, the request will inherit the browser's authentication credentials, cookies, etc.
EXE project that hosts the HTTPProxy DLL.
EXE project that embeds the HTTPProxy DLL as a resource and injects the DLL into Internet Explorer using the DLL Injection technique.
A simple example on how WinINet persists credentials accross requests on a per process basis.
A Python3 based HTTP server that supports Basic Authentication.
To get started with the Usage example follow these simple steps.
- Visual Studio (optional)
- Compile the "InjectIE" project with Visual Studio (optional if using the release binary). The build architecture (x86 vs x64) must match the architecture of the target Internet Explorer process.
- Host or identify a website with authentication (NTLM, cookies, etc). This example will use a server hosted at 127.0.0.1:80 using BasicAuthHTTPServer.py.
python3 BasicAuthHTTPServer.py 80- Open an x86 instance of Internet Explorer
- In Internet Explorer, browse to http://127.0.0.1 and authenticate using the credentials
demo:demo. Upon authenticating, the page will present this text{"path": "/", "get_vars": "{}"} - Open an instance of Firefox.
- In Firefox, browse to http://127.0.0.1 and note the prompt for credentials.
- Run InjectIE.exe on the target machine. InjectIE.exe will inject into iexplore.exe a DLL that implements an HTTP proxy server on port 8080.
- Configure Firefox to the reach the internet via the HTTP proxy server 127.0.0.1:8080. If the proxy is on localhost, the
network.proxy.allow_hijacking_localhostconfig setting will need to be modified. - In Firefox, browse to http://127.0.0.1 and note that the session is authenticated.
See the open issues for a list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the MIT License. See LICENSE for more information.
ZwCreatePhoton - @ZwCreatePhoton
Project Link: https://github.com/ZwCreatePhoton/BrowserPivotingIE