DeepSec 2007: Browser hijacking

Speaker: Daniel Fabian, SEC Consult


This talk introduces Trabbler, the first highly versatile “cross site scripting Trojan”. Once injected via XSS, Trabbler takes control over the victims current session, allowing the attacker to watch and manipulate its actions on the vulnerable website.

During the hijacking attack, instances of Trabbler communicate with a central control server, which gives it botnet-like capabilities. Trabbler’s  design is modular, meaning custom script-modules can be downloaded to the infected browser. This makes it useful for very specific attacks, e.g. manipulating a transaction during execution.

Other modules include a keylogger and a browser camera, which allows the attacker to watch his victims actions in real time. In the talk, we will discuss Trabbler ́s architecture and code and give practical examples of its application.

Main category

Disclosure & vulnerability



Be surprised

I know what I'm looking for

Related videos