Tuesday, 22 January 2013

PoC - Selenium - Gui with 3 Hijacked Browser Windows.h2

While working on TeamMentor’s browser automation using Selenium, I created a pretty cool PoC/Script where I was able to show natively the 3 main browsers (IE, Firefox and Chrome) in the same Application/GUI.

The O2 Platform script is called PoC - Selenium - Gui with 3 Hijacked Browser Windows.h2, and this is what it looks like when opened up:

image

In this stand-alone exe/gui you can see:
  • Firefox ‘hijacked’ window (left panel)
  • IE ‘hijacked’ window (top middle panel)
  • Chrome ‘hijacked’ window (right panel)
  • C# REPL script (bottom middle panel)
Using the C# REPL, we can open google on the 3 browsers (just click Execute):

image

We can also confirm that we are indeed seeing the rendering of 3 individual browsers by going to the www.whatismybrowser.com website:

image

or owasp.org:

image

or a local copy of TeamMentor:

image

The key concept behind this PoC is the fact that we are NOT embedding ActiveX or COM objects in this Windows GUI :)

What you are seeing above are the (fully functional) browser’s main windows, each running in its own process.

To control the 3 browers, I use Selenium's browser-specific WebDriver apis/tools.

To grab the windows, I used the O2’s Window Handle Hijack technique that you can read about in these posts:
See also Ian Spiro  (AppScan Source guru) who posted Application Injection - Hooking into AppScan Standard in his IBM's Developer Works blog 
Post a Comment