diff --git a/network-services-pentesting/pentesting-web/xss-to-rce-electron-desktop-apps/README.md b/network-services-pentesting/pentesting-web/xss-to-rce-electron-desktop-apps/README.md
index e2d05475..fe83856c 100644
--- a/network-services-pentesting/pentesting-web/xss-to-rce-electron-desktop-apps/README.md
+++ b/network-services-pentesting/pentesting-web/xss-to-rce-electron-desktop-apps/README.md
@@ -16,6 +16,8 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
+### Introduction
+
Electron is **based on Chromium**, but it is not a browser. Certain principles and security mechanisms implemented by modern browsers are not in place.\
You could see Electron like a local backend+frontend app where **NodeJS** is the **backend** and **chromium** is the **frontend**.
@@ -51,7 +53,7 @@ The desktop application might have access to the user’s device through Node AP
* **`nodeIntegration`** - is `off` by default. If on, allows to access node features from the renderer process.
* **`contextIsolation`** - is `on` by default. If on, main and renderer processes aren't isolated.
* **`preload`** - empty by default.
-* **\`\`**[**`sandbox`**](https://docs.w3cub.com/electron/api/sandbox-option) - is off by default. It will restrict the actions NodeJS can perform.
+* [**`sandbox`**](https://docs.w3cub.com/electron/api/sandbox-option) - is off by default. It will restrict the actions NodeJS can perform.
Example of configuration:
@@ -93,6 +95,14 @@ Example Payloads (Linux & MacOS):
```
+### Capture traffic
+
+Modify the start-main configuration and add the use of a proxy such as:
+
+```javascript
+"start-main": "electron ./dist/main/main.js --proxy-server=127.0.0.1:8080 --ignore-certificateerrors",
+```
+
## RCE: XSS + nodeIntegration
If the **nodeIntegration** is set to **on**, a web page's JavaScript can use Node.js features easily just by calling the `require()`. For example, the way to execute the calc application on Windows is:
@@ -245,7 +255,8 @@ window.open("")
## **Tools**
* [**Electronegativity**](https://github.com/doyensec/electronegativity) is a tool to identify misconfigurations and security anti-patterns in Electron-based applications.
-* [**Electrolint**](https://github.com/ksdmitrieva/electrolint) \*\*\*\* is an open source VS Code plugin for Electron applications that uses Electronegativity.
+* [**Electrolint**](https://github.com/ksdmitrieva/electrolint) is an open source VS Code plugin for Electron applications that uses Electronegativity.
+* ****[**nodejsscan**](https://github.com/ajinabraham/nodejsscan) to check for vulnerable third party libraries
## Labs