GitBook: [#3270] No subject
This commit is contained in:
parent
056cca6ddf
commit
d9291c43c6
@ -16,6 +16,8 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
|
||||
</details>
|
||||
|
||||
### Introduction
|
||||
|
||||
Electron is **based on Chromium**, but it is not a browser. Certain principles and security mechanisms implemented by modern browsers are not in place.\
|
||||
You could see Electron like a local backend+frontend app where **NodeJS** is the **backend** and **chromium** is the **frontend**.
|
||||
|
||||
@ -51,7 +53,7 @@ The desktop application might have access to the user’s device through Node AP
|
||||
* **`nodeIntegration`** - is `off` by default. If on, allows to access node features from the renderer process.
|
||||
* **`contextIsolation`** - is `on` by default. If on, main and renderer processes aren't isolated.
|
||||
* **`preload`** - empty by default.
|
||||
* **\`\`**[**`sandbox`**](https://docs.w3cub.com/electron/api/sandbox-option) - is off by default. It will restrict the actions NodeJS can perform.
|
||||
* [**`sandbox`**](https://docs.w3cub.com/electron/api/sandbox-option) - is off by default. It will restrict the actions NodeJS can perform.
|
||||
|
||||
Example of configuration:
|
||||
|
||||
@ -93,6 +95,14 @@ Example Payloads (Linux & MacOS):
|
||||
<img src=x onerror="alert(require('child_process').execSync('uname -a').toString());">
|
||||
```
|
||||
|
||||
### Capture traffic
|
||||
|
||||
Modify the start-main configuration and add the use of a proxy such as:
|
||||
|
||||
```javascript
|
||||
"start-main": "electron ./dist/main/main.js --proxy-server=127.0.0.1:8080 --ignore-certificateerrors",
|
||||
```
|
||||
|
||||
## RCE: XSS + nodeIntegration
|
||||
|
||||
If the **nodeIntegration** is set to **on**, a web page's JavaScript can use Node.js features easily just by calling the `require()`. For example, the way to execute the calc application on Windows is:
|
||||
@ -245,7 +255,8 @@ window.open("<http://subdomainagoogleq.com/index.html>")
|
||||
## **Tools**
|
||||
|
||||
* [**Electronegativity**](https://github.com/doyensec/electronegativity) is a tool to identify misconfigurations and security anti-patterns in Electron-based applications.
|
||||
* [**Electrolint**](https://github.com/ksdmitrieva/electrolint) \*\*\*\* is an open source VS Code plugin for Electron applications that uses Electronegativity.
|
||||
* [**Electrolint**](https://github.com/ksdmitrieva/electrolint) is an open source VS Code plugin for Electron applications that uses Electronegativity.
|
||||
* ****[**nodejsscan**](https://github.com/ajinabraham/nodejsscan) to check for vulnerable third party libraries
|
||||
|
||||
## Labs
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user