SquareX has introduced open-source toolkits designed to enhance browser security, ultimately improving SEO.
SquareX has introduced two open-source toolkits aimed at enhancing the capabilities of security teams in simulating and defending against browser-based attacks that often bypass traditional enterprise security measures. Developed by SquareX security researchers, these toolkits are tailored for both red teams, who simulate attacks, and blue teams, who defend against them. The toolkits address the growing concern that many conventional network and endpoint security solutions lack visibility into threats that operate solely within the browser environment, such as session hijacking and data exfiltration. As web browsers increasingly serve as the primary interface for accessing corporate resources and managing sensitive data, they have become a significant attack vector for threat actors. Existing security frameworks, however, tend to focus on more traditional points of compromise, such as endpoints and networks, leaving a critical gap in protection.
The first toolkit, Angry Magpie, was developed by SquareX researchers Jeswin Mathai, Pankaj Sharma, and Xian Xiang Chang. It focuses on simulating data exfiltration attacks that exploit weaknesses in data loss prevention (DLP) systems through data splicing techniques. Angry Magpie illustrates how attackers can utilise methods like data sharding, ciphering, transcoding, and smuggling to circumvent both proxy-based and endpoint DLP solutions. These attacks can be executed through common browser activities, such as copying to clipboard, file uploads, downloads, and printing. This toolkit provides security teams with insights into how insider threats may conduct data exfiltration campaigns from within a browser, equipping them with the knowledge to recognise and counter similar techniques. The second toolkit, Copycat, was created by SquareX researchers Dakshitaa Babu, Tejeswar S Reddy, Pankaj Sharma, and Albin Antony. Copycat is designed to simulate identity and authentication attacks initiated through malicious or compromised browser extensions. It comprises ten modules, each demonstrating a unique technique for executing identity compromise at the browser level, including silent account hijacking, credential theft, two-factor authentication interception, and manipulation of OAuth flows. This toolkit highlights how even browser extensions with minimal permissions, such as commonly used colour picker extensions, can be exploited by attackers to compromise user identities and gain control over authenticated sessions.
Categories: Browser-Based Attack Simulation, Data Exfiltration Techniques, Identity and Authentication Attacks
Tags: Open-source, Toolkits, Security, Browser-based, Attacks, Red teams, Blue teams, Data exfiltration, Identity compromise, Browser extensions