来源

关联漏洞

描述

A Bash script for Kali Linux that exploits an iOS WebKit vulnerability (CVE-2020-27950) using Metasploit and ngrok. Automates payload delivery with a public URL via ngrok, checks for required tools, handles errors, and provides an easy way to crash browsers for educational purposes only.

介绍

# Browser Crash Tool - Kali

## Overview

This tool exploits a vulnerability in iOS WebKit (CVE-2020-27950) using Metasploit’s `webkit_backdrop_filter_blur` auxiliary module. It crashes the target browser by loading a crafted web page. The tool also uses `ngrok` to create a publicly accessible link to the malicious page, making it easy to send to a target.

## Requirements

- Kali Linux
- Metasploit Framework
- ngrok (for creating public URLs)

## Features

- Automatically configures Metasploit and runs the WebKit DoS exploit.
- Integrates with `ngrok` to generate a public URL for easy access.
- Checks for `ngrok` installation and handles exceptions gracefully.
- User-friendly with informative messages and error handling.

## Installation

1. **Install Metasploit**: If Metasploit is not installed, you can install it with:
   ```bash
   sudo apt install metasploit-framework```
2. **Install Ngrok**: If ngrok is not installed, you can install it with:
   ```bash
   sudo apt install ngrok```

3. **Authenticate Ngrok using your token**:
   - Sign up for a free Ngrok account on the [Ngrok website](https://ngrok.com).
   - Obtain your authentication token from the Ngrok Dashboard.
   - Authenticate Ngrok with the following command:
     ```bash
     ngrok authtoken YOUR_AUTH_TOKEN
     ```
     Replace `YOUR_AUTH_TOKEN` with the token you obtained from the Ngrok Dashboard.

文件快照

 [4.0K]  /data/pocs/516d58955f5510e49a4c2c29bf89f378ca5aedb1
├── [2.2K]  browser_crash.sh
└── [1.4K]  README.md

0 directories, 2 files

备注