Just Providing a little Browser Guidance

Browser Guidance

TLDR; JavaScript can be utilized to detect the victims browser and operating system, in order provide a little browser guidance and increase payload success rates.

Problem

In some cases, Trojan payloads and/or ploys don’t play very nicely when opened with newer browsers, during social engineering campaigns. Most noteworthy is the classic HTA payload causing security warnings in google Chrome and Firefox; if advanced security is configured within the browser. It can also be difficult to create a single payload that will work effectively on all possible target operating systems. Additionally, with the increase in smart phone email solutions usage and company departments utilizing Mac OSX, users opening sites on unintended devices can led to an unintended variance in security awareness campaign testing.

Solution

One can simply place some java script, like the following, within the HTML of a ploy page to provide browser guidance, based on the detected end users browser. Below is an example of forwarding all non-IE browsers to an unsupported browser landing page.


// Opera 8.0+
var isOpera = (!!window.opr && !!opr.addons) || !!window.opera || navigator.userAgent.indexOf(' OPR/') >= 0;
// Firefox 1.0+
var isFirefox = typeof InstallTrigger !== 'undefined';
// At least Safari 3+: "[object HTMLElementConstructor]"
var isSafari = Object.prototype.toString.call(window.HTMLElement).indexOf('Constructor') > 0;
// Internet Explorer 6-11
var isIE = /*@cc_on!@*/false || !!document.documentMode;
// Edge 20+
var isEdge = !isIE && !!window.StyleMedia;
// Chrome 1+
var isChrome = !!window.chrome && !!window.chrome.webstore;
// Blink engine detection
var isBlink = (isChrome || isOpera) && !!window.CSS;
    
if((isFirefox==true) || (isSafari==true) || (isChrome==true) || (isBlink==true) || (isOpera==true)){
	document.location = "unsupported.html";
}

Using a similar operating system detection script, one can offer up different payloads based on operating system, parsed from the end user browser agent. Below is an  example of some javascript based operating system detection, being used to deliver different payloads to Windows, Mac, and Linux clients, while weeding out mobile devices.

	
var isWindows = navigator.appVersion.indexOf("Win")>=0;
var isMac = navigator.appVersion.indexOf("Mac")>=0;
var isUnix = navigator.appVersion.indexOf("X11")>=0;
var isLinux = navigator.appVersion.indexOf("Linux")>=0;
var isAndroid = /(android)/i.test(navigator.userAgent);
var isIOS = /(iPhone|iPod|iPad)/i.test(navigator.userAgent);
	 
if((isAndroid==true) || (isIOS==true)){
	document.location = "unsupported.html";
} else if(isWindows==true){
	document.location = "Windows.doc";
} else if(isMac==true){
	document.location = "Mac.doc";
} else if((isUnix==true) || (isLinux==true)){
	document.location = "Nix.doc";
} else {
	document.location = "unsupported.html";

Shout Out

Although these checks seem to have re-posted everywhere making it hard to firm up attribution, my props and thanks go out to the original author(s) and testers of these browser detection and browser guidance strings.

Leave a Reply

Your email address will not be published. Required fields are marked *