From 4c57ef3936e1ac4c8e3651d4693e12c5c78d7d7e Mon Sep 17 00:00:00 2001 From: aleff-github Date: Thu, 13 Feb 2025 17:44:29 +0100 Subject: [PATCH 1/3] Randomizing User-Agent in Google Chrome --- .../README.md | 141 ++++++++++++++++++ .../payload.txt | 83 +++++++++++ .../script | 22 +++ 3 files changed, 246 insertions(+) create mode 100644 payloads/library/execution/Randomizing User-Agent in Google Chrome/README.md create mode 100644 payloads/library/execution/Randomizing User-Agent in Google Chrome/payload.txt create mode 100755 payloads/library/execution/Randomizing User-Agent in Google Chrome/script diff --git a/payloads/library/execution/Randomizing User-Agent in Google Chrome/README.md b/payloads/library/execution/Randomizing User-Agent in Google Chrome/README.md new file mode 100644 index 000000000..b8e3d27bb --- /dev/null +++ b/payloads/library/execution/Randomizing User-Agent in Google Chrome/README.md @@ -0,0 +1,141 @@ +# Randomizing User-Agent in Google Chrome + +This DuckyScript payload automates the process of modifying the Google Chrome user-agent dynamically by integrating a random user-agent retriever using `torify` and `curl`. Additionally, it ensures that execution traces are erased if configured. + +## Why Randomizing User-Agent Matters + +One of the most crucial aspects of online privacy is minimizing trackable elements that websites can use to uniquely identify users. The user-agent, which reveals browser and operating system details, is one such element that can contribute to fingerprinting—a technique used to track users even if they clear cookies or use incognito mode. + +The Electronic Frontier Foundation (EFF) provides a tool called [Cover Your Tracks](https://coveryourtracks.eff.org/) that highlights how unique a browser fingerprint can be. Even subtle details such as screen resolution, installed plugins, and HTTP headers can contribute to a highly distinctive digital fingerprint. By randomizing the user-agent dynamically, this script mitigates one of the key tracking vectors, making it more difficult for advertisers, trackers, and malicious entities to create persistent identifiers for users. + +This script ensures that every new browser session starts with a different user-agent, making it harder for websites to link previous and current browsing activities. Additionally, by leveraging torify, it provides an extra layer of anonymity by routing the request through the Tor network, reducing the chances of associating the request with a specific IP address. + +**This tool does not anonymize you sufficiently**, but to check this and to explore it further you can read what [EFF says about it](https://www.eff.org/deeplinks/2020/11/introducing-cover-your-tracks). + +## Prerequisites +- A Linux-based system +- Google Chrome installed +- `torify`, `curl`, `awk`, and `gtk-update-icon-cache` installed +- Sudo user privileges + +## Script Breakdown + +### 1. Define Constants + +- This defines a placeholder for the sudo password, which will be required when modifying system files. + + ```ducky + REM Replace it with your sudo user password + DEFINE #SUDO_PSWD example + ``` + +- This variable is determined by the target + + ```ducky + REM May it depends... + DEFAULT_DELAY 250 + ``` + +- A conditional flag to determine whether to erase command execution history. + + ```ducky + REM Define if you want to erase the tracks of your commands + DEFINE I_WANT_TO_ERASE_THE_SHELL_TRACKS TRUE + ``` + +### 2. Open Terminal + +- Opens a terminal window and waits for 1 second. + + ```ducky + CTRL-ALT t + DELAY 1000 + ``` + +### 3. Create Bash Script to Randomize User-Agent + +- Creates a new bash script named `.randomize_user_agent`. + + ```ducky + echo '#!/bin/bash' > .randomize_user_agent + ``` + +- Retrieves a random user-agent using `torify` and `curl` from user-agents.net. + + ```ducky + echo 'UA=$(torify curl "https://user-agents.net/random" -H "content-type: application/x-www-form-urlencoded" -H "referer: https://user-agents.net/random" --data-raw "limit=1&action=generate")' >> .randomize_user_agent + ``` + +- Defines a regular expression to extract the user-agent string. + + ```ducky + echo 're="
  • (.+)<\/a><\/li>"' >> .randomize_user_agent + ``` + +- If the regex successfully extracts a user-agent, Chrome is launched with it. Otherwise, it launches normally. + + ```ducky + echo 'if [[ $UA =~ $re ]]; then + /usr/bin/google-chrome-stable --user-agent="${BASH_REMATCH[1]}" + else + /usr/bin/google-chrome-stable + fi' >> .randomize_user_agent + ``` + +- Makes the script executable. + + ```ducky + sudo chmod +x .randomize_user_agent + ``` + +- Placeholder for executing the command with sudo privileges. + + ```ducky + #SUDO_PSWD + ``` + +### 4. Modify Chrome Application Shortcut + +- Stores the path of the newly created script. + + ```ducky + NEW_STRING="/home/$(whoami)/.randomize_user_agent" + ``` + +- Modifies the Chrome `.desktop` file to replace the default executable path with the newly created script. + + ```ducky + awk -v new="$NEW_STRING" '{gsub("/usr/bin/google-chrome-stable", new)}1' /usr/share/applications/google-chrome.desktop > tmp + ``` + +- Applies the modified `.desktop` file. + + ```ducky + sudo tee /usr/share/applications/google-chrome.desktop < tmp + ``` + +- Updates the icon cache to reflect the changes. + + ```ducky + gtk-update-icon-cache + ``` + +### 5. Erase Execution Traces (Optional) + +- If enabled, removes the shell history file and exits the terminal to erase execution traces. + + ```ducky + IF_DEFINED_TRUE #I_WANT_TO_ERASE_THE_SHELL_TRACKS + REM It is assumed that a shell has already been opened... + STRINGLN rm $HISTFILE; exit + END_IF_DEFINED + ``` + +## Security Considerations + +- Modifying system files (`/usr/share/applications/google-chrome.desktop`) requires sudo privileges, which can be a security risk. + +- The use of `torify` ensures anonymity, but not only that, this will allow you to make unlimited requests by exceeding the maximum number of requests per connection provided by the service you use. + +- Clearing command history can be useful for security but may also make debugging harder. + diff --git a/payloads/library/execution/Randomizing User-Agent in Google Chrome/payload.txt b/payloads/library/execution/Randomizing User-Agent in Google Chrome/payload.txt new file mode 100644 index 000000000..a3f5bb380 --- /dev/null +++ b/payloads/library/execution/Randomizing User-Agent in Google Chrome/payload.txt @@ -0,0 +1,83 @@ +REM_BLOCK +############################################################# +# # +# Title : Randomizing User-Agent in Google Chrome # +# Author : Aleff # +# Version : 1.0 # +# Category : Execution # +# Target : Chrome on Linux (Tested on Ubuntu) # +# # +############################################################# +END_REM + +REM Replace it with your sudo user password +DEFINE #SUDO_PSWD example + +REM May it depends... +DEFAULT_DELAY 250 + +REM Define if you want to erase the tracks of your commands +DEFINE I_WANT_TO_ERASE_THE_SHELL_TRACKS TRUE + +REM_BLOCK + Credits: Hak5 LLC + Website: https://hak5.org/ + Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/detect_ready.txt +END_REM + +EXTENSION DETECT_READY + REM VERSION 1.1 + REM AUTHOR: Korben + + REM_BLOCK DOCUMENTATION + USAGE: + Extension runs inline (here) + Place at beginning of payload (besides ATTACKMODE) to act as dynamic + boot delay + + TARGETS: + Any system that reflects CAPSLOCK will detect minimum required delay + Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms + END_REM + + REM CONFIGURATION: + DEFINE #RESPONSE_DELAY 25 + DEFINE #ITERATION_LIMIT 120 + + VAR $C = 0 + WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT)) + CAPSLOCK + DELAY #RESPONSE_DELAY + $C = ($C + 1) + END_WHILE + CAPSLOCK +END_EXTENSION + +CTRL-ALT t +DELAY 1000 + +STRINGLN_BASH + echo '#!/bin/bash' > .randomize_user_agent + echo 'UA=$(torify curl "https://user-agents.net/random" -H "content-type: application/x-www-form-urlencoded" -H "referer: https://user-agents.net/random" --data-raw "limit=1&action=generate")' >> .randomize_user_agent + echo 're="
  • (.+)<\/a><\/li>"' >> .randomize_user_agent + echo 'if [[ $UA =~ $re ]]; then + /usr/bin/google-chrome-stable --user-agent="${BASH_REMATCH[1]}" + else + /usr/bin/google-chrome-stable + fi' >> .randomize_user_agent + sudo chmod +x .randomize_user_agent +END_STRINGLN + +DELAY 750 + +STRINGLN_BASH + #SUDO_PSWD + NEW_STRING="/home/$(whoami)/.randomize_user_agent" + awk -v new="$NEW_STRING" '{gsub("/usr/bin/google-chrome-stable", new)}1' /usr/share/applications/google-chrome.desktop > tmp + sudo tee /usr/share/applications/google-chrome.desktop < tmp + gtk-update-icon-cache +END_STRINGLN + +IF_DEFINED_TRUE #I_WANT_TO_ERASE_THE_SHELL_TRACKS + STRINGLN rm $HISTFILE; exit +END_IF_DEFINED diff --git a/payloads/library/execution/Randomizing User-Agent in Google Chrome/script b/payloads/library/execution/Randomizing User-Agent in Google Chrome/script new file mode 100755 index 000000000..b8aab9891 --- /dev/null +++ b/payloads/library/execution/Randomizing User-Agent in Google Chrome/script @@ -0,0 +1,22 @@ +echo '#!/bin/bash' > .randomize_user_agent + +echo 'UA=$(torify curl "https://user-agents.net/random" -H "content-type: application/x-www-form-urlencoded" -H "referer: https://user-agents.net/random" --data-raw "limit=1&action=generate")' >> .randomize_user_agent + +echo 're="
  • (.+)<\/a><\/li>"' >> .randomize_user_agent + +echo 'if [[ $UA =~ $re ]]; then + /usr/bin/google-chrome-stable --user-agent="${BASH_REMATCH[1]}" +else + /usr/bin/google-chrome-stable +fi' >> .randomize_user_agent + +sudo chmod +x .randomize_user_agent + +NEW_STRING="/home/$(whoami)/.randomize_user_agent" + +awk -v new="$NEW_STRING" '{gsub("/usr/bin/google-chrome-stable", new)}1' /usr/share/applications/google-chrome.desktop > tmp + +sudo tee /usr/share/applications/google-chrome.desktop < tmp + +gtk-update-icon-cache + From 54bd6df5ad5d2b9e4773dc4b061df1d7c1110276 Mon Sep 17 00:00:00 2001 From: aleff-github Date: Mon, 17 Feb 2025 10:12:29 +0100 Subject: [PATCH 2/3] fix some stuff --- .../README.md | 141 ++++++++++++++++++ .../payload.txt | 83 +++++++++++ .../script.sh | 22 +++ 3 files changed, 246 insertions(+) create mode 100644 payloads/library/execution/Randomizing_User-Agent_in_Google_Chrome/README.md create mode 100644 payloads/library/execution/Randomizing_User-Agent_in_Google_Chrome/payload.txt create mode 100755 payloads/library/execution/Randomizing_User-Agent_in_Google_Chrome/script.sh diff --git a/payloads/library/execution/Randomizing_User-Agent_in_Google_Chrome/README.md b/payloads/library/execution/Randomizing_User-Agent_in_Google_Chrome/README.md new file mode 100644 index 000000000..b8e3d27bb --- /dev/null +++ b/payloads/library/execution/Randomizing_User-Agent_in_Google_Chrome/README.md @@ -0,0 +1,141 @@ +# Randomizing User-Agent in Google Chrome + +This DuckyScript payload automates the process of modifying the Google Chrome user-agent dynamically by integrating a random user-agent retriever using `torify` and `curl`. Additionally, it ensures that execution traces are erased if configured. + +## Why Randomizing User-Agent Matters + +One of the most crucial aspects of online privacy is minimizing trackable elements that websites can use to uniquely identify users. The user-agent, which reveals browser and operating system details, is one such element that can contribute to fingerprinting—a technique used to track users even if they clear cookies or use incognito mode. + +The Electronic Frontier Foundation (EFF) provides a tool called [Cover Your Tracks](https://coveryourtracks.eff.org/) that highlights how unique a browser fingerprint can be. Even subtle details such as screen resolution, installed plugins, and HTTP headers can contribute to a highly distinctive digital fingerprint. By randomizing the user-agent dynamically, this script mitigates one of the key tracking vectors, making it more difficult for advertisers, trackers, and malicious entities to create persistent identifiers for users. + +This script ensures that every new browser session starts with a different user-agent, making it harder for websites to link previous and current browsing activities. Additionally, by leveraging torify, it provides an extra layer of anonymity by routing the request through the Tor network, reducing the chances of associating the request with a specific IP address. + +**This tool does not anonymize you sufficiently**, but to check this and to explore it further you can read what [EFF says about it](https://www.eff.org/deeplinks/2020/11/introducing-cover-your-tracks). + +## Prerequisites +- A Linux-based system +- Google Chrome installed +- `torify`, `curl`, `awk`, and `gtk-update-icon-cache` installed +- Sudo user privileges + +## Script Breakdown + +### 1. Define Constants + +- This defines a placeholder for the sudo password, which will be required when modifying system files. + + ```ducky + REM Replace it with your sudo user password + DEFINE #SUDO_PSWD example + ``` + +- This variable is determined by the target + + ```ducky + REM May it depends... + DEFAULT_DELAY 250 + ``` + +- A conditional flag to determine whether to erase command execution history. + + ```ducky + REM Define if you want to erase the tracks of your commands + DEFINE I_WANT_TO_ERASE_THE_SHELL_TRACKS TRUE + ``` + +### 2. Open Terminal + +- Opens a terminal window and waits for 1 second. + + ```ducky + CTRL-ALT t + DELAY 1000 + ``` + +### 3. Create Bash Script to Randomize User-Agent + +- Creates a new bash script named `.randomize_user_agent`. + + ```ducky + echo '#!/bin/bash' > .randomize_user_agent + ``` + +- Retrieves a random user-agent using `torify` and `curl` from user-agents.net. + + ```ducky + echo 'UA=$(torify curl "https://user-agents.net/random" -H "content-type: application/x-www-form-urlencoded" -H "referer: https://user-agents.net/random" --data-raw "limit=1&action=generate")' >> .randomize_user_agent + ``` + +- Defines a regular expression to extract the user-agent string. + + ```ducky + echo 're="
  • (.+)<\/a><\/li>"' >> .randomize_user_agent + ``` + +- If the regex successfully extracts a user-agent, Chrome is launched with it. Otherwise, it launches normally. + + ```ducky + echo 'if [[ $UA =~ $re ]]; then + /usr/bin/google-chrome-stable --user-agent="${BASH_REMATCH[1]}" + else + /usr/bin/google-chrome-stable + fi' >> .randomize_user_agent + ``` + +- Makes the script executable. + + ```ducky + sudo chmod +x .randomize_user_agent + ``` + +- Placeholder for executing the command with sudo privileges. + + ```ducky + #SUDO_PSWD + ``` + +### 4. Modify Chrome Application Shortcut + +- Stores the path of the newly created script. + + ```ducky + NEW_STRING="/home/$(whoami)/.randomize_user_agent" + ``` + +- Modifies the Chrome `.desktop` file to replace the default executable path with the newly created script. + + ```ducky + awk -v new="$NEW_STRING" '{gsub("/usr/bin/google-chrome-stable", new)}1' /usr/share/applications/google-chrome.desktop > tmp + ``` + +- Applies the modified `.desktop` file. + + ```ducky + sudo tee /usr/share/applications/google-chrome.desktop < tmp + ``` + +- Updates the icon cache to reflect the changes. + + ```ducky + gtk-update-icon-cache + ``` + +### 5. Erase Execution Traces (Optional) + +- If enabled, removes the shell history file and exits the terminal to erase execution traces. + + ```ducky + IF_DEFINED_TRUE #I_WANT_TO_ERASE_THE_SHELL_TRACKS + REM It is assumed that a shell has already been opened... + STRINGLN rm $HISTFILE; exit + END_IF_DEFINED + ``` + +## Security Considerations + +- Modifying system files (`/usr/share/applications/google-chrome.desktop`) requires sudo privileges, which can be a security risk. + +- The use of `torify` ensures anonymity, but not only that, this will allow you to make unlimited requests by exceeding the maximum number of requests per connection provided by the service you use. + +- Clearing command history can be useful for security but may also make debugging harder. + diff --git a/payloads/library/execution/Randomizing_User-Agent_in_Google_Chrome/payload.txt b/payloads/library/execution/Randomizing_User-Agent_in_Google_Chrome/payload.txt new file mode 100644 index 000000000..344b73b2b --- /dev/null +++ b/payloads/library/execution/Randomizing_User-Agent_in_Google_Chrome/payload.txt @@ -0,0 +1,83 @@ +REM_BLOCK +############################################################# +# # +# Title : Randomizing User-Agent in Google Chrome # +# Author : Aleff # +# Version : 1.0 # +# Category : Execution # +# Target : Chrome on Linux (Tested on Ubuntu) # +# # +############################################################# +END_REM + +REM Replace it with your sudo user password +DEFINE #SUDO_PSWD example + +REM May it depends... +DEFAULT_DELAY 250 + +REM Define if you want to erase the tracks of your commands +DEFINE I_WANT_TO_ERASE_THE_SHELL_TRACKS FALSE + +REM_BLOCK + Credits: Hak5 LLC + Website: https://hak5.org/ + Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/detect_ready.txt +END_REM + +EXTENSION DETECT_READY + REM VERSION 1.1 + REM AUTHOR: Korben + + REM_BLOCK DOCUMENTATION + USAGE: + Extension runs inline (here) + Place at beginning of payload (besides ATTACKMODE) to act as dynamic + boot delay + + TARGETS: + Any system that reflects CAPSLOCK will detect minimum required delay + Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms + END_REM + + REM CONFIGURATION: + DEFINE #RESPONSE_DELAY 25 + DEFINE #ITERATION_LIMIT 120 + + VAR $C = 0 + WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT)) + CAPSLOCK + DELAY #RESPONSE_DELAY + $C = ($C + 1) + END_WHILE + CAPSLOCK +END_EXTENSION + +CTRL-ALT t +DELAY 1000 + +STRINGLN_BASH + echo '#!/bin/bash' > .randomize_user_agent + echo 'UA=$(torify curl "https://user-agents.net/random" -H "content-type: application/x-www-form-urlencoded" -H "referer: https://user-agents.net/random" --data-raw "limit=1&action=generate")' >> .randomize_user_agent + echo 're="
  • (.+)<\/a><\/li>"' >> .randomize_user_agent + echo 'if [[ $UA =~ $re ]]; then + /usr/bin/google-chrome-stable --user-agent="${BASH_REMATCH[1]}" + else + /usr/bin/google-chrome-stable + fi' >> .randomize_user_agent + sudo chmod +x .randomize_user_agent +END_STRINGLN + +DELAY 750 + +STRINGLN_BASH + #SUDO_PSWD + NEW_STRING="/home/$(whoami)/.randomize_user_agent" + awk -v new="$NEW_STRING" '{gsub("/usr/bin/google-chrome-stable", new)}1' /usr/share/applications/google-chrome.desktop > tmp + sudo tee /usr/share/applications/google-chrome.desktop < tmp + gtk-update-icon-cache +END_STRINGLN + +IF_DEFINED_TRUE #I_WANT_TO_ERASE_THE_SHELL_TRACKS + STRINGLN rm $HISTFILE; exit +END_IF_DEFINED diff --git a/payloads/library/execution/Randomizing_User-Agent_in_Google_Chrome/script.sh b/payloads/library/execution/Randomizing_User-Agent_in_Google_Chrome/script.sh new file mode 100755 index 000000000..b8aab9891 --- /dev/null +++ b/payloads/library/execution/Randomizing_User-Agent_in_Google_Chrome/script.sh @@ -0,0 +1,22 @@ +echo '#!/bin/bash' > .randomize_user_agent + +echo 'UA=$(torify curl "https://user-agents.net/random" -H "content-type: application/x-www-form-urlencoded" -H "referer: https://user-agents.net/random" --data-raw "limit=1&action=generate")' >> .randomize_user_agent + +echo 're="
  • (.+)<\/a><\/li>"' >> .randomize_user_agent + +echo 'if [[ $UA =~ $re ]]; then + /usr/bin/google-chrome-stable --user-agent="${BASH_REMATCH[1]}" +else + /usr/bin/google-chrome-stable +fi' >> .randomize_user_agent + +sudo chmod +x .randomize_user_agent + +NEW_STRING="/home/$(whoami)/.randomize_user_agent" + +awk -v new="$NEW_STRING" '{gsub("/usr/bin/google-chrome-stable", new)}1' /usr/share/applications/google-chrome.desktop > tmp + +sudo tee /usr/share/applications/google-chrome.desktop < tmp + +gtk-update-icon-cache + From a0b7c1ba667cbc35588fd82aa524407127c28454 Mon Sep 17 00:00:00 2001 From: aleff-github Date: Sun, 23 Feb 2025 16:04:04 +0100 Subject: [PATCH 3/3] Remove duplicates --- .../README.md | 141 ------------------ .../payload.txt | 83 ----------- .../script | 22 --- 3 files changed, 246 deletions(-) delete mode 100644 payloads/library/execution/Randomizing User-Agent in Google Chrome/README.md delete mode 100644 payloads/library/execution/Randomizing User-Agent in Google Chrome/payload.txt delete mode 100755 payloads/library/execution/Randomizing User-Agent in Google Chrome/script diff --git a/payloads/library/execution/Randomizing User-Agent in Google Chrome/README.md b/payloads/library/execution/Randomizing User-Agent in Google Chrome/README.md deleted file mode 100644 index b8e3d27bb..000000000 --- a/payloads/library/execution/Randomizing User-Agent in Google Chrome/README.md +++ /dev/null @@ -1,141 +0,0 @@ -# Randomizing User-Agent in Google Chrome - -This DuckyScript payload automates the process of modifying the Google Chrome user-agent dynamically by integrating a random user-agent retriever using `torify` and `curl`. Additionally, it ensures that execution traces are erased if configured. - -## Why Randomizing User-Agent Matters - -One of the most crucial aspects of online privacy is minimizing trackable elements that websites can use to uniquely identify users. The user-agent, which reveals browser and operating system details, is one such element that can contribute to fingerprinting—a technique used to track users even if they clear cookies or use incognito mode. - -The Electronic Frontier Foundation (EFF) provides a tool called [Cover Your Tracks](https://coveryourtracks.eff.org/) that highlights how unique a browser fingerprint can be. Even subtle details such as screen resolution, installed plugins, and HTTP headers can contribute to a highly distinctive digital fingerprint. By randomizing the user-agent dynamically, this script mitigates one of the key tracking vectors, making it more difficult for advertisers, trackers, and malicious entities to create persistent identifiers for users. - -This script ensures that every new browser session starts with a different user-agent, making it harder for websites to link previous and current browsing activities. Additionally, by leveraging torify, it provides an extra layer of anonymity by routing the request through the Tor network, reducing the chances of associating the request with a specific IP address. - -**This tool does not anonymize you sufficiently**, but to check this and to explore it further you can read what [EFF says about it](https://www.eff.org/deeplinks/2020/11/introducing-cover-your-tracks). - -## Prerequisites -- A Linux-based system -- Google Chrome installed -- `torify`, `curl`, `awk`, and `gtk-update-icon-cache` installed -- Sudo user privileges - -## Script Breakdown - -### 1. Define Constants - -- This defines a placeholder for the sudo password, which will be required when modifying system files. - - ```ducky - REM Replace it with your sudo user password - DEFINE #SUDO_PSWD example - ``` - -- This variable is determined by the target - - ```ducky - REM May it depends... - DEFAULT_DELAY 250 - ``` - -- A conditional flag to determine whether to erase command execution history. - - ```ducky - REM Define if you want to erase the tracks of your commands - DEFINE I_WANT_TO_ERASE_THE_SHELL_TRACKS TRUE - ``` - -### 2. Open Terminal - -- Opens a terminal window and waits for 1 second. - - ```ducky - CTRL-ALT t - DELAY 1000 - ``` - -### 3. Create Bash Script to Randomize User-Agent - -- Creates a new bash script named `.randomize_user_agent`. - - ```ducky - echo '#!/bin/bash' > .randomize_user_agent - ``` - -- Retrieves a random user-agent using `torify` and `curl` from user-agents.net. - - ```ducky - echo 'UA=$(torify curl "https://user-agents.net/random" -H "content-type: application/x-www-form-urlencoded" -H "referer: https://user-agents.net/random" --data-raw "limit=1&action=generate")' >> .randomize_user_agent - ``` - -- Defines a regular expression to extract the user-agent string. - - ```ducky - echo 're="
  • (.+)<\/a><\/li>"' >> .randomize_user_agent - ``` - -- If the regex successfully extracts a user-agent, Chrome is launched with it. Otherwise, it launches normally. - - ```ducky - echo 'if [[ $UA =~ $re ]]; then - /usr/bin/google-chrome-stable --user-agent="${BASH_REMATCH[1]}" - else - /usr/bin/google-chrome-stable - fi' >> .randomize_user_agent - ``` - -- Makes the script executable. - - ```ducky - sudo chmod +x .randomize_user_agent - ``` - -- Placeholder for executing the command with sudo privileges. - - ```ducky - #SUDO_PSWD - ``` - -### 4. Modify Chrome Application Shortcut - -- Stores the path of the newly created script. - - ```ducky - NEW_STRING="/home/$(whoami)/.randomize_user_agent" - ``` - -- Modifies the Chrome `.desktop` file to replace the default executable path with the newly created script. - - ```ducky - awk -v new="$NEW_STRING" '{gsub("/usr/bin/google-chrome-stable", new)}1' /usr/share/applications/google-chrome.desktop > tmp - ``` - -- Applies the modified `.desktop` file. - - ```ducky - sudo tee /usr/share/applications/google-chrome.desktop < tmp - ``` - -- Updates the icon cache to reflect the changes. - - ```ducky - gtk-update-icon-cache - ``` - -### 5. Erase Execution Traces (Optional) - -- If enabled, removes the shell history file and exits the terminal to erase execution traces. - - ```ducky - IF_DEFINED_TRUE #I_WANT_TO_ERASE_THE_SHELL_TRACKS - REM It is assumed that a shell has already been opened... - STRINGLN rm $HISTFILE; exit - END_IF_DEFINED - ``` - -## Security Considerations - -- Modifying system files (`/usr/share/applications/google-chrome.desktop`) requires sudo privileges, which can be a security risk. - -- The use of `torify` ensures anonymity, but not only that, this will allow you to make unlimited requests by exceeding the maximum number of requests per connection provided by the service you use. - -- Clearing command history can be useful for security but may also make debugging harder. - diff --git a/payloads/library/execution/Randomizing User-Agent in Google Chrome/payload.txt b/payloads/library/execution/Randomizing User-Agent in Google Chrome/payload.txt deleted file mode 100644 index a3f5bb380..000000000 --- a/payloads/library/execution/Randomizing User-Agent in Google Chrome/payload.txt +++ /dev/null @@ -1,83 +0,0 @@ -REM_BLOCK -############################################################# -# # -# Title : Randomizing User-Agent in Google Chrome # -# Author : Aleff # -# Version : 1.0 # -# Category : Execution # -# Target : Chrome on Linux (Tested on Ubuntu) # -# # -############################################################# -END_REM - -REM Replace it with your sudo user password -DEFINE #SUDO_PSWD example - -REM May it depends... -DEFAULT_DELAY 250 - -REM Define if you want to erase the tracks of your commands -DEFINE I_WANT_TO_ERASE_THE_SHELL_TRACKS TRUE - -REM_BLOCK - Credits: Hak5 LLC - Website: https://hak5.org/ - Source: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/detect_ready.txt -END_REM - -EXTENSION DETECT_READY - REM VERSION 1.1 - REM AUTHOR: Korben - - REM_BLOCK DOCUMENTATION - USAGE: - Extension runs inline (here) - Place at beginning of payload (besides ATTACKMODE) to act as dynamic - boot delay - - TARGETS: - Any system that reflects CAPSLOCK will detect minimum required delay - Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms - END_REM - - REM CONFIGURATION: - DEFINE #RESPONSE_DELAY 25 - DEFINE #ITERATION_LIMIT 120 - - VAR $C = 0 - WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT)) - CAPSLOCK - DELAY #RESPONSE_DELAY - $C = ($C + 1) - END_WHILE - CAPSLOCK -END_EXTENSION - -CTRL-ALT t -DELAY 1000 - -STRINGLN_BASH - echo '#!/bin/bash' > .randomize_user_agent - echo 'UA=$(torify curl "https://user-agents.net/random" -H "content-type: application/x-www-form-urlencoded" -H "referer: https://user-agents.net/random" --data-raw "limit=1&action=generate")' >> .randomize_user_agent - echo 're="
  • (.+)<\/a><\/li>"' >> .randomize_user_agent - echo 'if [[ $UA =~ $re ]]; then - /usr/bin/google-chrome-stable --user-agent="${BASH_REMATCH[1]}" - else - /usr/bin/google-chrome-stable - fi' >> .randomize_user_agent - sudo chmod +x .randomize_user_agent -END_STRINGLN - -DELAY 750 - -STRINGLN_BASH - #SUDO_PSWD - NEW_STRING="/home/$(whoami)/.randomize_user_agent" - awk -v new="$NEW_STRING" '{gsub("/usr/bin/google-chrome-stable", new)}1' /usr/share/applications/google-chrome.desktop > tmp - sudo tee /usr/share/applications/google-chrome.desktop < tmp - gtk-update-icon-cache -END_STRINGLN - -IF_DEFINED_TRUE #I_WANT_TO_ERASE_THE_SHELL_TRACKS - STRINGLN rm $HISTFILE; exit -END_IF_DEFINED diff --git a/payloads/library/execution/Randomizing User-Agent in Google Chrome/script b/payloads/library/execution/Randomizing User-Agent in Google Chrome/script deleted file mode 100755 index b8aab9891..000000000 --- a/payloads/library/execution/Randomizing User-Agent in Google Chrome/script +++ /dev/null @@ -1,22 +0,0 @@ -echo '#!/bin/bash' > .randomize_user_agent - -echo 'UA=$(torify curl "https://user-agents.net/random" -H "content-type: application/x-www-form-urlencoded" -H "referer: https://user-agents.net/random" --data-raw "limit=1&action=generate")' >> .randomize_user_agent - -echo 're="
  • (.+)<\/a><\/li>"' >> .randomize_user_agent - -echo 'if [[ $UA =~ $re ]]; then - /usr/bin/google-chrome-stable --user-agent="${BASH_REMATCH[1]}" -else - /usr/bin/google-chrome-stable -fi' >> .randomize_user_agent - -sudo chmod +x .randomize_user_agent - -NEW_STRING="/home/$(whoami)/.randomize_user_agent" - -awk -v new="$NEW_STRING" '{gsub("/usr/bin/google-chrome-stable", new)}1' /usr/share/applications/google-chrome.desktop > tmp - -sudo tee /usr/share/applications/google-chrome.desktop < tmp - -gtk-update-icon-cache -