Nondeterministic Polynomial Munchies

    rogue-module-do-not-install-do-not-use
    TypeScript icon, indicating that this package has built-in type declarations

    0.0.4 • Public • Published

    security-experiment-rogue-npm-module

    This is an experiment of a rogue npm module. DO NOT INSTALL !

    context

    In the context of my current mission, I'm doing research on JS security and how to prevent some kind of security breach. This is a demo for a presentation to my company.

    Details

    This module, once required (exposes an innocent «hello world» method), will try to hook into JS standard API to intercept plain objects with interesting keys (aka. "password"). It will then try to exfiltrate them via different methods.

    This is a proof of concept. No sensitive data should be at risk BUT you'd rather not use it with truly sensitive data.

    Only tested in latest Chrome browser environment (this is a proof of concept !)

    Typescript compatible.

    Follow up

    I then like to experiment counter-measures. If I have time and motivation...

    Keywords

    none

    Install

    npm i rogue-module-do-not-install-do-not-use

    DownloadsWeekly Downloads

    3

    Version

    0.0.4

    License

    UNLICENSED

    Last publish

    Collaborators

    • offirmo