whoof: Web-Browser Hooking Framework
whoof (Web-Browser Hooking Framework)
whoof is an early stage lightweight web browser hooking framework. A web browser hook can be thought of as a backdoor in a web page allowing an attacker to execute commands in the page with or without the visitor noticing. It is a web application security tool to manage, execute and assess web browser vulnerabilities.
whoof uses Node/Express server-side, with React/Redux on the client-side.
Hooked browsers are managed via WebSockets.
Features
Custom Attacks
Use the attack builder to construct custom attacks on the fly.
Execute Arbitrary Commands with the Terminal
Use the terminal to execute arbitrary commands or retrieve data from hooked pages. 
Easily import/export attacks
One click downloads an exported attack which can easily be imported into the admin web app.
This repo was built off of and ejected from Facebook’s create-react-app
Install
$ git clone https://github.com/compewter/whoof.git $ cd /path/to/repo $ npm install $ cd client $ npm install
Use
Copyright 2015-2017 Michael Wetherald
Source: https://github.com/compewter/
