JS-Tap

JS-Tap is a generic JavaScript payload and supporting software to help red teamers attack webapps. The JS-Tap payload can be used as an XSS payload or as a post exploitation implant.

The payload does not require the targeted user running the payload to be authenticated to the application being attacked, and it does not require any prior knowledge of the application beyond finding a way to get the JavaScript into the application.

Instead of attacking the application server itself, JS-Tap focuses on the client-side of the application and heavily instruments the client-side code.

The JS-Tap payload is contained in the telemlib.js file. This file has not been obfuscated. Prior to using in an engagement strongly consider changing the naming of endpoints, stripping comments, and highly obfuscating the payload.

Data Collected:
- Client IP address, OS, Browser
- User inputs
- URLs visited
- Cookies
- Local Storage
- Session Storage
- HTML code of pages visited
- Screenshots of pages visited
- Copy of XHR API calls: Endpoint, Method (GET, POST, etc.), Headers set, Request body and response body
- Copy of Fetch API calls: Endpoint, Method (GET, POST, etc.), Headers set, Request body and response body