From offensive-claude
Builds client-side browser exploits: V8/JSC JIT bugs to renderer R/W, V8 heap-sandbox escapes, renderer-to-browser sandbox escapes (Mojo, GPU), Electron/IPC abuse, and 1-click RCE chains.
How this skill is triggered — by the user, by Claude, or both
Slash command
/offensive-claude:browser-exploitationThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Turn a single client-side bug into full host compromise. The modern browser is a chain target: a JS-engine bug yields an in-renderer arbitrary read/write, the V8 heap sandbox must be escaped to get a native R/W, then a second logic/memory bug in a privileged process (browser broker, GPU) escapes the OS sandbox. Electron and embedded webviews collapse several of these steps. Every cluster pairs ...
references/clientside-rce-chains.mdreferences/electron-webview-rce.mdreferences/renderer-to-browser-escape.mdreferences/v8-jit-typeconfusion.mdreferences/v8-sandbox-escape.mdscripts/chain_server.pyscripts/d8_debug.shscripts/electron_audit.pyscripts/mojo_fuzz_harness.pyscripts/sandbox_escape.jsscripts/v8_typer.jsTurn a single client-side bug into full host compromise. The modern browser is a chain target: a JS-engine bug yields an in-renderer arbitrary read/write, the V8 heap sandbox must be escaped to get a native R/W, then a second logic/memory bug in a privileged process (browser broker, GPU) escapes the OS sandbox. Electron and embedded webviews collapse several of these steps. Every cluster pairs the offensive primitive with renderer-crash/IPC telemetry, Sigma/EDR detection, and cleanup OPSEC.
addrof/fakeobj and an in-renderer arbitrary R/W.contextIsolation/nodeIntegration/sandbox misconfig, preload-bridge & IPC abuse, ASAR/fuse/snapshot tampering.| Technique | ATT&CK | CWE | Reference | Script |
|---|---|---|---|---|
| JIT type confusion (TurboFan/Maglev/Turboshaft) | T1203 | CWE-843 | references/v8-jit-typeconfusion.md | scripts/v8_typer.js |
| Element-kind confusion -> addrof/fakeobj | T1203 | CWE-843 | references/v8-jit-typeconfusion.md | scripts/v8_typer.js |
| OOB read/write on JSArray/TypedArray | T1203 | CWE-787 | references/v8-jit-typeconfusion.md | scripts/v8_typer.js |
| In-renderer arbitrary R/W (fake TypedArray) | T1203 | CWE-787 | references/v8-jit-typeconfusion.md | scripts/v8_typer.js |
| V8 heap-sandbox escape via raw Wasm pointer | T1203 | CWE-787 | references/v8-sandbox-escape.md | scripts/sandbox_escape.js |
| Trusted Pointer Table / WasmExportedFunctionData abuse | T1203 | CWE-843 | references/v8-sandbox-escape.md | scripts/sandbox_escape.js |
| Code/exec via Wasm JIT region pivot | T1203 | CWE-94 | references/v8-sandbox-escape.md | scripts/sandbox_escape.js |
| Mojo IPC handle-confusion sandbox escape | T1203 | CWE-269 | references/renderer-to-browser-escape.md | scripts/mojo_fuzz_harness.py |
| GPU-process UAF/OOB (Dawn/WebGPU, ANGLE) | T1203 | CWE-416 | references/renderer-to-browser-escape.md | scripts/mojo_fuzz_harness.py |
| Mojo interface fuzzing for broker bugs | T1203 | CWE-20 | references/renderer-to-browser-escape.md | scripts/mojo_fuzz_harness.py |
| Electron contextIsolation/IPC bridge RCE | T1059.007 | CWE-1188 | references/electron-webview-rce.md | scripts/electron_audit.py |
| nodeIntegration / webviewTag preload abuse | T1059.007 | CWE-829 | references/electron-webview-rce.md | scripts/electron_audit.py |
| ASAR integrity / fuse / V8 snapshot tamper | T1574.002 | CWE-345 | references/electron-webview-rce.md | scripts/electron_audit.py |
| XSS/open-redirect -> Electron RCE | T1189 | CWE-79 | references/electron-webview-rce.md | scripts/electron_audit.py |
| 1-click drive-by chain delivery | T1189 | CWE-693 | references/clientside-rce-chains.md | scripts/chain_server.py |
| Cross-engine (JSC/WebKit) primitive port | T1203 | CWE-843 | references/clientside-rce-chains.md | scripts/chain_server.py |
# 0. Pin the exact target build (Chrome/Edge/Electron all carry a V8 version)
# chrome://version | edge://version | electron --version
jsvu --engines=v8 # local d8 of matching version
./scripts/d8_debug.sh ./d8 ./poc.js # d8 w/ exploit-friendly flags
# 1. Engine bug -> in-renderer R/W (see references/v8-jit-typeconfusion.md)
d8 --allow-natives-syntax --shell ./scripts/v8_typer.js
# yields addrof(), fakeobj(), read64()/write64() inside the V8 heap cage
# 2. Escape the V8 heap sandbox -> native R/W (references/v8-sandbox-escape.md)
d8 --no-sandbox-testing-mode ./scripts/sandbox_escape.js # local test;
# on a real build: abuse trusted Wasm object raw pointer -> overwrite RWX Wasm code
# 3. Escape the OS sandbox: Mojo broker logic bug OR GPU-process memory bug
python3 scripts/mojo_fuzz_harness.py --interface FileSystemAccess --iters 100000
# 4. Electron / webview target: audit + weaponize
python3 scripts/electron_audit.py /path/to/app.asar # finds nodeIntegration/IPC/fuse gaps
# craft IPC/preload payload from the report; package XSS->RCE
# 5. Stage the full 1-click chain and serve it
python3 scripts/chain_server.py --stage1 renderer.js --stage2 escape.js --lhost 10.0.0.5 --lport 8080
| Technique | Telemetry/IOC | Detection (Sigma/EDR) | OPSEC note |
|---|---|---|---|
| JIT type confusion | Renderer crash dumps (chrome_crashpad, crashpad_handler), GPU/renderer restarts, *-crash in ~/AppData/Local/.../Crashpad | Sigma: spike in renderer crash reports; EDR on crashpad_handler bursts | Spray/clean up corrupted arrays; bail without crashing on failed type-check; do not leave %DebugPrint calls |
| V8 sandbox escape | Native R/W faults if math is off; abnormal RWX Wasm pages | EDR: RWX region churn inside chrome.exe/renderer; ETW VirtualProtect to RWX | Keep corruption inside the cage until the last step; reuse existing RWX Wasm code page rather than allocating new |
| Mojo broker escape | Browser process spawning cmd.exe/powershell.exe/rundll32.exe; unexpected file writes by broker | Sigma: chrome.exe/msedge.exe parent -> shell child; EDR child-process rule; Mojo message audit | Live off the broker's own capabilities (file write, process launch); avoid spawning a console child — inject instead |
| GPU-process bug | GPU process crashes (--type=gpu), Dawn/ANGLE asserts, DXGI/Metal faults | EDR on GPU-process child anomalies; WebGPU enabled via policy = surface | Test against the right GPU backend (D3D11/Metal/Vulkan); fail closed without crashing the GPU process |
| Electron IPC/preload RCE | app.asar mtime change, node child of Electron app, child_process.exec | Sigma: Electron app spawning shells; FIM on app.asar/snapshot blobs | Prefer in-process JS exec (require gadget) over child_process; restore app.asar mtime after fuse/snapshot tamper |
| Drive-by chain delivery | Suspicious text/html with large encoded JS, WebSocket/long-poll to attacker host, UA-gated content | Proxy/Sigma on long base64/%u blobs in HTML; JA3/JA4 of staging host | UA/feature gate so only the exact target build receives stage-2; single-use, expiring URLs |
addrof/fakeobj and an in-cage arbitrary R/W via a fake TypedArray. Backed by v8_typer.js, d8_debug.sh.sandbox_escape.js.mojo_fuzz_harness.py.nodeIntegration/contextIsolation/sandbox matrix, preload-bridge & IPC abuse, deprecated webviewTag, ASAR integrity bypass (CVE-2025-55305) and V8 snapshot/fuse tampering, XSS->RCE. Backed by electron_audit.py.chain_server.py.npx claudepluginhub hypnguyen1209/offensive-claude --plugin offensive-claudeTurns memory-corruption bugs into reliable PoCs with primitive chains (leak → R/W → control flow) against modern mitigations. Covers stack/ROP, glibc heap & FSOP, format strings, browser/JIT type confusion & UAF, and Linux/Windows kernel LPE.
Detects and exploits JavaScript prototype pollution vulnerabilities in client-side and server-side apps for XSS, RCE, and auth bypass.
Detects and exploits JavaScript prototype pollution in client-side and server-side apps for XSS, RCE, and auth bypass via property injection. Useful for pentesting Node.js APIs, JSON merges, and JS frameworks.