EvilPuppet x Puppeteer

EvilPuppet is a proof-of-concept man-in-the-middle(MITM) tool that uses Puppeteer in the background to capture and stream HTML content to a target browser. More than just streaming, it provides an interface that allows the target browser to remotely control the Puppeteer browser instance, simulating a real user's actions.

Features

  • Stream Puppeteer controlled web content to target browsers.

  • Allow remote control of the Puppeteer browser instance from the target browser.

  • Simulate real user behaviors like clicking, scrolling, and typing.

Prerequisites

  • Node.js

Installation

cd EvilPuppetJS

Install the dependencies

npm install

  1. Set config inside config.js

  2. Start the server:

Usage

node app.js

  1. Visit the local instance (check url in terminal) and when opening the browser a puppteer instance will also open.

Puppeteer

Puppeteer is a JavaScript library which provides a high-level API to control Chrome or Firefox over the DevTools Protocol or WebDriver BiDi. Puppeteer runs in the headless (no visible UI) by default

npm i puppeteer # Downloads compatible Chrome during installation.

npm i puppeteer-core # Alternatively, install as a library, without downloading Chrome.

import puppeteer from 'puppeteer';
// Or import puppeteer from 'puppeteer-core';

// Launch the browser and open a new blank page
const browser = await puppeteer.launch();
const page = await browser.newPage();

// Navigate the page to a URL.
await page.goto('https://developer.chrome.com/');

// Set screen size.
await page.setViewport({width: 1080, height: 1024});

// Type into search box.
await page.locator('.devsite-search-field').fill('automate beyond recorder');

// Wait and click on first result.
await page.locator('.devsite-result-item-link').click();

// Locate the full title with a unique string.
const textSelector = await page
  .locator('text/Customize and automate')
  .waitHandle();
const fullTitle = await textSelector?.evaluate(el => el.textContent);

// Print the full title.
console.log('The title of this blog post is "%s".', fullTitle);

await browser.close();

PreviousRedirection fixes and smaller improvementsNextPuppeteer Real Browser

Last updated

Was this helpful?