Skip to content

Electron Applications

Electron Applications

Electron Security
ElectroVolt - Pwning Popular Desktop Apps

Debugging

You can use the --remote-debugging-port=1234 and open up localhost:1234 in chrome to get a websocket debugger to the electron application.

Extract the Election Application

Finding the asar file:

[gen0@gen0-test Temps-linux-x64]$ pwd
/tmp/Temps-linux-x64
[gen0@gen0-test Temps-linux-x64]$ ls resources/
app.asar  electron.asar

Extracting the asar file:

[gen0@gen0-test Temps-linux-x64]$ mkdir deompiled
[gen0@gen0-test Temps-linux-x64]$ asar e resources/app.asar deompiled/
[gen0@gen0-test Temps-linux-x64]$ ls deompiled/
assets  LICENSE  node_modules  package.json  README.md  src

XSS to RCE

Payload:

top.require('child_process').exec('calc')

Discord Desktop - Remote Code Execution

Discord Desktop - Remote Code Execution

Browser Isolation

Disable nodeIntegration
Disable nodeIntegrationInWorker
Enable contextIsolation
Enable sandbox
Enable websecurity
Disable allowRunningInsecureContent
Disable allowpopups in webviews

Limit navagation outside a specific domain

Validate the sender of IPC Messages

CSP