How does Async Clipboard API work?
Copy: Writing Text to the Clipboard
Text will be silently and automatically copied to the clipboard by calling writeText(), with out requesting permission. Example:
<script> navigator.clipboard.writeText('Malicious command to be copied'); </script>
How dangerous it may be if the user is satisfied to run the clipboard content?
A windows reverse shell will be made if a user type the next shortcut sequence after visiting the malicious web site generated by clipboardme: windows+x, p, ctrl + v. No want to hit enter, just persuade the target to run that “shortcut” for an attacker take control of a windows system. This scenario can occur when the target is meant to execute clipboard contents.
Paste: Reading Text from the Clipboard
Text will be read (requires permission) from the clipboard by calling readText(). Example:
<script> navigator.clipboard.readText().then(clipText => document.write(clipText)); </script>
Users routinely copy sensitive information like passwords and personal details to the clipboard, which may then be read by any page. Clipboardme tool can create a HTTPS malicious page to grab that content.
To help prevent abuse, clipboard access is just allowed when a page is the active tab and over secured domains (https). Pages in active tabs can write to the clipboard with out requesting permission, however studying from the clipboard all the time requires permission.
Chrome 66, Opera 53, Chrome for Android, Opera for Android
- Ngrok Authtoken (for TCP Tunneling): Sign up at: https://ngrok.com/signup
- Your authtoken is on the market in your dashboard: https://dashboard.ngrok.com
- Install your auhtoken: ./ngrok authtoken <YOUR_AUTHTOKEN>
Usage of Clipboardme for attacking targets with out prior mutual consent is against the law. It’s the top user’s responsibility to obey all relevant local, state and federal legal guidelines. Developers assume no legal responsibility and will not be liable for any misuse or damage brought on by this program
git clone https://github.com/thelinuxchoice/clipboardme cd clipboardme bash clipboardme.sh
Read the license before utilizing any part from this code 🙂