A botnet of browsers
socket.io is an amazing library which makes it very easy to use websockets. This library gives us real-time communication ability in the browser with very little code.
In this article, I go into an example of a potential misuse of socket.io. I explain how to create a Linux router, then to modify that router to harvest clients into the socket.io network. One web page, the command and control, can see everything. It could send JavaScript to all the clients at once (which is executed on the client’s browser). Or JavaScript could be targeted to individual clients as well. Every connected client’s document object model (DOM) and JavaScript fully accessible from one webpage – in real time.
This article is written for people already familiar with Linux, and Internet networking and security concepts.
(more…)