Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The Comet browser has an extension built in that lets an AI agent perform any browser tasks a user can. Of course, driven by prompts.

Under the hood, Comet has an extension that runs in the background. It has a listener that is whitelisted for all *.perplexity.ai/* domains. With this extension, arbitrary actions can be asked to be performed. A single domain compromise or XSS would lead to a compromise then.

The company markets a hacking bot. After giving it some pages, it did find a DOM XSS (so they claim). Another human researcher found a simple JavaScript URI injection vulnerability that bypasses a Cloudflare WAF.

With access to the underlying API, they saw the command CALL_TOOL and RUN_IDLE_TEST. The former was a generalized tool executor while the latter took screenshots of the DOM of any page. Because this could handle file:// URIs, it could also read responses from arbitrary origins and local files.

They passed the usage to Hacktron to usage CALL_TOOL to see what it could do. One of them was GetContent to read the contents of a page. They tried to escalate to RCE from this tool's context but were unsuccessful.

The startAgentFromPerplexity command opened a websocket to the backend and forwarded the task information. The backend returns selectors based on the response and performs actions accordingly. Using this, they can get the browser to perform arbitrary actions. Good bug!