-
Project refactor [breaking changes]
- Refactored project tree → all features remain, but reorganized into more adequate locations
- Automatic code execution method selection, based on pointers leaked from the v8 sbx escape
-
Advanced fingerprinting features
- Early fingerprinting
- Precise browser & system fingerprinting from User-Agent data
- Basic anti-fingerprinting bypasses included
- d8 fingerprinting support for exploit development workflows
- Cross-browser & cross-platform → no more tied to Google Chrome / Windows x64
- Most of the toolkit is now browser & platform agnostic
- Support for any Chromium-based browser (including Google Chrome, Microsoft Edge, Brave, Opera, Chromium, Google Chrome for Testing, Electron-based applications)
- Full support for Windows & Linux on x64
- Limited support for x86, ARM, ARM64, Android (not tested against macOS / iOS)
- Automatic offsets → the toolkit now works on all Chromium versions since M109 (2023)
- Browser sandbox status detection
- Early fingerprinting
-
Paranoid mode: avoid crashes & forensic artifacts
- Bootstrap highly reliable and forensically sound stage-3 primitives once code execution is achieved
- Suspicious memory layouts cleanup (including restoring objects crafted for stage-2 primitives to a normal state)
- Assertion checks everywhere →
assert()can now re-run the current script without reloading the full exploit chain - Added the ability to run exploit scripts in a dedicated Worker
-
New monitoring webpage
- Test exploits remotely
- Display success / error statistics
- Trigger exploit reloads remotely
-
Documentation / Development environment
- Refactored and expanded documentation
- Added learning resources to public exploits
- Added VSCode workspace settings for a better development environment
Full Changelog: v1.1...v1.2