Abuse Clawdbot to steal session credentials
Overview
If a user has an unpatched version of the Clawdbot browser extension enabled, you can use this POC to steal authentication cookies from other browser tabs.
Setup
- Completely close Chrome
- Start a new Chrome session with only two tabs
- In the first tab, load this page.
Ensure that you're using the insecure http version - In the second tab, load the page of your choice.
- "Clawdbot Browser Relay" extension must be installed and active -- "Clawdbot Browser Relay started debugging this browser" should be visible at the top of both pages
- Click "Run PoC" on this page
- If your clawdbot is vulnerable:
-
Observe cookies stolen from other tab visible in this tab
-
Notice malicious content injected
-
Observe cookies stolen from other tab visible in this tab