IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Illustration computer screen padlocks shields digital browser windows cybersecurity
#
Firewalls
#
Network Security
#
Advanced Persistent Threat Protection

SquareX launches open-source toolkits to defend browsers

Yesterday
Author image
By Jed Nykolle Harme, Editor

SquareX has released two open-source toolkits to support security teams in simulating and defending against browser-based attacks that can evade traditional enterprise security measures.

The two new toolkits, developed by SquareX security researchers, are designed to enable red and blue teams to more effectively address attack techniques that specifically target web browsers. These methods often exploit the fact that many conventional network and endpoint security solutions have limited visibility into threats that operate solely within the browser environment, such as session hijacking and data exfiltration.

The prevalence of web browsers as the interface through which corporate resources are accessed and sensitive data is managed has elevated the browser as a key attack vector for threat actors. Despite this, most existing security frameworks continue to focus on more traditional points of compromise, like endpoints and networks.

The toolkits aim to bridge this gap by providing practical resources for offensive (red teams) and defensive (blue teams) security teams. Red teams can leverage the tools to create simulations of browser-based attacks, while blue teams can use them to learn to detect and respond to threats that might be otherwise overlooked by standard monitoring systems.

Angry Magpie toolkit

One of the new toolkits, Angry Magpie, was developed by SquareX researchers Jeswin Mathai, Pankaj Sharma and Xian Xiang Chang. It focuses on simulating data exfiltration attacks using data splicing techniques that target weaknesses in data loss prevention (DLP) systems. Angry Magpie demonstrates how attackers can employ data sharding, ciphering, transcoding, and smuggling to bypass both proxy-based and endpoint DLP solutions. These attacks can be executed through everyday browser operations such as copying to clipboard, file uploads, downloads, and printing.

This approach sheds light on how insider threats might launch data exfiltration campaigns from within a browser, offering security teams a means to recognise and counter similar techniques. The toolkit provides methods to reveal these vulnerabilities and can help teams develop targeted defences.

Copycat toolkit

The second toolkit, Copycat, was created by SquareX security researchers Dakshitaa Babu, Tejeswar S Reddy, Pankaj Sharma and Albin Antony. Copycat is designed to simulate identity and authentication attacks that are initiated through malicious or compromised browser extensions. The toolkit contains ten modules, each illustrating a distinct technique for carrying out identity compromise at the browser level, such as silent account hijacking, credential theft, two-factor authentication interception, and manipulation of OAuth flows.

The toolkit demonstrates how even browser extensions with minimal permissions - such as widely-used colour picker extensions with tabs and scripting access - can be used by attackers to compromise user identities and gain control over authenticated sessions. Recent campaigns by threat actor groups like Scattered Spider and Muddled Libra have utilised similar browser-based techniques as an entry point into enterprises.

"Enterprise security solutions are struggling to keep pace with modern attack techniques that operate entirely within web browsers. While organizations have invested heavily in endpoint detection and network security, these traditional defenses have limited visibility into browser-based threats - particularly identity attacks and data exfiltration that occur within authenticated sessions."

The release of Angry Magpie and Copycat toolkits highlights the need for enhanced collective understanding and preparedness. They intend to give security professionals both concrete attack examples and the detection mechanisms necessary for enterprise environments.

This effort is part of SquareX's broader strategy, which previously saw the introduction of a browser detection and response solution designed to deliver visibility and control within browser sessions. The company's security researchers emphasise that providing these tools to the wider community can help teams stay informed about the latest attack vectors and develop appropriate strategies in response.

"Through these toolkits, SquareX extends its impact beyond pioneering the Browser Detection and Response solution to enabling the entire security industry - ensuring teams understand actively exploited attack techniques and can build appropriate defenses."

The toolkits are open-source and available to security teams for direct use and adaptation in enterprise environments. Live demonstrations of Angry Magpie and Copycat are being held at DEF CON, offering a practical showcase of how the tools can be integrated into existing security frameworks.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Netskope unveils AI Copilot & MCP server to advance zero trust
Emerging cyber threats for 2025 target healthcare & industry
Malware complexity soars 127% as older defences miss threats
Approov secures GBP £5 million to advance mobile app security
Sophos & Rubrik launch integrated Microsoft 365 backup service

Top stories

WiseBee raises USD $2.5m to boost AI cyber defence for SMEs
Black Kite unveils ASI for targeted third-party cyber risk
Qualtrics & PureSpectrum expand partnership for AI market insights
Quantum computing exposes Active Directory to urgent new risks
Calero launches SaaS tool to cut costs & tackle shadow IT