HackerBrowser
HackerBrowser is Cyberstrikeβs built-in browser automation system designed for web security testing. It provides full browser control with automatic traffic capture, visual feedback, and seamless agent integration.
π¬ GIF: hacker-browser-demo.gif
HackerBrowser automated security testing
Overview
HackerBrowser enables:
- Visual browser automation - See exactly what the agent is doing
- Automatic traffic capture - Every HTTP request/response is logged
- HAR file export - Export traffic for analysis in Burp Suite, OWASP ZAP
- Console logging - Capture JavaScript errors and logs
- Screenshot evidence - Document findings with visual proof
- Form interaction - Fill and submit forms programmatically
- JavaScript execution - Run custom scripts in page context
Architecture
π DIAGRAM: hacker-browser-architecture.mmd
HackerBrowser internal architecture
Core Components
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ Cyberstrike CLI ββ (Agent Conversation) ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β βΌββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ Browser Tool ββ βββββββββββββββ βββββββββββββββ βββββββββββββββββββββββ ββ β Actions β β State β β Traffic Capture β ββ β Handler β β Manager β β (HAR Recording) β ββ βββββββββββββββ βββββββββββββββ βββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β βΌββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ Playwright Engine ββ βββββββββββββββ βββββββββββββββ βββββββββββββββββββββββ ββ β Chromium β β DevTools β β Network Monitor β ββ β Browser β β Protocol β β β ββ βββββββββββββββ βββββββββββββββ βββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β βΌββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ Visual Interface ββ βββββββββββββββββββββββββ βββββββββββββββββββββββββββββββββ β Control Tab β β Target Tab βββ β (Cyberstrike UI) β β (Web Application) βββ β βββββββββββββββββ β β βββββββββββββββββββββββ βββ β β Status Panel β β β β Cyberstrike Banner β βββ β β Network Activeβ β β β "Debugging active" β βββ β β DevTools Readyβ β β βββββββββββββββββββββββ€ βββ β βββββββββββββββββ β β β Target Web Page β βββ βββββββββββββββββββββββββ β β (with blue border) β βββ β βββββββββββββββββββββββ βββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββState Management
Each session has its own browser state:
interface BrowserState { browser: Browser // Playwright Browser instance context: BrowserContext // Browser context with HAR recording page: Page // Main working page networkLogs: NetworkEntry[] // In-memory request/response logs consoleLogs: ConsoleEntry[] // Console messages and errors harPath: string // Path to HAR file on disk}The browser persists across multiple tool calls within a session, allowing complex multi-step workflows.
How It Works
1. Launch Process
When you ask the agent to use the browser:
> Launch the browser and go to https://target.comThe agent calls:
browser launchbrowser navigate url="https://target.com"What happens internally:
- Playwright loads Chromium in visible mode (not headless)
- HAR recording starts - All traffic saved to
cyberstrike-session-{id}.har - Two tabs open:
- Tab 1: Control Panel - Navy blue dashboard showing status
- Tab 2: Working Tab - Where target sites are loaded
- Injection script prepared - Banner will be added to all visited pages
- Event listeners attached - Network and console monitoring begins
2. Visual Feedback System
πΈ SCREENSHOT: browser-banner.png
Cyberstrike banner on target page
Cyberstrike Banner
Every page visited shows a banner at the top:
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ π "Cyberstrike" started debugging this browser [Cancel]ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββFeatures:
- Navy blue gradient background
- Always visible (z-index: 2147483647)
- Cancel button to close browser
- 40px height, pushes page content down
Page Border
Target pages have a 3px navy blue border indicating Cyberstrike control:
body { border: 3px solid #1e3a5f !important;}Control Panel Tab
The first tab shows a status dashboard:
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ CYBERSTRIKE ββ Browser Control ββ ββ βββββββββββββββββββββββββββββββββββββββββββββββββββ ββ β β Connected β ββ β Cyberstrike is controlling this browser β ββ βββββββββββββββββββββββββββββββββββββββββββββββββββ ββ ββ ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ ββ β DevTools β β Network β β Screenshot β ββ β Ready β β Capture β β Ready β ββ β β β Active β β β ββ ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ ββ ββ Network traffic is being captured automatically. ββ Use 'browser har' to export traffic. ββ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ3. Traffic Capture
All HTTP/HTTPS traffic is automatically captured:
// Request capturepage.on("request", (request) => { networkLogs.push({ timestamp: Date.now(), method: request.method(), // GET, POST, PUT, DELETE url: request.url(), requestHeaders: request.headers(), requestBody: request.postData(), resourceType: request.resourceType() // document, xhr, script })})
// Response capturepage.on("response", async (response) => { // Match with request and add: entry.status = response.status() // 200, 404, 500 entry.statusText = response.statusText() // OK, Not Found entry.responseHeaders = response.headers() entry.responseBody = await response.text() // For text/json content entry.duration = Date.now() - entry.timestamp})Whatβs captured:
- Request method, URL, headers, body
- Response status, headers, body
- Timing information
- Resource type (document, XHR, script, stylesheet, etc.)
4. Console Logging
JavaScript console output is captured:
page.on("console", (msg) => { consoleLogs.push({ timestamp: Date.now(), type: msg.type(), // log, error, warn, info text: msg.text(), location: msg.location()?.url })})
page.on("pageerror", (error) => { consoleLogs.push({ timestamp: Date.now(), type: "error", text: error.message })})CLI + Browser Integration
Real-Time Visibility
While you chat with the agent in the CLI, you can simultaneously:
- Watch the browser window - See navigation, clicks, form fills
- Monitor the control tab - Verify connection status
- Check traffic in real-time - Using
browser network
π¬ GIF: cli-browser-split.gif
Split screen: CLI conversation with browser visible
Example Workflow
In CLI:
You: Test the login page for SQL injection
Agent: I'll launch the browser and test the login form.
[browser launch]Browser launched. Control panel open in first tab.
[browser navigate url="https://target.com/login"]Navigated to login page. Page title: "Login - Target App"
[browser fill selector="#username" value="admin' OR '1'='1' --"]Filled username field with SQL injection payload.
[browser fill selector="#password" value="anything"]Filled password field.
[browser click selector="#login-btn"]Clicked login button.
[browser status]Current URL: https://target.com/dashboardTitle: "Dashboard - Welcome Admin"
FINDING: SQL Injection vulnerability confirmed!The login was bypassed using a basic SQL injection payload.Meanwhile in Browser Window:
- You see the login page load
- Watch fields being filled with payloads
- See the form submit
- Observe the redirect to dashboard
Status Monitoring
The agent can check browser state anytime:
[browser status]Returns:
{ "url": "https://target.com/dashboard", "title": "Dashboard - Welcome Admin", "recentRequests": [ "POST /api/login - 302", "GET /dashboard - 200", "GET /api/user/profile - 200" ], "recentConsoleLogs": [ "[info] User authenticated successfully", "[warn] Session token expires in 30 minutes" ]}Agent Integration
Automatic Browser Preference
Security agents are configured to prefer browser over other tools:
// In agent prompts (e.g., bug-hunter.txt)## CRITICAL: Browser Behavior
**ALWAYS use the browser tool for ALL web operations:**- URLs, navigation β `browser navigate`- Web searching β `browser navigate url="https://google.com/search?q=..."`- Fetching page content β `browser navigate` + `browser content`
**NEVER use these tools for web:**- `webfetch` tool (no traffic capture)- `websearch` tool (no traffic capture)- `open` or `xdg-open` (no control)Agent Permissions
All security agents have browser access enabled:
{ "web-application": { "browser": "allow" }, "cloud-security": { "browser": "allow" }, "internal-network": { "browser": "allow" }, "bug-hunter": { "browser": "allow" }}Permission Prompts
Before browser actions, youβre prompted:
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ Browser: Navigate to https://target.com/admin ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€β Allow browser automation? ββ ββ [y] Yes, once ββ [a] Yes, always for this domain ββ [n] No ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββAvailable Actions
Navigation & State
| Action | Parameters | Description |
|---|---|---|
launch | - | Start browser with traffic capture |
navigate | url | Go to URL, wait for network idle |
status | - | Get current URL, title, recent activity |
content | - | Extract page text, links, forms |
close | - | Close browser, save HAR file |
Interaction
| Action | Parameters | Description |
|---|---|---|
click | selector | Click element |
fill | selector, value | Fill input field |
execute | script | Run JavaScript |
wait | selector? | Wait for element or network |
Evidence Collection
| Action | Parameters | Description |
|---|---|---|
screenshot | selector?, fullPage? | Capture screenshot |
network | filter? | Get captured traffic |
har | - | Export HAR file |
console | - | Get console logs |
Traffic Analysis
Viewing Network Traffic
> Show me all POST requests to the APIAgent uses:
browser network filter={"method": "POST", "urlPattern": "/api"}Returns:
[ { "timestamp": "2025-01-15T10:30:45.123Z", "method": "POST", "url": "https://target.com/api/login", "status": 200, "requestHeaders": { "Content-Type": "application/json" }, "requestBody": "{\"username\":\"admin\",\"password\":\"test\"}", "responseHeaders": { "Set-Cookie": "session=abc123..." }, "responseBody": "{\"success\":true,\"token\":\"eyJ...\"}", "duration": 245 }]Exporting HAR Files
> Export the traffic for Burp Suite analysisAgent uses:
browser harCreates: traffic-1705312245123.har
HAR format (HTTP Archive 1.2):
{ "log": { "version": "1.2", "creator": { "name": "Cyberstrike", "version": "1.0.0" }, "entries": [ { "startedDateTime": "2025-01-15T10:30:45.123Z", "time": 245, "request": { "method": "POST", "url": "https://target.com/api/login", "headers": [...], "postData": {...} }, "response": { "status": 200, "headers": [...], "content": {...} } } ] }}Use with:
- Burp Suite - Import for replay and analysis
- OWASP ZAP - Import for scanning
- Charles Proxy - Traffic review
- Browser DevTools - Network analysis
Content Extraction
Getting Page Content
browser contentReturns structured data:
{ "url": "https://target.com/login", "title": "Login - Target App", "textContent": "Login to your account...", "links": [ { "text": "Forgot Password", "href": "/forgot" }, { "text": "Register", "href": "/register" } ], "forms": [ { "action": "/api/login", "method": "POST", "inputs": [ { "type": "text", "name": "username", "id": "username" }, { "type": "password", "name": "password", "id": "password" }, { "type": "hidden", "name": "csrf", "id": "csrf-token" } ] } ]}This helps agents understand page structure without parsing HTML.
JavaScript Execution
Running Custom Scripts
> Extract all API endpoints from the JavaScriptAgent uses:
browser execute script=" const scripts = document.querySelectorAll('script'); const endpoints = []; scripts.forEach(s => { const matches = s.textContent.match(/['\"]\/api\/[^'\"]+['\"]/g); if (matches) endpoints.push(...matches); }); return [...new Set(endpoints)];"Common Scripts
Get all cookies:
document.cookieExtract local storage:
JSON.stringify(localStorage)Find hidden inputs:
Array.from(document.querySelectorAll('input[type=hidden]')) .map(i => ({name: i.name, value: i.value}))Trigger events:
document.querySelector('#target').dispatchEvent(new Event('click'))Security Testing Examples
SQL Injection Testing
> Test the search form for SQL injection
[browser navigate url="https://target.com/search"][browser fill selector="#search" value="' OR '1'='1"][browser click selector="#search-btn"][browser content]// Check if unexpected results appear
[browser fill selector="#search" value="'; DROP TABLE users; --"][browser click selector="#search-btn"][browser network filter={"urlPattern": "/search"}]// Analyze server response for errorsXSS Testing
> Test for reflected XSS in the name parameter
[browser navigate url="https://target.com/profile?name=<script>alert(1)</script>"][browser execute script=" return document.body.innerHTML.includes('<script>alert(1)</script>')"]// If true, XSS vulnerability exists
[browser screenshot]// Capture evidenceAuthentication Testing
> Test session management after logout
[browser navigate url="https://target.com/login"][browser fill selector="#user" value="testuser"][browser fill selector="#pass" value="testpass123"][browser click selector="#login"]
// Capture session token[browser execute script="document.cookie"]
// Logout[browser navigate url="https://target.com/logout"]
// Try to access protected page with old session[browser navigate url="https://target.com/dashboard"][browser status]// Check if redirected to login or still accessibleBrowser Extension
Cyberstrike includes an optional browser extension for additional integration:
Extension Structure
browser-extension/βββ manifest.json # Manifest V3 configurationβββ content.js # Banner injection scriptβββ styles.css # Visual stylingβββ icon16.pngβββ icon48.pngβββ icon128.pngAlternative Theming
The extension provides an orange-themed banner (vs the default navy):
.cyberstrike-banner { background: linear-gradient(135deg, #ff6b35 0%, #f7931e 100%); color: white;}When to Use Extension
- Playwright injection (default): Works automatically, no installation
- Browser extension: For manual browsing with Cyberstrike awareness
Best Practices
1. Always Launch First
browser launchbrowser navigate url="..."Donβt assume browser is running.
2. Use Status to Monitor
browser statusCheck page state before interactions.
3. Export Evidence
browser screenshotbrowser harDocument findings before closing.
4. Clean Close
browser closeEnsures HAR file is saved properly.
5. Timeout Handling
Operations have 30-second default timeout. For slow pages:
browser navigate url="https://slow-target.com" timeout=60000Troubleshooting
Browser Wonβt Launch
Error: Playwright not installedSolution:
npx playwright install chromiumPage Not Loading
Check:
- URL is correct and accessible
- Network connectivity
- Target isnβt blocking automation
Traffic Not Captured
Ensure:
- Browser was launched with
browser launch - Not using external browser
- HAR recording is active (check control panel)
Injection Not Working
Some pages may block injections:
- Content Security Policy restrictions
- Frame sandboxing
- JavaScript disabled
Tip
Use browser status frequently to understand current page state and debug issues.
Related Documentation
- Browser Tool - Basic browser documentation
- Web Application Agent - Web testing agent
- Permissions - Browser permissions