Browser Security Lab

An interactive training ground to explore modern web vulnerabilities.

XSS Lab

Test Reflected XSS and Content Security Policy (CSP) bypass techniques.

Launch Lab

CSRF Attack

Demonstrate a classic Cross-Site Request Forgery attack using a hidden form.

Launch Lab

Session Stealer Logs

View the C2 server logs to see if any cookies or data have been exfiltrated.

Launch Lab

MitB Simulation

Simulate a Man-in-the-Browser attack by injecting JS into the login page via DevTools.

Launch Lab

Clickjacking

Bypass SameSite=Lax cookie protection using a compromised but same-site subdomain.

Launch Lab

Drive-by Download

Test how browsers handle automatic downloads initiated from a cross-origin iframe.

Launch Lab

Clipboard Data Leak

Explore browser permissions and user gestures required for clipboard access.

Launch Lab

Reverse Tabnabbing

Exploit `window.opener` to perform a phishing attack on the previous tab.

Launch Lab

CORS & Opaque Responses

Test how browsers block cross-origin data reads and handle 'no-cors' requests.

Launch Lab

WebRTC IP Leak

Discover real IP addresses bypassing standard proxies via WebRTC STUN negotiation.

Launch Lab

Canvas Fingerprinting

Demonstrate how browsers leak unique hardware and rendering signatures for tracking.

Launch Lab

Local Network Scan

Abuse the browser to scan private network boundaries via timing attacks.

Launch Lab

Autofill Trap

Demonstrate how a malicious site steals sensitive user data by hiding input fields populated by Autofill.

Launch Lab

XS-Leaks

Infer private cross-origin data by measuring network response times.

Launch Lab