safaridriver
Created by Brendan Chamberlain (@infosecB)
Description
safaridriver is a tool that is used to enable Selenium testing via the macOS WebDriver protocol. Once enabled, the WebDriver API could be abused by attackers to communicate with external servers for command and control or exfiltration purposes.
Created | Tactics | Tags |
---|---|---|
2023-05-20 | Command and Control Exfiltration | safari selenium |
Paths
/System/Cryptexes/App/usr/bin/safaridriver
/usr/bin/safaridriver
Use Cases
Enable safaridriver
The following command can be used to enable the WebDriver Safari browser API. The command must be run as root or with sudo privileges.
sudo safaridriver --enable
Detections
- No detections at time of publishing
Resources
Acknowledgements
- Chris Ross, Cedric Owens: Farming The Apple Orchards: Living Off The Land Techniques