safaridriver

Created by Brendan Chamberlain (@infosecB)

Description

safaridriver is a tool that is used to enable Selenium testing via the macOS WebDriver protocol. Once enabled, the WebDriver API could be abused by attackers to communicate with external servers for command and control or exfiltration purposes.

Created	Tactics	Tags
2023-05-20	Command and Control Exfiltration	safari selenium

Paths

/System/Cryptexes/App/usr/bin/safaridriver
/usr/bin/safaridriver

Use Cases

Enable safaridriver

The following command can be used to enable the WebDriver Safari browser API. The command must be run as root or with sudo privileges.

sudo safaridriver --enable

Detections

No detections at time of publishing

Resources

About WebDriver for Safari
You Talking To Me?

Acknowledgements

Chris Ross, Cedric Owens: Farming The Apple Orchards: Living Off The Land Techniques

safaridriver #

Description ##

Paths ##

Use Cases ##

Enable safaridriver ##

Detections ##

Resources ##

Acknowledgements ##