Skip to content

Security: HuuDoe/pentest-browser

Security

docs/Security.md

Security

Threat Model

pentest-browser is designed for pentesting. This means:

  • It intentionally visits hostile websites
  • It executes untrusted JavaScript
  • It sends payloads to targets

The security model focuses on protecting the host machine and preventing accidental data exfiltration, not blocking malicious sites.

Authentication

Bearer Token

All /command endpoints require a Bearer token:

curl -s http://127.0.0.1:PORT/command \
  -H "Authorization: Bearer TOKEN" \
  -d '{"command":"goto","args":["https://example.com"]}'
  • Token is generated on server start
  • Stored in ~/.pentest-browser/browse.json
  • Single root token (no scoped permissions)
  • Token file has 0o600 permissions

Token Rotation

Restart the server to generate a new token:

./dist/pb restart

URL Validation

Blocks access to metadata endpoints and local services:

  • 169.254.169.254 (AWS metadata)
  • localhost / 127.0.0.1 (local services)
  • file:// protocol (local files)
  • Internal IP ranges

This prevents the browser from accessing the host's cloud metadata or local services.

Path Security

All file operations validate paths:

  • Symlink resolution to real path
  • Safe directory validation (must be within allowed dirs)
  • Prevents directory traversal (../ attacks)
  • Screenshot and PDF outputs validated before write

State File Permissions

All files in ~/.pentest-browser/ are created with 0o600:

  • browse.json (session token)
  • states/*.json (saved browser states)
  • audit.log (command history)
  • inbox.json (collaboration notes)

Rate Limiting

Per-IP rate limiting on the HTTP server:

  • Default: 100 requests per 60 seconds
  • Prevents brute force token guessing
  • Prevents accidental DoS

No ML Classifier

Unlike gstack, pentest-browser does not include an ML security classifier. This is intentional:

  • Pentesters want to visit hostile sites
  • XSS payload pages would be blocked by a classifier
  • Phishing kits and malware sites are legitimate test targets

Trade-off: No defense-in-depth against prompt injection from page content. Use a sandboxed environment if this is a concern.

Recommendations

  1. Run in a VM or container for untrusted targets
  2. Don't expose the server port publicly — bind to localhost only
  3. Rotate tokens regularly via ./dist/pb restart
  4. Clear state between engagements: rm -rf ~/.pentest-browser/
  5. Use a dedicated user account with minimal privileges

There aren't any published security advisories