Home
whoof is an early stage lightweight web browser hooking framework. A web browser hook can be thought of as a backdoor in a web page allowing an attacker to execute commands in the page with or without the visitor noticing.
whoof is written with Node.js and uses WebSockets (via socket.io) to create channels between admins and hooked pages.
There are three different ports used by whoof:
- Victim Sockets
- Admin Sockets
- Admin Web App
These are configurable as described in Configuration.
To get started follow the instructions in the Installation and Configuration wiki pages before going through the Getting Started page.
Once you're up and running you will be able to access the admin web app:
From here you can explore:
If you've got ideas or notice bugs please feel free to open an issue.