SquareX Researchers Release Toolkits to Empower Red, Blue Teams in Testing Browser-Based Attack Vectors
Enabling Security Teams to Simulate and Defend Against Modern Browser Attacks That Bypass Traditional Enterprise Defences
SquareX, the leading browser security company, is releasing two open-source toolkits at DEF CON 33 Demo Labs, enabling security teams to simulate and defend against modern browser attacks that bypass traditional enterprise defences.
Enterprise security solutions are struggling to keep pace with modern attack techniques that operate entirely within web browsers. While organisations have invested heavily in endpoint detection and network security, these traditional defences have limited visibility into browser-based threats—particularly identity attacks and data exfiltration that occur within authenticated sessions.
This security gap affects both offensive and defensive security practices. Red teams lack tools to properly simulate browser-based attacks, while blue teams struggle to detect and respond to threats their monitoring systems cannot see. Most security frameworks focus on network infiltration and endpoint compromise, largely overlooking the browser as an attack vector. Yet browsers have become the primary interface for accessing corporate resources, processing sensitive data, and managing user identities.
This August, SquareX is releasing two new open source toolkits that directly address this testing and detection deficit. Developed by SquareX security researchers, these tools enable security teams to simulate browser-based attacks across two critical vectors: data exfiltration that bypasses DLP systems and identity attacks executed through browser extensions. More importantly, they provide blue teams with concrete examples of what to monitor and defend against.
Angry Magpie: Simulating Data Exfiltration Attacks via Data Splicing Techniques
Built by SquareX security researchers Jeswin Mathai, Pankaj Sharma and Xian Xiang Chang, Angry Magpie exploits architectural limitations in DLP systems. The framework implements four exfiltration methods—data sharding, ciphering, transcoding, and smuggling—which can be executed through common browser operations like clipboard paste, file uploads, downloads, and printing. These techniques help red and blue teams simulate bypasses for proxy-based and endpoint DLP solutions. The toolkit reveals how insider threats execute data exfiltration campaigns within browser environments, helping teams recognise and counter these techniques.
Copycat: Browser Extension-based Identity Attacks Simulator
While Angry Magpie addresses data exfiltration, Copycat focuses on identity and authentication attacks through browser extensions. Created by SquareX security researchers, Dakshitaa Babu, Tejeswar S Reddy, Pankaj Sharma and Albin Antony, this toolkit demonstrates how extensions with minimal permissions can compromise user identities and hijack authenticated sessions. These attacks can be carried out even via popular color picker extensions that have tabs and scripting permissions. T
he toolkit includes 10 distinct attack modules that illustrate different aspects of browser-based identity compromise, such as silent account hijacking, credential theft, 2FA stealing and OAuth manipulation. These attacks reveal how easily authentication flows can be compromised at the browser level, a reality demonstrated by threat actors like Scattered Spider and Muddled Libra who use browser-based identity attacks as their primary enterprise entry point.
Pioneering Browser Security with SquareX Solutions
Through these toolkits, SquareX extends its impact beyond pioneering the Browser Detection and Response solution to enabling the entire security industry—ensuring teams understand actively exploited attack techniques and can build appropriate defenses.
