Post Apocalypse is a tool for researching postMessage communication, it allows you to track, explore and exploit postMessages vulnerabilities, with abilities to replay messages sent between windows of any attached browser.
Node is required
git clone https://github.com/gourarie/post-apocalypse.git
cd post-apocalypse
npm install- Make sure posta server is up and running (via
node posta.js) - Use one of the proxy-helpers to inject the agent.js
- Make sure your browser is passing through the proxy and agent.js found in responses
headtag - Browse to http://post.apocalypse:28010/ and hack
Post Apocalypse uses Javascript hooks and wraps postMessages' receievers in order to intercept postMessages by injecting a agent.js script into any website you visit; you can do so easily via proxy-helpers. The agent communicates with posta server allows you to get a nice UI to investigate on.
Chen Gour Arie
Barak Tawily
Omer Yaron