Automation is a practice and a skill that every IT professional should exercise. In penetration testing and security checks, automation is more than that; it is essential. Boring, tiring, repeated tasks, and tasks with many steps, if not left to the computer, they might not be done at all. Therefore, security professionals need to automate as many aspects of their work as possible.
Osanda Malith’s Browser Freak is an interesting step in this direction. Browser Freak’s mission is to dump the passwords stored in various browsers. This is something very useful to the security administrator and penetration expert, but also an eye opener for the regular user.
Now, NirSoft provides the tools that dump the passwords stored in various browsers and they should be commended for that. What Browser Freak accomplishes is that it automates the downloading, unzipping, and running of these tools. Impressive! This is great thinking: we should automate every aspect of our jobs, not only the core functionality. A professional security expert might not find the downloading automation to be critical to her mission, because she might download the tools once, then use them many times. Thus, she might only find the automated execution of the tools useful. But an “accidental” penetration tester will find the whole package useful, since she might not be bothered doing any of the task, if it is not fully automated, from end to end. But Browser Freak’s holistic approach should also be useful to the seasoned expert, since by running it, the penetration tester is assured that she has the latest version of the tools, since these are downloaded automatically.
Great thinking, Osanda, and great clean code! Osanda Malith’s Browser Freak is just a batch file (named BrowserFreak.bat). This batch file creates and runs VBscript scripts “. The code in these VBscripts accomplishes the tasks at hand in a manner that is clear and easy to follow. Osanda Malith told me that he could have chosen PowerShell, but he opted for the batch file and VBscript approach because he wanted his utility to be able to run not only in new systems, but in legacy ones as well.
Browser Freak is a nice utility that is a joy to run and has a menu that guides you. You can just run it; no familiarity or experience with it is necessary; the menu will help you select what you need to accomplish. Using this utility will save you time. But there is something more important than that: this utility provides you with all the options you need in a centralized interface, helping you perform the corresponding task in a much easier manner. Instead of using notes to remember sites and utilities, then using a browser to download the utilities, using a zipping utility to unzip, and running the utilities afterwards, Browser Freak will do all that for you and delete the downloaded files afterwards, if you choose so from the menu.
I hope that in the future we will see more end-to-end automation tools like this one.