# EvilPuppet x Puppeteer

<mark style="color:red;">EvilPuppet</mark> is a proof-of-concept man-in-the-middle(MITM) tool that uses <mark style="color:red;">Puppeteer</mark> in the background to capture and stream HTML content to a target browser. More than just streaming, it provides an interface that allows the target browser to remotely control the <mark style="color:red;">Puppeteer</mark> browser instance, simulating a real user's actions.

### Features

* Stream Puppeteer controlled web content to target browsers.
* Allow remote control of the Puppeteer browser instance from the target browser.
* Simulate real user behaviors like clicking, scrolling, and typing.

### Prerequisites

* Node.js

### Installation

```
cd EvilPuppetJS
```

**Install the dependencies**

```
npm install
```

1. Set config inside config.js
2. Start the server:

### Usage

```
node app.js

```

3. Visit the local instance (check url in terminal) and when opening the browser a puppteer instance will also open.

## Puppeteer

Puppeteer is a JavaScript library which provides a high-level API to control Chrome or Firefox over the [DevTools Protocol](https://chromedevtools.github.io/devtools-protocol/) or [WebDriver BiDi](https://pptr.dev/webdriver-bidi). Puppeteer runs in the headless (no visible UI) by default

`npm i puppeteer # Downloads compatible Chrome during installation.`&#x20;

`npm i puppeteer-core # Alternatively, install as a library, without downloading Chrome.`

```
import puppeteer from 'puppeteer';
// Or import puppeteer from 'puppeteer-core';

// Launch the browser and open a new blank page
const browser = await puppeteer.launch();
const page = await browser.newPage();

// Navigate the page to a URL.
await page.goto('https://developer.chrome.com/');

// Set screen size.
await page.setViewport({width: 1080, height: 1024});

// Type into search box.
await page.locator('.devsite-search-field').fill('automate beyond recorder');

// Wait and click on first result.
await page.locator('.devsite-result-item-link').click();

// Locate the full title with a unique string.
const textSelector = await page
  .locator('text/Customize and automate')
  .waitHandle();
const fullTitle = await textSelector?.evaluate(el => el.textContent);

// Print the full title.
console.log('The title of this blog post is "%s".', fullTitle);

await browser.close();
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://rproxylab.gitbook.io/evilginx-lab-by-cfs0x/basics/evilpuppet-x-puppeteer.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.