safaridriver

safaridriver is a tool that is used to enable Selenium testing via the macOS WebDriver protocol. Once enabled, the WebDriver API could be abused by attackers to communicate with external servers for command and control or exfiltration purposes.

Author: Brendan Chamberlain (@infosecB) Created: 2023-05-20

Command and Control Exfiltration safari selenium

Paths

/System/Cryptexes/App/usr/bin/safaridriver/usr/bin/safaridriver

Example Use Cases

Enable safaridriver

The following command can be used to enable the WebDriver Safari browser API. The command must be run as root or with sudo privileges.

sudo safaridriver --enable

Command and Control Exfiltration safari selenium

Detections

No detections at time of publishing

Resources

About WebDriver for Safari
You Talking To Me?

Acknowledgements

Chris Ross, Cedric Owens: Farming The Apple Orchards: Living Off The Land Techniques