Skip to content

Scaratech/trol

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
public
public
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Trol

Proof-of-concept tool that lets you spoof requests to Securly to appear as any user.

  • I AM IN NO WAY RESPONSIBLE FOR THE TROUBLE YOU GET IN OR CAUSE FOR USING THIS TOOL

How do I set this up 😡

  1. Clone the repository
    1. Make sure you have git, node, and npm/pnpm installed
$ git clone https://github.com/scaratech/trol
$ cd trol
$ pnpm i # or npm i
  1. Configuring environment variables
    1. Create a file called .env and put in this contents
PORT=3000 # Port for the server to run on
MASTER_TOKEN="1234" # The "master token" lets you view logs and create "user tokens"
  1. Modify src/config.ts
export const config = {
    "cluster": "", // The cluster domain, you can find this by going to any blocked site and copying the domain
    "domain": "", // The E-Mail domain (For example lets say we have [email protected], this would be `example.com`), admittedly this should be removed to instead just provide an E-Mail since not all schools use FIRST_NAME@[email protected]
    "extenion_id": "", // The ID of the Securly extension you have, there are many different ways to find this
    "extension_version": "", // The version of the Securly extension, you can find this in the extensions manifest
    "search_engine": "" // Search engine for spoofing searches (Ex. https://google.com/search?q=%s)
}
  1. Build and start the server
$ pnpm build # or npm run build
$ pnpm start # or npm start

Using the front-end

  1. Open http://localhost:3000 in your browser
  2. Enter your "master token" into the correct field, then press "generate token" to get a "user token", then put that token into the correct field (If it wasn't obvious you can delete tokens by pressing "Delete token")
  • The first and last name fields are the first and last name of your target
  • "Site URL" is, well, the site you want to think Securly your target is visiting
  • "Keyword" is similar expect it will look that search up as your target
  • Repeat will send that number of requests
  • And well, "send site" and "send keyword" are obvious
  • Pressing "view logs" will, well, let you view log Only people with the master token can:
  • Generate tokens
  • Delete tokens
  • View logs

About

PoC Securly Spoofing Utility

Topics

securly securly-bypass

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages