UPDATE (Jan/13): See PoC - Selenium - Gui with 3 Hijacked Browser Windows.h2 post for another powerful example of consuming Chrome (and IE and Firefox) window in another process
Here is the video presented at OWASP BeNeLux conference, which shows how I used the O2 Platform to create a consolidated view of 3 different window's processes (one from .Net/CLR, one from Java/JM and one from C++ applications). Note that these windows are hosted by a 4th (.Net) process and are fully functional.
The objective of this 'consolidated multi-process window view', is to give developers a really strong 'vulnerability fixing environment'.
Instead of having to use multiple tools (each containing a piece of the info available about the vulnerability to fix), all information available about a specific vulnerability (in this case 'JSP File Include') is shown as an integrated view with:
- the black box security exploit (top left) provided by IBM AppScan Standard (.Net/CLR)
- the white box code analysis (top right) provided by IBM AppScan Source (Java/JVM)
- a source code editor (bottom left) provided by Eclipse (Java/CLR)
- the security guidance (bottom right) provided by Chrome (C++) showing TeamMentor
For technical details on how this view was created (and how the windows were hijacked from its original owners) see:
- Showing Chrome, Eclipse, IBM AppScan Standard and VisualStudio in the same Process/Window
- Util - Win32 Window Handle Hijack (4x host panels) v1.0.exe
- Util - Win32 Window Handle Hijack (simple) v1.0.exe
- Util - Windows Handles - View Handle Screenshot v1.0.exe
- Util - Windows Handles Viewer (Simple GUI with REPL) v1.0.exe
- Util - Windows Handles Viewer (Simple Gui) v1.0.exe
- IBM AppScan Source's and AppScan Standard's TreeViews running side-by-site in the same GUI
- Injecting a .NET REPL into an Unmanaged/C++ application (Notepad)