    |\---/|
    | o,o |
     \_`_/-..----.
  ___/ `   ' ,""+ \
 (__...'   **\    |`.**_.'
   (_,...'(_,.`__)/'.....

Misu Secure Browser Tool

Built by Jared, named after the delightfully unhinged Misu 🐱

****SECURITY RESEARCH TOOL****

Test Purpose: The tests below with RED buttons should FAIL in a secure browser environment, but if they succeed despite your security controls, they prove the fundamental vulnerability this test demonstrates.

Enable all relevant DLP controls before testing, including:

Block all file downloads
Block all printing capabilities
Disable native messaging hosts
Prevent file saving/exporting
Block clipboard operations
Disable browser extensions

Expected Result: Red buttons should still work, proving local applications can bypass browser-based DLP controls.

MISU SERVER STATUS Required

First, verify that Misu's clever server is running and ready to serve data:

What this demonstrates: Just like Box Edit, Misu's server runs on localhost. Misu's web tricks can communicate with it even if downloads are blocked by the browser or DLP policies.

SENSITIVE DATA DISPLAY Confidential

The following sensitive information is displayed on this secure webpage. Click in the box below to edit the data:

⚠️ CONFIDENTIAL EMPLOYEE DATA ⚠️

Job Sidwell (Engineer) - SSN: 234-56-7890 - Salary: $285,000
  Interests: Boats, fishing, coding | Recent: Bass Pro Shops $450, GitHub Pro $12/mo

Pike Blisterik (Consultant) - SSN: 345-67-8901 - Salary: $310,000
  Interests: Cabins, woods, camping | Recent: REI $890, Cabela's $320

Gracie Weinberg (Manager) - SSN: 456-78-9012 - Salary: $385,000
  Interests: Bird watching | Recent: Audubon Society $85, Binoculars $650

Spike Welton (Cybersecurity Expert) - SSN: 567-89-0123 - Salary: $375,000
  Interests: Cybersecurity, has 2 cats | Recent: PetSmart $120, SANS Training $3,500

Lane Billiams 'The Captain' (Engineer) - SSN: 678-90-1234 - Salary: $295,000
  Interests: Fishing, diesel trucks | Recent: Ford Parts $890, Fishing gear $340

Jason Corden (Consultant) - SSN: 789-01-2345 - Salary: $320,000
  Interests: Ice cream, Costco | Recent: Costco $567, Ben & Jerry's $45

Stan Tree (ZTNA Expert) - SSN: 890-12-3456 - Salary: $365,000
  Interests: Zero Trust architecture | Recent: Technical books $234, Conference $2,100

DATABASE CREDENTIALS:
Server: db.company.local | Username: admin | Password: MisuSecurePass2024!

Test data extraction methods:

Security Risk: This sensitive employee data is displayed and editable on the webpage. Try editing the data above, then test both extraction methods. The bypass method uses localhost communication to extract data to local files, while the direct download should be blocked by DLP controls.

PRINT BYPASS High Risk

Send content directly to the printer using bypass method:

Security Impact: Local applications can print documents even if the browser has printing disabled. Box Edit style method opens documents in Notepad for review/printing.

Test: The "Browser Print" button uses browser print API - this should be blocked by secure browsers, while the Box Edit style bypass succeeds.

CUSTOM FILE SAVE High Risk

Save custom content to the server directory:

Security Impact: Files are saved directly to the server's running directory, making them easily accessible alongside the server files. Any content displayed in the browser can be extracted and saved locally through the helper application, regardless of browser security settings.

Test: This demonstrates how local applications can save arbitrary content to the filesystem, bypassing any browser-based file save restrictions through localhost communication.