SquareX Exposes Browser Security Blind Spots with New Open Source Tools at DEF CON 33

The browser has quietly become the new battleground in enterprise cybersecurity, and at DEF CON 33, SquareX is making that battle visible.

At the heart of this year’s Demo Labs, the browser security startup is releasing two open-source offensive security toolkits—Angry Magpie and Copycat—designed to expose how vulnerable enterprise defenses truly are when it comes to browser-native threats. According to SquareX, the tools were built to help both red and blue teams simulate and counter browser-based attacks that evade conventional controls like DLP, EDR, and network firewalls.

“Security teams don’t need another alert—they need visibility into the attacks they’re not seeing,” said Jeswin Mathai, one of the lead researchers behind the project. “These tools expose where legacy controls fall short and how attackers are already inside the browser perimeter.”

Angry Magpie: A DLP Nightmare Developed by researchers Jeswin Mathai, Pankaj Sharma, and Xian Xiang Chang, Angry Magpie mimics modern insider threat tactics by exploiting the blind spots of traditional data loss prevention systems. The toolkit enables four flavors of browser-based exfiltration—data sharding, ciphering, transcoding, and smuggling—executed through seemingly benign user actions like copy-paste, file uploads, or printing.

The result? A playbook for demonstrating how sensitive data can walk out the front door without ever triggering a red flag.

“Even with DLP deployed, we’re seeing attackers exfiltrate data in plain sight,” said Sharma. “These aren’t theoretical risks. They’re happening right now in browsers across enterprises.”

Copycat: Hijacking Trust One Extension at a Time While Angry Magpie targets data, Copycat goes after identity. Built by Dakshitaa Babu, Tejeswar S Reddy, Pankaj Sharma, and Albin Antony, the toolkit turns seemingly harmless browser extensions into sophisticated threat vectors. With only minor permissions, Copycat simulates attacks like silent account takeovers, OAuth flow manipulation, 2FA token theft, and credential interception.

The kicker? Many of the attack modules are built around extensions that mimic real-world tools, like popular color pickers or shopping helpers, making the threat both relatable and unsettling.

“These aren't advanced malware implants,” said Babu. “These are browser extensions that already exist in the wild. And once installed, they operate with the same trust as any enterprise app.”

Red Meets Blue at the Browser Layer Both tools will be demoed live at the Las Vegas Convention Center during DEF CON, with back-to-back sessions across August 8 and 9. SquareX is positioning these releases as more than proof-of-concept—they’re a direct call to action for security teams to rethink how they approach browser security.

The company, already known for its Browser Detection and Response platform, sees these toolkits as a way to accelerate defensive innovation across the industry.

“We’re giving security teams the opportunity to simulate what attackers are already doing,” said CEO Vivek Ramachandran. “If you can't simulate it, you can't defend against it. And right now, most enterprise defenses are flying blind inside the browser.”

In a security landscape obsessed with endpoints and networks, SquareX is sounding the alarm: the real front line is the browser. And with these new tools, they’re handing both attackers and defenders the playbook.