What is Brave Browser Sync

Brave Browser Sync is a feature that securely synchronizes your browsing data — such as bookmarks, history, passwords, extensions, and open tabs — across multiple devices without requiring a traditional account or cloud service. Instead, it uses a unique Sync Chain identified by a sync code (seed phrase), ensuring that all synced data is end-to-end encrypted and only accessible to devices that share the same sync chain. This privacy-focused design keeps users’ data protected while maintaining seamless browsing continuity across desktops and mobile devices.

Sync Chain Setup

Data Exfiltration & Delivery Technique

This technique uses Brave’s Sync feature to exfiltrate data from — or deliver data to — a target machine. Other browser sync systems generally require a profile or account for setup; Brave’s Sync can be established with only a sync code, which is why this research focuses on Brave.

We can exfiltrate data via browser extensions, bookmarks, or history. For this demonstration, I selected browser history because:

• Extensions are commonly inspected by detection systems.
• Bookmarks are more conspicuous and easier to detect.
• History entries can be buried among many legitimate URLs and more easily resemble normal browsing (for example, a Google search with additional query parameters).

Procedure (high-level):

1. Enable history syncing in Brave on both machines.
2. Convert the file to Base64 (Base64 is more robust for transferring UTF or binary data).
3. Split the Base64 string into chunks and embed each chunk into URL query parameters.
4. Add those URLs to the browser history.

Example URL format used in the demonstration:

http://example.com/?filename=name&chunk=num&b64data=data

For the demonstration I used a payload chunk length of 150 characters; this limit can be increased depending on browser support.

My tool, BrosyncDelivery, encodes any file into URLs and opens those URLs in the Brave browser so they appear in the browsing history. It can also decode those URLs directly by interacting with the Brave history database file.

Check my video on YouTube for a demonstration of exfiltration and delivery using this tool:

Note

This demonstration is intentionally not fully stealthy — it’s for educational purposes only. The technique could be made more covert by using more legitimate-looking domain names or URLs, adding entries at random intervals, or interacting directly with the history file. In the demo, I added entries by opening Brave rather than directly modifying the history database (which requires additional effort). Because this binary launches Brave, the activity may still attract attention from detection systems.

If you found this article helpful or informative, I would greatly appreciate your support by giving it a like and following me on Medium and my social media accounts. Your support will motivate me to create more content and share my knowledge and experience with others. Thank you for your support!

You can follow me for more informative material on:

• YouTube: https://www.youtube.com/@pakcyberbot
• Twitter: https://twitter.com/PakCyberbot
• LinkedIn: https://www.linkedin.com/in/pakcyberbot/
• Medium: https://pakcyberbot.medium.com/
• GitHub: https://github.com/PakCyberbot
• Instagram: https://www.instagram.com/pakcyberbot/

☕ You can support my work here: https://buymeacoffee.com/pakcyberbot