XSS ChEF v1.0 – Chrome Extension Exploitation Framework

Posted in Tools by NJ Ouchn on 17 August 2012 Tags: Chrome Extension Exploitation Framework, Ethical Hacking and Pentesting, XSS, XSS ChEF

This is a Chrome Extension Exploitation Framework – think BeEF for Chrome extensions. Whenever you encounter a XSS vulnerability in Chrome extension, ChEF will ease the exploitation.

What can you actually do (when having appropriate permissions)?

Monitor open tabs of victims
Execute JS on every tab (global XSS)
Extract HTML, read/write cookies (also httpOnly), localStorage
Get and manipulate browser history
Stay persistent until whole browser is closed (or even futher if you can persist in extensions’ localStorage)
Make screenshot of victims window
Further exploit e.g. via attaching BeEF hooks, keyloggers etc.
Explore filesystem through file:// protocol
Bypass Chrome extensions content script sandbox to interact directly with page JS

Demo

More Information, Usage & Download

Download Post in PDF

Save Post as PDF

About NJ Ouchn

ToolsWatch.org Principal Founder & Maintainer.

View all posts by NJ Ouchn →

Leave a Reply Cancel reply

[Paper] WASC: Static Analysis Technologies Evaluation Criteria v1.0 (SATEC)

The goal of the SATEC (Static Analysis Technologies Evaluation Criteria) project is to create a ...
[Report] For Their Eyes Only: The Commercialization of Digital Spying (The Citizen Lab)

The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs,at the University ...
The Art of Exploiting Injection Flaws at Black Hat Vegas 2013

(Article by Sumit 'Sid' Siddharth) Read other Sid's posts at www.notsosecure.com) So, you found a SQL ...
Book Review: Violent Python A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers

'Give a man a fish and you feed him for a day. Teach a man ...
(IN)SECURE Magazine Issue #37 Released

(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security ...

R.I.P Brad “the Nurse” Smith – A Blackhat Icon passed away

Dear all, This is a very sad news for the Hackers & Blackhat Community. After a ...
A Day in the Blackhat Arsenal without Brad ‘TheNurse’ Smith

This year, The Blackhat Arsenal had a bitter aftertaste without the participation of a renowned ...
Blackhat USA 2012: Interview with Stach & Liu Team about Google Diggity Project

Francis Brown Stach & Liu, LLC Francis Brown, CISA, CISSP, MCSE, is a Managing Partner at Stach ...
Blackhat USA 2012: Interview with FishNet Team about SIRA

Justin Engler FishNet Security Justin Engler is a Senior Security Consultant for FishNet Security's Application Security practice. ...
Blackhat USA 2012: Interview with Raphael Mudge about Armitage (Also Introducing CobaltStrike)

Raphael Mudge Strategic Cyber LLC Raphael Mudge is the founder of Strategic Cyber LLC, a Washington, DC ...