XSS ChEF v1.0 – Chrome Extension Exploitation Framework
Save Post as PDF
This is a Chrome Extension Exploitation Framework – think BeEF for Chrome extensions. Whenever you encounter a XSS vulnerability in Chrome extension, ChEF will ease the exploitation.
What can you actually do (when having appropriate permissions)?
- Monitor open tabs of victims
- Execute JS on every tab (global XSS)
- Extract HTML, read/write cookies (also httpOnly), localStorage
- Get and manipulate browser history
- Stay persistent until whole browser is closed (or even futher if you can persist in extensions’ localStorage)
- Make screenshot of victims window
- Further exploit e.g. via attaching BeEF hooks, keyloggers etc.
- Explore filesystem through file:// protocol
- Bypass Chrome extensions content script sandbox to interact directly with page JS