Login Register






SMTPMart - Buy Inbox SMTP | Leads | Shell | cPanel 100% Bonus on 1st deposit | Instant Refunds
ProxyByte $2/GB | Residential IPv4 - No Logs - 26M+ IPs - All unblocked
REFUNDING.GG | #1 REFUND SERVICE | SAME DAY REFUNDS | WORLDWIDE ORDERS | GET ITEMS 85% OFF
The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.
Thread Rating:
  • 0 Vote(s) - 0 Average


XSS ChEF - Chrome Extension Exploitation Framework filter_list
Author
Message
ZanGetsu Offline
Hi Im ZanGetsu
 *****
Registered (Gold)
Seven Years of Service
Posts: 362
Threads: 255
Reputation: 29

Points: 125NSP
Gold
XSS ChEF - Chrome Extension Exploitation Framework 09-18-2017, 10:37 PM #1
[Image: xss-chef.png]


This is a Chrome Extension Exploitation Framework - think BeEF for Chrome extensions. Whenever you encounter a XSS vulnerability in Chrome extension, ChEF will ease the exploitation.
What can you actually do (when having appropriate permissions)?
  • Monitor open tabs of victims
  • Execute JS on every tab (global XSS)
  • Extract HTML, read/write cookies (also httpOnly), localStorage
  • Get and manipulate browser history
  • Stay persistent until whole browser is closed (or even futher if you can persist in extensions' localStorage)
  • Make screenshot of victims window
  • Further exploit e.g. via attaching BeEF hooks, keyloggers etc.
  • Explore filesystem through file:// protocol
  • Bypass Chrome extensions content script sandbox to interact directly with page JS

Demo:


Download
[Image: Vs4P58c.png]

Reply







Users browsing this thread: 1 Guest(s)