XSS ChEF: Chrome Extension Exploitation Framework
Wednesday, September 5, 2012
0
comments
XSS Chef is a framework for Google Chrome Extension Exploitation. This framework will alert each time when a XSS vulnerability encounters on a web page. With the help of this extension, finding and exploiting XSS vulnerability on a web page is now much easier.
If you are new to XSS vulnerability, I want to tell you that XSS is called Cross Site Scripting vulnerability which allow attacker to execute malicious scripts in web application. You can read older posts on HackingTricks about XSS.
Read: XSS introduction
You can see it as BeEF framework which only works for Google Chrome as an extensions.
Features of XSS ChEF
If you are new to XSS vulnerability, I want to tell you that XSS is called Cross Site Scripting vulnerability which allow attacker to execute malicious scripts in web application. You can read older posts on HackingTricks about XSS.
Read: XSS introduction
You can see it as BeEF framework which only works for Google Chrome as an extensions.
Features of XSS ChEF
- Monitor open tabs of victims
- Execute JS on every tab (global XSS)
- Extract HTML, read/write cookies (also httpOnly), localStorage
- Get and manipulate browser history
- Stay persistent until whole browser is closed (or even futher if you can persist in extensions’ localStorage)
- Make screenshot of victims window
- Further exploit e.g. via attaching BeEF hooks, keyloggers etc.
- Explore filesystem through file:// protocol
- Bypass Chrome extensions content script sandbox to interact directly with page JS
Categories:
chrome,
Hacking Tools,
penetration testing,
XSS
0 comments:
Post a Comment