XSS ChEF -Chrome Extension Exploitation Framework

xss-chef-mediumXSS ChEF – is a Chrome Extension Exploitation Framework that you can use during penetration testing to execute scripts in particular vulnerable website with cross site scripting (XSS), take screenshots of the tabs to track browsing history and cookies or checking bookmarks and even change the proxy settings.

Main features include the following:

  • Monitor open tabs of victims
  • Execute JS on every tab (global XSS)
  • Extract HTML, read/write cookies (also httpOnly), localStorage
  • Get and manipulate browser history
  • Stay persistent until whole browser is closed (or even futher if you can persist in extensions’ localStorage)
  • Make screenshot of victims window
  • Further exploit e.g. via attaching BeEF hooks, keyloggers etc.
  • Explore filesystem through file:// protocol
  • Bypass Chrome extensions content script sandbox to interact directly with page JS

you can download the extension on the following link: https://github.com/koto/xsschef

Notify of
Inline Feedbacks
View all comments