Description: Browser extensions can let you easily make notes, entertain you with a game, or take an annotated screenshot of the website you're visiting. They can also XSS any website you're visiting, harvest your browsing history, replace your cookies, silently change your proxy or execute code on your machine. Even benign, legitimate extesions can do this, just because they were poorly coded. These flaws are fairly common, and the attacks are easy. In this talk meterpreter sessions will be opened, Google will be XSSed, all your mailbox will belong to us and your PGP private keys will be extracted. But as constructing attack payloads is so boring, we'll present tools that help you find vulnerable extensions, confirm the vulnerabilities and exploit them. After the talk you'll be set to go to either attack Chrome extensions or code them properly as multiple code examples will be given.
Research summary:
The presentation will consist of technical overview of Google Chrome extensions architecture, its built-in security mechanisms, inluding Content Security Policy to prevent XSS attacks. Focus will be given into bypassing the protections by leveraging poor extension coding, UI redressing attacks or side-channel attacks. I've developed a Chrome Extension Exploitation Framework - XSS CheF (https://github.com/koto/xsschef ) that gives a pentester the possibility to leverage flaws in extensions to conduct further attacks (tool is similar to BeEF in that respect). Several flaws in popular Chrome extensions will be demonstrated, with varying consequences from universal XSS flaw to Remote Code Execution on clients machine.
Some of the research has been introduced on Black Hat USA 2012 workshops I've given with Kyle Osborn ( http://media.blackhat.com/bh-us-12/Briefings/Osborn/BH_US_12_Osborn_Koto... ), multiple other real-world examples have been added though plus the research now focuses on exploiting extensions with v2 manifest, that are obligatory protected by Content Security Policy.
For More Information Please Visit : - https://www.hackinparis.com/talks-2013
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.