Skip to content
/ crx-postmessage-scanner Public

CRX postMessage Scanner is a set of scripts that can be used to find message listeners in content scripts of Chrome extensions

raz0r.name/talks/postmessage-security-in-chrome-extensions
8 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Raz0r/crx-postmessage-scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
CRXFileParser.js
CRXFileParser.js
 
 
README.md
README.md
 
 
convert.js
convert.js
 
 
download.js
download.js
 
 
harvest.js
harvest.js
 
 
package.json
package.json
 
 
template.json
template.json
 
 

Repository files navigation

crx-postmessage-scanner

CRX postMessage Scanner is a set of scripts that can be used to find message listeners in content scripts of Chrome extensions.

harvest.js

Fetches extension IDs from Chrome Web Store given a category.

download.js

Uses a list of extension IDs to download extensions.

convert.js

  • converts CRX files into ZIPs,
  • unpacks them,
  • parses manifests,
  • finds content scripts,
  • parses content scripts with Acorn JS
  • looks for message listeners using Acorn plugin
  • sends results to elasticsearch

template.json

elasticsearch has limitation on the number of indexed fields, which has to be increased:

curl -XPUT localhost:9200/_template/extensions -d @template.json

Slides

https://raz0r.name/talks/postmessage-security-in-chrome-extensions

About

CRX postMessage Scanner is a set of scripts that can be used to find message listeners in content scripts of Chrome extensions

raz0r.name/talks/postmessage-security-in-chrome-extensions

Resources

Readme
Activity

Stars

8 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages