Skip to content
Source code for my talk on browser extension security
Ruby JavaScript PHP Python Shell CSS HTML
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


This is the source code for my talk on Browse Extension Security which I gave at nullcon 2014.


Released under the MIT Licence.


  • silent/chrome (Source code for silent extension install in Chrome)
  • silent/firefox (Source code for silent extension install in Firefox)
  • webstore/chrome/ (Code to download extensions from the chrome webstore, and to run a static analysis over them. Results are fed to a mysql database)
  • webstore/analysis (code that powers

Silent Extension Install

This code was written a while back, and does not work with the latest versions of either Browser (FF/Chrome), but I belive can be modified and made to work again.


Since a lot of data is missing from the repo (I didn't feel like committing huge files), it is availble under the releases section of this repo. Just click on releases on the top, and you can download manifest files of over 7k extensions, and a dump of the mysql database generated by the last run of the tool.

These release files are also licenced under MIT.

The paper behind the talk can be accessed here, and the presentations are available at speakerdeck. I wrote a blog post about it here.

You can’t perform that action at this time.