:rage4: Chrome Crusader :rage4:
Switch branches/tags
Nothing to show
Clone or download
Permalink
Failed to load latest commit information.
bin update girlspowertech May 1, 2018
docs update girlspowertech May 1, 2018
img screenshot Apr 25, 2018
src girlspowertech update Apr 25, 2018
.gitignore update Apr 27, 2018
.jshintrc linting support Apr 15, 2018
.pylintrc linting support Apr 15, 2018
LICENSE license update Apr 14, 2018
Makefile girlspowertech handout update Apr 25, 2018
README.md rtfm Apr 25, 2018
configure.sh First Commit Apr 14, 2018
requirements.txt update requirements Apr 17, 2018

README.md

License: GPL v3 Python 2 Python 3 PyPI

Chrome Crusader

Chrome Crusader is a Google Chrome browser extension malware / botnet.

Chrome Crusader

Interesting Facts

In the words of Google:

When writing a content script, you should be aware of two security issues. First, be careful not to introduce security vulnerabilities into the web site your content script is injected into. For example, if your content script receives content from another web site (for example, by making an XMLHttpRequest), be careful to filter that content for cross-site scripting attacks before injecting the content into the current page. For example, prefer to inject content via innerText rather than innerHTML. Be especially careful when retrieving HTTP content on an HTTPS page because the HTTP content might have been corrupted by a network "man-in-the-middle" if the user is on a hostile network.

:trollface: It's so easy to bypass cross-site scripting and security headers in this malware anyone can do it :trollface:

Screenshots

Chrome Crusader

Building Chrome Crusader

Download Source

git clone https://github.com/lillypad/chrome-crusader.git
cd chrome-crusader/

Building Chrome Extension

./configure.sh
make chrome

Building Chromium Extension

./configure.sh
make chromium

Building Documents

make docs

Installing CnC Server

cd cnc-server/
sudo python setup.py install
ccserver.py

Disclaimer

By using this free software you indemnify and hold harmless it's creators and understand you are using this at your own risk.