Skip to content

nguyenduchien1994/Chrome-XSS-Vulnerability

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

65 Commits
dijkstra
dijkstra
 
 
dummy_extension
dummy_extension
 
 
get_extensions
get_extensions
 
 
old
old
 
 
outputs
outputs
 
 
spoon-master
spoon-master
 
 
README.md
README.md
 
 
detect_xss.py
detect_xss.py
 
 
scan_all.sh
scan_all.sh
 
 

Repository files navigation

Detecting XSS Vulnerabilities in Chrome Extensions

By Sarah Scheffler and Hien Nguyen

Top-level files

  • detect_xss.py - given a CFG for a single file, call block_parser to detect sources and sinks, then call path_finder to detect paths between them.
  • scan_all.sh - calls detect_xss.py on many CFG files

dijkstra

This is a git clone of https://github.com/joyrexus/dijkstra with one added file:

  • path_finder.py - contains two main functions:
    • cfg_to_graph(cfg_file) - parses the CFG file into a list of nodes using functionality defined in spoon-master/test/block/block_parser.py, then parses that list into a graph that can be input to dijkstra
    • get_path_if_exists(graph, start, end) takes in the output of cfg_to_graph, a start node, and an end node. It returns a tuple (start, end, pred) where start and end are the unaltered inputs (this was useful to have as an output later), and pred is the output of dijkstra. It is a path, albeit one that is difficult to read. pred is an empty dictionary {} if there is no path.

All other files in the dijkstra folder are unaltered from the source.

dummy_extension

This contains the code for a dummy extension that contains a very basic XSS vulnerability. The basis of this code was the developer tutorial for Chrome extensions, and the extension itself was written by us.

get_extensions

This contains the code for crawling the Chrome Web Store.

  • selenium_crawler.py was the code that we eventually used to crawl the Store.
  • how_to_setup.txt explains the process of setting up the crawler (largely written to make moving our code over to the MOC server easier)
  • unzip_all_expansions.sh unzips extensions. (.crx files can be unzipped using the normal unzip utility)

outputs

This contains the text file outputs of potential vulnerabilities, sorted by extension ID and then filename.

spoon-master

This is a git clone of https://github.com/indutny/spoon with several added files:

  • test/block/block_parser.py - Main file that finds sources and sinks within a CFG. Uses regexes to check for a list of sinks and sources. It has three main functions:
    • parseCFG(filename) - parses the CFG from the output of spoon to a list of blocks, where each block is a tuple with the relevant information (block number, predecessors, successors, instructions, etc) extracted using a regex
    • get_sink_blocks(filename) - uses parseCFG` and then uses the sink regexes to detect which blocks are sinks
    • get_source_block(filename) - uses parseCFG` and then uses the source regexes to detect which blocks are sources
  • test/block/tester.py - simple file to test sink and source capturing
  • test/cfg_collector.py - script to calculate the CFG for all downloaded extensions using file_to_cfg.js
  • file_to_cfg.js - call Esprima to construct an AST and then spoon to construct a CFG for a single .js file

old

Contains a number of old or abandoned parts of this project.

Dependencies

The following are dependencies that we copied to this repository for ease of use:

The following are dependencies that can be obtained from apt-get or a similar package manager:

  • nodejs-legacy
  • nodejs
  • npm
  • xvfb
  • chromium-chromedriver

The following are dependencies that must be obtained from npm:

  • esprima
  • json
  • fs
  • estraverse
  • escodegen
  • assert

The following are dependencies that must be obtained from pip3:

  • selenium
  • pyvirtualdisplay

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages