Chrowned by an Extension: Abusing the Chrome DevTools Protocol through the Debugger API

This repository contains the artifacts for the aforementioned paper. Each directory contains the files for a different Proof-Of-Concept Chromium extension. All extensions are written using the Manifest V3 specification.

Getting Started

All sample extensions can be installed by either:

• Going to chrome://extensions, clicking on "Load Unpacked" and selecting the desired artifact directory.
• Packing the artifact directory contents as a ZIP archive and drag-and-dropping it into chrome://extensions.

Contents

• Listing active targets
  • Running extensions detector
• Running on regular tabs
  • Incognito tabs debugger
  • Cookie stealer
• Running on security interstitial tabs
  • Interstitials bypasser
• Running on WebUI tabs
  • Credit card stealer
• Running on other extensions
  • Password stealer
• Attaching to the browser target
  • Another credit card stealer
  • Traffic monitor

Citing

@inproceedings{chrowned2023,
  author = {Moreno, José Miguel and Vallina-Rodriguez, Narseo and Tapiador, Juan},
  title = {{Chrowned by an Extension: Abusing the Chrome DevTools Protocol through the Debugger API}},
  booktitle = {{Proceedings of the 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)}},
  pages = {832--846},
  url = {https://doi.org/10.1109/EuroSP57164.2023.00054},
  doi = {10.1109/EuroSP57164.2023.00054},
  year = {2023},
  month = jul
}

License

The contents of this repository are available under the MIT License.