Работа с расширениями

[i0pht]

Здравствуйте друзья, у меня вопрос по работе с расширениями.
какие плюсы и минусы (трудности)?
Как установить его в браузер жертвы? Возможна ли автоматическая установка без детализации?
Откуда брать трафик?
и наконец, насколько это выгодно?

En:
Hello friends, I have a question about working with extensions.
What are the pros and cons (difficulties)?
How to install it in the victim's browser? Is it possible to install it automatically without detailing?
Where does the traffic come from?
And finally, how profitable is it?

 

[vei]

Здравствуйте друзья, у меня вопрос по работе с расширениями.
какие плюсы и минусы (трудности)?
Как установить его в браузер жертвы? Возможна ли автоматическая установка без детализации?
Откуда брать трафик?
и наконец, насколько это выгодно?

En:
Hello friends, I have a question about working with extensions.
What are the pros and cons (difficulties)?
How to install it in the victim's browser? Is it possible to install it automatically without detailing?
Where does the traffic come from?
And finally, how profitable is it?

with browser extensions, you have access to all pages the user views. image it like permanent xss with cross origin for websites. you can inject js into every page if you decide to.

to install, the user needs to accept the browser extension to be added to their browser. you could add malware to drop the extension and modify browser settings to start it, but without prior access, it's like an exe where they have to click on it and give it permissions to install.

it is just code, usually javascript. it sends traffic over http to your c2 and you c2 just accepts the data via php or whatever server side language you use. it is just like any normal malware as well. its just the browser following instructions. you can go to vx-underground and look at malicious browser extension samples there's. unpack them simply and see it is just basic html/css/js/etc. (here is an example of a malicious chrome extension https://github.com/vxunderground/Ma...vascript/Trojan.Javascript.ChromeLogger.a.zip)

it can be very profitable as it maintains persistence and is less likely to get caught by antivirus as its just running inside the browsers process. your imagination can answer this one, how valuable can it be to inject js into any page the user views? you could run a js skimmer that searched for ccs by running all keystroke strings through luhn-algo, or collecting cookies for sites and sending it to your c2, or keylogging all keyboard input using js, etc.

 

[i0pht]

with browser extensions, you have access to all pages the user views. image it like permanent xss with cross origin for websites. you can inject js into every page if you decide to.

to install, the user needs to accept the browser extension to be added to their browser. you could add malware to drop the extension and modify browser settings to start it, but without prior access, it's like an exe where they have to click on it and give it permissions to install.

it is just code, usually javascript. it sends traffic over http to your c2 and you c2 just accepts the data via php or whatever server side language you use. it is just like any normal malware as well. its just the browser following instructions. you can go to vx-underground and look at malicious browser extension samples there's. unpack them simply and see it is just basic html/css/js/etc. (here is an example of a malicious chrome extension https://github.com/vxunderground/Ma...vascript/Trojan.Javascript.ChromeLogger.a.zip)

it can be very profitable as it maintains persistence and is less likely to get caught by antivirus as its just running inside the browsers process. your imagination can answer this one, how valuable can it be to inject js into any page the user views? you could run a js skimmer that searched for ccs by running all keystroke strings through luhn-algo, or collecting cookies for sites and sending it to your c2, or keylogging all keyboard input using js, etc.

Благодарю вас