Skip to Main Content
The Browser Hacker's Handbook
book

The Browser Hacker's Handbook

by Wade Alcorn, Christian Frichot, Michele Orru
March 2014
Intermediate to advanced content levelIntermediate to advanced
648 pages
16h 56m
English
Wiley
Content preview from The Browser Hacker's Handbook

CHAPTER 7

Attacking Extensions

In the previous chapter, you explored attacking the browser directly. This chapter takes you a step further along the functionality chain and shows you how to hack the browser extensions.

A browser extension is software that optionally adds or removes functionality to the browser. Third parties such as antivirus vendors or social networking sites usually create extensions. They can be voluntarily installed by the user, or even installed without the user's knowledge as a side effect of installing other programs.

Historically, browser extensions have not been developed with security in mind. Extensions can have access to sensitive user information, to the privileged APIs, or even to the underlying operating system. The absence of a security focus and the privileged context makes extensions a ripe target for hacking.

Browser extensions are very popular and present a sizable attack surface. The vulnerability classes for extensions differ substantially—they range from command injection to age-old Cross-site Scripting vulnerabilities (XSS). The sophistication of techniques for exploitation vary just as much.

Importantly for you, the extension interacts with the loaded web page and creates a readily accessible attack path. This chapter explores these paths of attack by exploiting vulnerabilities in Firefox and Chrome extensions.

Understanding Extension Anatomy

Let's explore what extensions are and how they differ from browser to browser. If you have a solid ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

The Mobile Application Hacker's Handbook

The Mobile Application Hacker's Handbook

Ollie Whitehouse, Shaun Colley, Tyrone Erasmus, Dominic Chell
Hands on Hacking

Hands on Hacking

Matthew Hickey, Jennifer Arcuri

Publisher Resources

ISBN: 9781118662090Purchase book