Skip to content
/ Extensions-against-mobile-browsers Public

Some PoCs targeting mobile devices thanks to browser extensions

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

BorelEnzo/Extensions-against-mobile-browsers

BranchesTags

Repository files navigation

Attacking mobile browsers with extensions

This repository contains proofs of concept showcasing how to attack mobile browsers with extensions. It is a well-known fact that browser extensions could cause severe harm to a browser, as they are like privileged UXSS (Universal Cross-Site Scripting).

This work is related to the Thesis I wrote for my Master's degree in Cybersecurity in 2020. The full document will be available soon.

In each folder, you'll find a minimal working example as well as an explanation of the attack

Disclaimer

⚠️ This repository is for research and/or educational purposes only, the use of this code is your responsibility. I take no responsibility nor liability for how it is used. By using any of the files available in this repository, you are agreeing to use it AT YOUR OWN RISK.

Future work

The code was tested on Fennec (Firefox Android) and Kiwi Browser (Android). As it contains proofs of concepts, some style sheets or code were written according to a specific website and are not generic.
Moreover, some attacks rely on bugs that we reported and should be patched soon, if not already done.

Coming soon:

See more details about the attacks: https://borelenzo.github.io/thesis.html

About

Some PoCs targeting mobile devices thanks to browser extensions

Topics

javascript security exploit browser-extension

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages