This repository contains proofs of concept showcasing how to attack mobile browsers with extensions. It is a well-known fact that browser extensions could cause severe harm to a browser, as they are like privileged UXSS (Universal Cross-Site Scripting).
This work is related to the Thesis I wrote for my Master's degree in Cybersecurity in 2020. The full document will be available soon.
In each folder, you'll find a minimal working example as well as an explanation of the attack
The code was tested on Fennec (Firefox Android) and Kiwi Browser (Android). As it contains proofs of concepts, some style sheets or code were written according to a specific website and are not generic.
Moreover, some attacks rely on bugs that we reported and should be patched soon, if not already done.
Coming soon:
See more details about the attacks: https://borelenzo.github.io/thesis.html