Chromium Alloy. How to forge a hacking tool from a browser

The phrase “hacking utilities” has gradually come to acquire a negative meaning. Antivirus software teams curse them out, and users look down on them, placing them on a par with potential threats. But one can perform an audit and other relatively significant tasks simply from the browser, if it is prepared properly. In this article we take a look at the respective add-ons to Chrome, but one can find similar additions for Firefox as well.

INFO

In addition to Chrome and Firefox, the same add-ons are available for Opera and other browsers. Some of them are available in official stores or on developer websites, while other projects have found themselves a home on GitHub. Their functions overlap to a great extent, so I recommend trying all of them and only keeping the most important ones.

The charm of modern browsers is that they can replace a whole set of utilities without causing any suspicions whatsoever. They are not simply a tool to look at websites, they are universal platforms that can interact with any remote services. So let’s open “chrome://extensions/” or “about:addons”, and add-on by add-on transform the browser into a powerful tool for pentests.

WARNING


A security audit means that the resource owner must obtain preliminary agreement from the resource owner, and in most cases it requires a license. If they don’t have licenses, users can only test their own website. Neither the editorial office nor the author shall be responsible for any possible damage inflicted by improper use of the add-ons described below.

IP Address and Domain Information

Reconnaissance always precedes any new operation, and for use we’ll turn to the TCPIPutils.com add-on for help. After we get an IP, it provides a lot of interesting information about the website, the domain, and the hosting provider. A separate tab conveniently provides users with the ability to view your current IP and see what computer address the websites are finding. Install add-on at the official Chrome store.

Shodan

The next stage after viewing the entries from the open databases of official registrators is to check the site through the Shodan shadow search engine. This will also show the owner of the IP address on the map and produce a list of open ports and services, including the version number. This free add-on is available at shodan.io and the [Chrome store] (https://chrome.google.com/webstore/detail/shodan/jjalcfnidlmpjhdfepjhjbhnhkbgleap).

A search engine for the dark side

A search engine for the dark side

Port Scanner

This add-on (with a self-explanatory name) Port Scanner helps users find out more about the open ports at a remote node and see their present status. It was written by Ashok Munishwara, a software developer from India. Even though a user is on one page, they can scan the server of a completely different one. Separate buttons are used to set up scans of only open or vulnerable (most often used by trojans) ports. The range of TCP ports is also set manually. For user convenience, the entered addresses are saved in the memory. Later on they can be selected from pop-up tips as you type.

Scanning any page from a single page

Scanning any page from a single page

Proxy SwitchyOmega

It might not be the best idea to scan ports from your own IP address. Many servers are equipped with advanced firewalls and intrusion prevention systems that see port scans as the start of an attack. Best-case scenario, your IP will wind up on the black list. Worst-case scenario, you will get a visit and be politely asked to answer a couple questions. Anonymous proxies can help you avoid visits from unwanted guests, or at least delay them. Among the many options for proxy use, this add-on (previously known as Proxy SwitchySharp), offers a rather simple and user-friendly way. Proxy SwitchyOmega is installed in just two clicks, and after setup it works automatically according to pre-set rules.

Rule configuration for proxy switching

Rule configuration for proxy switching

EditThisCookie

Today each and every website aspires to assign a temporary ID to your computer, which is then saved in cookies together with all the parameters that expose who you are. Installation of the EditThisCookie add-on gives users the much needed ability to manage all cookies. The manager only displays cookies related to the active website. They can therefore be found easily without manual filters, deleted, protected from deletion, blocked, and even edited in a separate window.

Changing the ID in a cookie

Changing the ID in a cookie

The Exploit Database

Now that we’ve gathered the info we needed and got in a little warm up, it’s high time to get down to business and find the vulnerabilities on our selected website. This add-on provides convenient access to a large (and, what’s more important, updatable) database of exploits from the Offensive Security archive. The updates are checked every five minutes by default, and all new vulnerabilities are sorted by date, type, author, and description. It can be installed from Chrome store. It works wonderfully with the GHDB application.

GHDB (Google Hack Data Base)

This is a Chrome application with quick launch from the panel. It uses Google to collect examples of smart requests that help find network equipment and web platforms with known vulnerabilities. A separate section includes typical requests for network cameras, video monitoring systems and printers. The procedures to search built-in accounts and specific bugs are gathered in a separate section as well. The two last tabs contain all types of examples, from directory searches with a mountain of valuable data to Cisco PIX configuration files. The irony is the fact that Google has no problem allowing the install of GHDB from its own store.

Smart search request examples

Smart search request examples

XSS Rays

A powerful tool for penetration tests using XSS attacks. It includes a vulnerability scanner, a script inspector, a form injector, an event manager, and reverse engineering functions. This add-on can extract any forms and even lets users edit them on the fly without changing the initial object. It can also perform advanced searches using key words; and not only in the body of HTML pages, but in scripts and external event processors too. It helps us understand the structure of complicated websites and see how any displayed or concealed form is processed. XSS Rays can also be downloaded free of charge.

Examination of form content

Examination of form content

HPP Finder

This add-on examines the website in an active tab unnoticeably. It searches for elements of web applications exposed to HTTP Parameter Pollution vulnerability. In many cases, attacks that scramble parameter bounds can bypass WAF and perform SQL injections. It’s there that it works (where XSS methods are blocked). The requests in elements that WAF deems to be suspicious are splintered into harmless fragments, which due to certain aspects of processing are glued together in one command by using parameters with identical names. HPP Finder uses the method, which was discovered more than five years ago. However, the identified vulnerability deals with the fundamental drawbacks of RFC3986 and, due to this reason, is still relevant. One can only correct its appearance in a specific application, and even then it doesn’t always work.

HPP complements XSS and bypasses WAF

HPP complements XSS and bypasses WAF

Firebug Lite for Google Chrome

Firebug performs a visual analysis of the source code of websites, CSS spreadsheets, and DOM objects with the ability to alter the content of each section. When switching to different fragments of the code, the corresponding elements of the page are highlighted by a colored frame. Firebug helps explore how the web app works and perform its audit. It is one of the few add-ons that can be [downloaded] (https://chrome.google.com/webstore/detail/firebug-lite-for-google-c/bmagokdooijbeehmkpknfglimnifench), but can’t be launched on the Chrome store’s page due to security concerns.

Firebug is a console, an inspector and a debugger

Firebug is a console, an inspector and a debugger

d3coder

When analyzing website and script content, users often see data in Base64, ROT13 or other coding formats. We might also need to convert time stamps from different reference frames into a readable form, decrypt URI/URL or calculate some hash. All these tasks can be handled by the single add-on d3coder. It is activated from the context menu and has a decent set of functions, but its usability is far from praiseworthy. For instance, results of add-on operations are displayed in the pop-up window without the ability to highlight or copy them.

Form Fuzzer

An unusual tool for work with any type of forms, including concealed ones. It automatically fills them in with a pre-set text or a random set of symbols of a certain length in order to enable their subsequent processing on the website. It can also check checkboxes, switch between “radio buttons”, and check other interactive functions of a website. It has a lot of settings. Form Fuzzer is often used in pentests to speed up XSS attacks and SQL injections. Despite these features, the add-on can be downloaded in the Chrome store.

FormFuzzer — exploring interactive forms

FormFuzzer — exploring interactive forms

Request Maker

This add-on is used to send standard or modified requests to servers and analyze the response packets. It can be used for URL replacement and the modification of letter headers, and supports work with forms. It is also good for attacking web applications by changing HTTP requests. By default, Request Maker is launched from the “Add-ons” menu when the “Parameters” button is pressed. A mini-reference is integrated into each settings item, and its style is ablaze with sarcasm.

Request Maker — let the concealed be revealed!

Request Maker — let the concealed be revealed!

iMacros for Chrome

iMacros saves time by letting users automate routine operations. For instance, pentests often involve repeating similar actions on different website pages. iMacros can record and reproduce them with pre-configured settings. Typical tasks are already available in the database of examples, so it’s easy for users to create their own.

iMacros — hackers must be lazy!

iMacros — hackers must be lazy!

Web Developer

A very convenient tool to quickly change settings. Web Developer can turn plug-ins, JavaScript processing, notification displays, and pop-ups on and off in a single click. It has separate tabs for managing cookies, CSS, interactive forms, and image loading. The Tools tab contains a website source code viewer and eight validation tools through external web services where you can add in your own.

Panic Button Plus

An experienced hacker can always eat their laptop before they are arrested, but normally things don’t reach such an extreme. Sometimes it’s enough to hide tabs from colleagues by leaving behind a harmless Google page. Panic button helps do this in a single click. If you are afraid that your hand may be shaking during the crucial moment, set a masking command by using hot keys. A second stroke of the key brings all the tabs back to their places, so it’s not a bad idea to enable password protection in the settings.

In case of panic, push the button and stamp out what's on your monitor

In case of panic, push the button and stamp out what’s on your monitor


One Response to “Chromium Alloy. How to forge a hacking tool from a browser”

  1. thanks for your awesome post. I am going to use extensions 6,7 which make me able to save and share any content to Facebook. My question: what difference does it make to directly share to Facebook, or using these extensions, in terms of the added Facebook ranking? I’ve heard that Facebook ranks are increased only if one directly shares posts (or any other engagement) to Facebook, and not by third party tools…

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>