Jump to content
Login new information ×
Login new information

NETO - tool to analyze Chrome & Firefox extensions

Disco Bob

By Disco Bob
in Security & Privacy News

Recommended Posts

Disco Bob

Disco Bob

Posted
Posted

Blog translated

 

Net, our suite of extensions analysis Firefox, Chrome and more

In the area of innovation and laboratory of ElevenPaths , we have created a new tool to analyze browser extensions. Although more than a tool, it supposes a whole suite (in addition, extensible with its own plugins ) for the analysis of extensions , it is simple to use and provides useful information about own characteristics of extensions of Firefox, Chrome or Opera.

 

Why analyze extensions?
The extensions contain relevant information such as the version, the default language, the permissions that it requires for its correct operation or the structures of the URLs over which the extension will operate. It also contains pointers to other files, such as the relative path of the HTML file that will be loaded when you click on its icon or references to the JavaScript files that must be executed both in the background ( background scripts ) and with each page loaded by the browser itself ( content scripts ).

However, the analysis of the files that make up an extension can also reveal the existence of files that should not be present in applications in production. Among them, files linked to the management of versions such as GIT or other temporary and backup files may appear.

Of course, there are also extensions created as malware , adware , or to spy on the user. The examples are many and varied, especially recently in Chrome (where it has already reached a certain level of maturity , even) and in Firefox . The "fashion" at the moment, is mostly hidden mining in extensions.

The tool
It is a tool written in Python 3 and distributed as a PIP package, which facilitates the automatic installation of dependencies. 

  $ pip3 install neto

On systems where administrative privileges are not available, the package can be installed on the current user: 

  $ pip3 install neto --user

Once installed, we will create an entry point in the system with which we can call the command line application from any route.

 

https://translate.google.com/translate?ie=UTF-8&tl=en&u=https%3A%2F%2Fblog.elevenpaths.com%2F2018%2F05%2Fnueva-herramienta-neto-ciberseguridad.html

 

Neto Analysis | reader-flash_0_0_1_0.crx

https://pastebin.com/cjFB1qUZ

 

Video

 

Link to comment
Share on other sites
  • Views 336
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...