This video starts with an overview of Chrome extension structure, detailing six key components: manifest, background scripts, content scripts, popup scripts, web accessible resources, and external resources. The FakeGPT extension, used in the Cyber Defenders lab, exhibits clear malicious behaviors: intercepting usernames, passwords, keystrokes, and exfiltrating data.
****
Receive Cyber Security Field, Certifications Notes and Special Training Videos
buymeacoffee.com/notescatalog/membership
Writeup
motasem-notes.net/chrome-extensions-can-hack-you-c…
******
Store
buymeacoffee.com/notescatalog/extras
Patreon
www.patreon.com/motasemhamdan
Instagram
www.instagram.com/mastermindstudynotes/
Google Profile
maps.app.goo.gl/eLotQQb7Dm6aiL8z6
LinkedIn
[1]: www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Instagram
www.instagram.com/mastermindstudynotes/
Twitter
twitter.com/ManMotasem
Facebook
www.facebook.com/motasemhamdantty/
TikTok
www.tiktok.com/@motasemhamdan0
***
00:21 - Overview of the Chrome Extension Challenge
00:38 - Components of a Chrome Extension
01:08 - Permissions & Manifest File
01:22 - Background Scripts Explained
01:49 - Content Scripts & DOM Interaction
02:10 - Popup Scripts & UI Risks
02:25 - Web-Accessible & External Resources
02:54 - Starting Practical Analysis
03:19 - Tools Used for Analysis (CRX Viewer)
03:55 - Deep Dive: Manifest Permissions
04:45 - Loader Script & C2 Communication
05:41 - App Script: Form & Keystroke Logging
06:24 - Data Exfiltration & Encryption
07:07 - Encoding Method Used: Base64
08:11 - Targeted Website: Facebook
09:11 - HTML Element Used: img
10:54 - Self-Deactivation Mechanism
12:09 - Capturing Form Submission
12:49 - Monitoring Keystrokes with Keydown
13:29 - Data Exfiltration Domain
14:23 - Function Used to Exfiltrate Credentials
15:36 - Encryption Algorithm Used: AES
16:07 - Accessing Cookies for Session Data