XSS ChEF is a Chrome Extension Exploitation Framework, which make you alert every time when a XSS vulnerability encounters in your chrome extension.
[Read Also:- What is XSS Cross Site Scripting?]
XSS ChEF works similar like BeEF tool (Browser Exploitation Framework) which mainly focuses on browser vulnerabilities.
Features of XSS ChEF:-
Monitor open tabs of victims
Execute JS on every tab (global XSS)
Extract HTML, read/write cookies (also httpOnly), localStorage
Get and manipulate browser history
Stay persistent until whole browser is closed (or even futher if you can persist in extensions’ localStorage)
Make screenshot of victims window
Further exploit e.g. via attaching BeEF hooks, keyloggers etc.
Explore filesystem through file:// protocol
Bypass Chrome extensions content script sandbox to interact directly with page JS
Watch the Demonstration Video
Download XSS ChEF from here
