VM-Packages icon indicating copy to clipboard operation
VM-Packages copied to clipboard

Published 20 hours ago verified publisher icon mandiant

Package proposal: chrome.extensions.vm

Open Ana06 opened this issue 1 year ago • 2 comments

Details

For dynamic analysis/debugging of credentials stealers, I find it useful to have some Chrome extensions installed like crypto wallets and password managers. What about installing some of the common ones in a new chrome.extensions.vm package? Ideally they should be configured with a testing/fake wallet (or password database) to ensure the credentials stealers find something to steal.

I suggest starting with the following popular crypto wallet extensions that I have seen recently in crypto wallet stealers:

We could also consider:

@vm-packages what do you think? Any other extensions that you would like to have installed?

Ana06 avatar Jan 19 '24 10:01 Ana06

Seems too niche to me to spend a lot of time on creating this. If it's easy to add extensions though, ok.

mr-tz avatar Jan 19 '24 13:01 mr-tz

I don't think we need a lot of time. I think installing extension is easy, it is likely just:

  1. Download the extension .zip or .crx
  2. run chrome using the --load-extension argument.

Configuring the extensions to include test databases/wallets may be a bit more of work. But having the extensions installed without test data would be already good. We could start with the extensions that are easier.

Ana06 avatar Jan 22 '24 11:01 Ana06