This post demonstrates a technique for discovering which browser addons/extensions people who visit your website have installed. This could be used for fingerprinting, compatibility purposes or pre-exploit reconnaissance.
Chrome demo (Detects top 1000 extensions)
Firefox demo(Detects ~10% of top 1000 addons)
Both demos use the well known technique of:
<img/script src='chrome://[imageFromAddon]' onload='addonExists=true' onerror='addonExists=false'>
The Firefox demo was generated using a python script that inspects the chrome.manifest of each addon for 'contentaccessible=yes', then loads the addon's install.rdf and extracts the chrome:// URI of the addon's icon. The Chrome script is extremely simple; it merely detects the manifest.json that all Chrome extensions have. Both scripts can also be used to generate detection code for addons by search keyword.
Update: For a technical explanation & more elegant implementation see
The poc on that page longer works, here's one that does: http://albinowax.users.sourceforge.net/scriptlessAddonDetect.html
Post a Comment