Chrome addons hacking: Bye Bye AdBlock filters

Continuing the Chrome extension hacking (see part 1 and 2), this time I’d like to draw you attention to the oh-so-popularAdBlock extension. It has over a million users, is being actively maintained and is a piece of a great software (heck, even I use it!). However – due to how Chrome extensions work in general it is still relatively easy to bypass it and display some ads. Let me describe two distinct vulnerabilities I’ve discovered. They are both exploitable in the newest 2.5.22 version.

tl;dr: Chrome AdBlock 2.5.22 bypasses, demo here and here, but I’d advise you to read on.

PREPARATION

If you want to analyze the extension code yourself, use my download script to fetch the addon from Chrome Web Store and read on:

1
2
3
// you need PHP with openssl extension and command line unzip for this
$ mkdir addons
$ php download.php gighmmpiobklfepjocnamgkkbiglidom AdBlock

Of course, you don’t need to, but if you won’t it makes me sad :/

More @ blog.kotowicz.net/2012/03/chrome-addons-hacking-bye-bye-adblock.html?spref=tw

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: