RedExt: New Red Team Tool Uses Chrome Extension for Covert Browser Data Exfiltration
RedExt is a sophisticated browser data analysis framework designed for authorized red team operations. It combines a Manifest V3 Chrome extension with a Flask-based C2 server to provide comprehensive browser data collection and analysis capabilities through a modern dark-themed dashboard.
Features
-
Cookie Extraction
- Domain-specific filtering
- Automatic cookie organization by domain
- Captures all cookie attributes
- Supports secure and httpOnly cookies
-
Browsing History Data
- Configurable date range for history collection
- Includes visit frequency analytics
- Captures page titles and timestamps
- Tracks manual URL entries vs. link clicks
-
Screenshot Capture
- Full page capture
- Viewport snapshots
- Element-specific captures
-
Clipboard Capture
- Real-time clipboard monitoring
- Multiple content format support
- Source URL tracking
- Timestamp logging
-
DOM Snapshot
- Complete DOM tree capture
- Includes dynamic content
- Resource dependency tracking
- State preservation
Local Storage Capture
- Complete localStorage extraction
- JSON-formatted output
- Domain context preservation
- Real-time data capture
-
System Reconnaissance
- Browser environment profiling
- Extension enumeration
- Hardware capability assessment
- Network configuration analysis
- GPU information gathering
-
Bookmarks Collection
- Bookmark folder structure
- Complete bookmark hierarchy extraction
- Preserves folder structure
- Includes creation timestamps
- Captures bookmark metadata
Core Capabilities
Comprehensive browser-based reconnaissance and data collection capabilities for security assessments.
Browser Data Collection
Secure extraction of cookies, history, bookmarks, and local storage data with advanced filtering capabilities
Stealth Operations
Dynamic command polling with randomized intervals and robust error handling for reliable operations
Advanced C2 Server
Flask-based command & control server with SQLite backend for efficient agent management and data handling
Visual Intelligence
Screenshot capture, DOM snapshots, and clipboard monitoring for comprehensive situational awareness
Technical Architecture
Browser Extension
- • Background service worker for persistent operations
- • Content script injection for DOM interaction
- • Secure communication with C2 server
- • Built with Chrome Extension Manifest V3
C2 Infrastructure
- • Flask-based RESTful API endpoints
- • SQLite database for data persistence
- • Real-time agent management dashboard
- • Flexible command scheduling system
Install & Use
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
