Information Security News

RedExt: New Red Team Tool Uses Chrome Extension for Covert Browser Data Exfiltration

by ·

RedExt is a sophisticated browser data analysis framework designed for authorized red team operations. It combines a Manifest V3 Chrome extension with a Flask-based C2 server to provide comprehensive browser data collection and analysis capabilities through a modern dark-themed dashboard.

Features

  • Cookie Extraction

    • Domain-specific filtering
    • Automatic cookie organization by domain
    • Captures all cookie attributes
    • Supports secure and httpOnly cookies

  • Browsing History Data

    • Configurable date range for history collection
    • Includes visit frequency analytics
    • Captures page titles and timestamps
    • Tracks manual URL entries vs. link clicks

  • Screenshot Capture

    • Full page capture
    • Viewport snapshots
    • Element-specific captures

  • Clipboard Capture

    • Real-time clipboard monitoring
    • Multiple content format support
    • Source URL tracking
    • Timestamp logging

  • DOM Snapshot

    • Complete DOM tree capture
    • Includes dynamic content
    • Resource dependency tracking
    • State preservation

    Local Storage Capture

    • Complete localStorage extraction
    • JSON-formatted output
    • Domain context preservation
    • Real-time data capture

  • System Reconnaissance

    • Browser environment profiling
    • Extension enumeration
    • Hardware capability assessment
    • Network configuration analysis
    • GPU information gathering

  • Bookmarks Collection

    • Bookmark folder structure
    • Complete bookmark hierarchy extraction
    • Preserves folder structure
    • Includes creation timestamps
    • Captures bookmark metadata

Core Capabilities

Comprehensive browser-based reconnaissance and data collection capabilities for security assessments.

Browser Data Collection

Secure extraction of cookies, history, bookmarks, and local storage data with advanced filtering capabilities

Stealth Operations

Dynamic command polling with randomized intervals and robust error handling for reliable operations

Advanced C2 Server

Flask-based command & control server with SQLite backend for efficient agent management and data handling

Visual Intelligence

Screenshot capture, DOM snapshots, and clipboard monitoring for comprehensive situational awareness

Technical Architecture

Browser Extension

  • • Background service worker for persistent operations
  • • Content script injection for DOM interaction
  • • Secure communication with C2 server
  • • Built with Chrome Extension Manifest V3

C2 Infrastructure

  • • Flask-based RESTful API endpoints
  • • SQLite database for data persistence
  • • Real-time agent management dashboard
  • • Flexible command scheduling system

Install & Use

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Tags: