AppSec Israel 2016 has ended
Back To Schedule
Monday, September 19 • 15:05 - 15:50
Bot Extension - Abusing Google Chrome Extensions for Bot Attacks

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Chrome extensions have opened a variety of opportunities for either users and developers, expanding the limits of what we've known as browsing experience. Attacker have also spotted the widely usage of such extensions, and abuse people's trust in Chrome Web Store to distribute malicious extensions. This allows them to run web-based bot attacks straight from victims' browsers, shending cross-site Ajax requests, resulting in impersonation of users in third-party websites.
Furthermore, the detection of such bot attack by the attacked server is more complex than in regular distributed attacks, since real humans actually use the Chrome tab abused to attack the victim.
The lecture will include an overview on Chrome Extension abilities followed by techniques to abuse them in order to run bot attacks, as well as distribute a malicious extensions to big crowds of victims.

avatar for Tomer Cohen

Tomer Cohen

R&D Security Team Leader, Wix.com
Experienced security researcher & pentester, one of the founders of Magshimim Cyber Training Program.

Monday September 19, 2016 15:05 - 15:50 IDT
Room 10 - CS and Communications Building
  Track 2
  • Audience Defenders
  • Language Hebrew
  • Technical Level Intermediate / Advanced