You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For dynamic analysis/debugging of credentials stealers, I find it useful to have some Chrome extensions installed like crypto wallets and password managers. What about installing some of the common ones in a new chrome.extensions.vm package? Ideally they should be configured with a testing/fake wallet (or password database) to ensure the credentials stealers find something to steal.
I suggest starting with the following popular crypto wallet extensions that I have seen recently in crypto wallet stealers:
I don't think we need a lot of time. I think installing extension is easy, it is likely just:
Download the extension .zip or .crx
run chrome using the --load-extension argument.
Configuring the extensions to include test databases/wallets may be a bit more of work. But having the extensions installed without test data would be already good. We could start with the extensions that are easier.
Details
For dynamic analysis/debugging of credentials stealers, I find it useful to have some Chrome extensions installed like crypto wallets and password managers. What about installing some of the common ones in a new
chrome.extensions.vm
package? Ideally they should be configured with a testing/fake wallet (or password database) to ensure the credentials stealers find something to steal.I suggest starting with the following popular crypto wallet extensions that I have seen recently in crypto wallet stealers:
We could also consider:
@vm-packages what do you think? Any other extensions that you would like to have installed?
The text was updated successfully, but these errors were encountered: