Browser Extension Analysis

[ POST ] https://api.malcore.io/api/browserext

Perform analysis on a browser extension file, this endpoint will accept Chromnium and Firefox based extensions

Query Params

filename1 file

Headers

apiKey string

Request

curl -X POST https://api.malcore.io/api/browserext \
-F "filename1=@/path/to/browser/extension" \
  -H "apiKey: my-api-key" \

Response

🟢 200

{'data': {'data': {'extension_type': 'firefox', 'file_count': {'discovered_files': {'.mf': 1, '.png': 9, '.sig': 1, '.js': 21, '.json': 2, '.sf': 1, '.css': 7, '.manifest': 1, '.md': 1, '.rsa': 1, '.html': 4, '.svg': 1, '.wasm': 1, '.rulesets': 1

                }

            }, 'threat_score': {'vulnerability_signatures': [], 'score': 30, 'permissions_signatures': [

                    {'severity': 'low', 'name': 'webNavigation', 'description': 'Use the chrome.webNavigation API to receive notifications about the status of navigation requests in-flight.'

                    },

                    {'severity': 'critical', 'name': 'webRequest', 'description': 'Use the chrome.webRequest API to observe and analyze traffic and to intercept, block, or modify requests in-flight.'

                    },

                    {'severity': 'high', 'name': 'tabs', 'description': "Use the chrome.tabs API to interact with the browser's tab system. You can use this API to create, modify, and rearrange tabs in the browser."

                    },

                    {'severity': 'high', 'name': 'cookies', 'description': 'Use the chrome.cookies API to query and modify cookies, and to be notified when they change.'

                    },

                    {'severity': 'medium', 'name': 'storage', 'description': 'Use the chrome.storage API to store, retrieve, and track changes to user data.'

                    },

                    {'severity': 'info', 'name': '*: //*/*', 'description': '...'}]}, 'manifest_information': {'extension_content_scripts': ['no content scripts'], 'extension_name': '__MSG_about_ext_name__', 'background_scripts': {'scripts': ['...', '...', '...', '...', '...', '...', '...', '...', '...', '...', '...', '...', '...']}, 'extension_hot_keys': ['no hot keys'], 'permissions': ['webNavigation', 'webRequest', 'webRequestBlocking', 'tabs', 'cookies', 'storage', '*://*/*', 'ftp://*/*'], 'extension_version': '2022.5.11'}, 'interesting_strings': ['...', '...', '..', '...', '...', '...', '...', '...', '...', '....', '...', '...', '...', '....', '...'}, 'isMaintenance': False, 'success': True, 'messages': [{'type': 'success', 'code': 200, 'message': 'Scan is running'}]}, 'isMaintenance': False, 'success': True}

🔴 400

{}

PreviousURL Checking NextAndroid Permission Lookup

Last updated 1 year ago