CRX Extractor

Get any Chrome Extension source code. Learn and hack!

get it
#3 Product of the DayAugust 21, 2016

CRX Extractor is a tool that makes an investigation of Chrome Extensions easy. In a matter of few clicks you can download .CRX file from the Chrome WebStore and unpack it along with all scripts source code, images and assets the extension use.

Reviews

 

Discussion

You need to become a Contributor to join the discussion - Find out how.
Israel Vicars@israelvicars · Co-founder, Unicorn.xxx
I've never created a Chrome plugin, so I'm excited to give this a try. I'm curious how plugin creators who purposely did not make their source publicly available would feel about this.
Vinay HiremathHiring@vhmth · Founder & Head of Engineering @ Loom
@israelvicars once you ship your code to a client's device, you should never assume that it is safe. I certainly don't for the Opentest extension which is why we (as well as most extension authors) minify and uglify the javascript they ship. If you are on Mac, you can also access the code of any extension installed on your computer in this folder: ~/Library/Application\ Support/Google/Chrome/Default/Extensions ~ is your home directory.
Vladimir IgnatevMaker@v_ignatyev · I believe in tech and people.
@vhmth @israelvicars May I add this hack recipe onto the CRX Extractor page?
Vinay HiremathHiring@vhmth · Founder & Head of Engineering @ Loom
@v_ignatyev @israelvicars yeah go for it. It's public info. :-)
Vladimir IgnatevMaker@v_ignatyev · I believe in tech and people.
@vhmth @israelvicars btw about "uglification" there are few lines on About page. It seems to be a problem, but I've tried few very popular chrome extensions using own tool and fortunately they were containing even source code comments )
Vinay HiremathHiring@vhmth · Founder & Head of Engineering @ Loom
@v_ignatyev @israelvicars hmm I wouldn't consider it a problem. It's honestly quite fair. 1. You want to make sure the footprint of your extension (size of the app) is as small as possible. 2. Although you want to ensure that people can check the source code for security reasons (and because this code literally runs on their device), some level of defensibility is warranted by the author.
Alain Ekambi@ekambos · Founder @ahomeit
Nice. Funny there is also a chrome extension that does this.
Vladimir IgnatevMaker@v_ignatyev · I believe in tech and people.
The purpose of this tool is not just to help people learn how to hack and build any extension. I want to increase awareness about Chrome Extensions security in general, providing an easy tool which everyone can use as a good start of analyzing any popular extension. I'm hear from you, community of the ProductHunt, how can CRXExtractor and we all together can solve these problems and make CRXExctractor more valuable to end users, who want to learn from others' code, build own great and rich Chrome Extensions, hack into ones created by others. Any feedback about this tool features, usability and content on the original site is much appreciated!
Vinay HiremathHiring@vhmth · Founder & Head of Engineering @ Loom
@v_ignatyev if security is your concern, it may be more useful to create a tool that grabs the source code and does some lexical analysis on it to generate security and compatibility reports. That would be killer for both the users of the extensions as well as the authors.
Vinay HiremathHiring@vhmth · Founder & Head of Engineering @ Loom
@v_ignatyev worth noting that Chrome has a pretty rich permissions scheme in their manifest file as well. So you see exactly what the extension is going to do when you're installing it (what powers it has).
Vladimir IgnatevMaker@v_ignatyev · I believe in tech and people.
@vhmth I thought about it, but I haven't got enough samples of malware code. Thanks for sharing the great idea!
Rison Simon@risonsimon · Front End Engineer @TeliportMe
Nice one. I use a similar plugin with which you can view the source even without downloading : https://chrome.google.com/websto....
Vladimir IgnatevMaker@v_ignatyev · I believe in tech and people.
@risonsimon using my tool you can watch the source code of this plugin too 😀 thanks for the link!
Srebalaji Thirumalai@srebalaji · Made in India. Startup enthusiast. Coder
Awesome product :) :)
Vladimir IgnatevMaker@v_ignatyev · I believe in tech and people.
@srebalaji Thanks :)