{"id":15010765,"url":"https://github.com/ivan-sincek/browser-extension-automation","last_synced_at":"2025-04-09T18:35:10.625Z","repository":{"id":236318908,"uuid":"792373488","full_name":"ivan-sincek/browser-extension-automation","owner":"ivan-sincek","description":"Run a browser extension in a sandboxed web browser and without any fear of corrupting or loosing your real data.","archived":false,"fork":false,"pushed_at":"2024-12-14T19:47:28.000Z","size":701,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-03-23T20:37:17.020Z","etag":null,"topics":["automation","browser-extension","brute-force","bug-bounty","chrome","chrome-extension","chromium","end-to-end-testing","ethical-hacking","fuzzing","offensive-security","penetration-testing","playwright","python","quality-assurance","security","web"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ivan-sincek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-26T14:35:43.000Z","updated_at":"2025-01-19T17:52:00.000Z","dependencies_parsed_at":"2024-12-14T20:23:52.362Z","dependency_job_id":"eed24b7e-d830-4c2b-9360-ac7312ba6507","html_url":"https://github.com/ivan-sincek/browser-extension-automation","commit_stats":null,"previous_names":["ivan-sincek/browser-extension-automation"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fbrowser-extension-automation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fbrowser-extension-automation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fbrowser-extension-automation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fbrowser-extension-automation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ivan-sincek","download_url":"https://codeload.github.com/ivan-sincek/browser-extension-automation/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248088387,"owners_count":21045703,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","browser-extension","brute-force","bug-bounty","chrome","chrome-extension","chromium","end-to-end-testing","ethical-hacking","fuzzing","offensive-security","penetration-testing","playwright","python","quality-assurance","security","web"],"created_at":"2024-09-24T19:35:44.480Z","updated_at":"2025-04-09T18:35:10.595Z","avatar_url":"https://github.com/ivan-sincek.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Browser Extension Automation\n\nRun a browser extension in a sandboxed web browser, completely isolated from your main / daily web browser, and without any fear of corrupting or loosing your real data.\n\nWhom is this script intended for?\n\n* Software engineers for unit testing purposes.\n* Quality assurance engineers for quality control purposes.\n* Product owners for demonstration purposes.\n* Cybersecurity engineers for security testing purposes.\n\nFor demonstration purposes, this script is based on [MetaMask](https://chromewebstore.google.com/detail/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn) (v11.13.1) browser extension for Chrome web browser, but can easily be modified to suit all of your needs.\n\n__As of this writing, Playwright only supports Chromium browser extensions.__\n\nTested on:\n\n* macOS Sonoma 14.0\n* Windows 10 Pro and Windows 11 Pro\n* Kali Linux 2024.1 (Debian)\n\nMade for educational purposes. I hope it will help!\n\nFuture plans:\n\n* add more security related flows.\n\n## Table of Contents\n\n* [How to Run](#how-to-run)\n * [Environment Setup](#environment-setup)\n * [Manually Load a Browser Extension](#manually-load-a-browser-extension)\n* [For Developers](#for-developers)\n* [Usage](#usage)\n* [Images](#images)\n\n## How to Run\n\nOpen your preferred console from [/src/](https://github.com/ivan-sincek/browser-extension-automation/tree/main/src) and run the commands shown below.\n\nInstall required packages:\n\n```fundamental\npip3 install -r requirements.txt\n```\n\nInstall Chromium web browser:\n\n```fundamental\nplaywright install chromium\n```\n\nMake sure each time you upgrade your Playwright dependency to re-install Chromium web browser.\n\nInstall [MetaMask](https://chromewebstore.google.com/detail/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn) to your main / daily web browser.\n\nRun the script:\n\n```fundamental\npython3 automation.py\n```\n\n### Environment Setup\n\nTo set up a sandboxed environment, run:\n\n```fundamental\npython3 automation.py -s my_automation_session\n```\n\nIf `-s` option is not specified, a new random user session directory will be created in your current working directory; otherwise, do the setup in your desired directory.\n\nIf `-e` option is not specified, the script will try to locate, copy, and load the copied browser extension for you based on the identifier; otherwise, do the same from the directory you specified.\n\nIf `-t` option is not specified, the script will open a web browser and only load the browser extension.\n\n__To continue using the same browser session, simply run the above command again.__\n\n__If you wish to update your browser extension, then, inside your `my_automation_session` directory, delete the `browser_extension` directory and simply run the above command again.__\n\nIf a browser extension already exists in your user session directory, you will be prompted to overwrite it.\n\n## Manually Load a Browser Extension\n\nUnpack your desired Chrome browser extension, then, load the `dist` directory:\n\n```fundamental\npython3 automation.py -s my_automation_session -e dist --dev\n```\n\n__To switch the internal script settings to the development environment, add `--dev` option.__\n\n## For Developers\n\n* [Generic Building Blocks \\(Single Action\\)](https://github.com/ivan-sincek/browser-extension-automation/blob/main/src/automation.py#L279)\n* [Generic Building Blocks \\(Multiple Actions\\)](https://github.com/ivan-sincek/browser-extension-automation/blob/main/src/automation.py#L355)\n* [Webhook Building Blocks \\(Collaborator Server / Email Service\\)](https://github.com/ivan-sincek/browser-extension-automation/blob/main/src/automation.py#L395)\n* [MetaMask Flows](https://github.com/ivan-sincek/browser-extension-automation/blob/main/src/automation.py#L447)\n\nFollow the comments inside the source code for more information.\n\n## Usage\n\n```fundamental\nAutomation v1.1 ( https://github.com/ivan-sincek/browser-extension-automation )\n\nUsage: python3 automation.py [-b browser] [-s session] [-e extension] [-i identifier] [-p password] [-t test] [-v value] [-w wait] [--dev] [-x proxy]\n\nDESCRIPTION\n Browser extension automation script\nBROWSER\n Browser to run\n Default: chromium\n -b, --browser = chromium\nSESSION\n User session directory\n Default: random\n -s, --session = my_automation_session | etc.\nEXTENSION\n Browser extension directory\n Default: auto-located based on the identifier\n -e, --extension = dist | \"/Users/john.doe/Library/Application Support/Google/Chrome/Default/Extensions/nkbihfbeogaeaoehlefnkodbefgpgknn/11.13.1_0\" | etc.\nIDENTIFIER\n Browser extension identifier\n Default: nkbihfbeogaeaoehlefnkodbefgpgknn\n -i, --identifier = nkbihfbeogaeaoehlefnkodbefgpgknn | etc.\nPASSWORD\n Browser extension setup and unlock password\n Default: Password123!\n -p, --password = my_password | etc.\nTEST\n Test to run\n Default: open\n -t, --test = open | create | existing | unlock | brute_force_unlock | idle_lock | access_control\nVALUE\n Pass an extra value to a specific test\n Tests:\n existing: pass a mnemonic\n unlock: pass a [wrong] password\n unlock_brute_force: pass a wordlist\n access_control: pass a lock state\n -v, --value = \"w1 w2 ... w12\" | WrongPassword123! | wordlist.txt | locked | unlocked | etc.\nWAIT\n Wait time between browser actions\n Default: 2\n -w, --wait = 2 | etc.\nDEVELOPMENT\n Switch the internal script settings to the development environment\n -d, --dev\nPROXY\n Web proxy to use\n -x, --proxy = http://127.0.0.1:8080\nHELP\n Display this help message\n -h, --help\n```\n\n## Images\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://github.com/ivan-sincek/browser-extension-automation/blob/main/img/metamask_create_wallet.jpg\" alt=\"MetaMask Create Wallet\"\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003eFigure 1 - MetaMask Create Wallet\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://github.com/ivan-sincek/browser-extension-automation/blob/main/img/metamask_access_control_locked.jpg\" alt=\"MetaMask Access Control (Locked)\"\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003eFigure 2 - MetaMask Access Control (Locked)\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fivan-sincek%2Fbrowser-extension-automation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fivan-sincek%2Fbrowser-extension-automation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fivan-sincek%2Fbrowser-extension-automation/lists"}