14828 Browser Security Project
Our paper can be found in paper directory. To make the paper, install TeX Live and run:
cd paper
make
The paper will be generated in paper/paper.pdf
. You can find a copy of the
paper generated by GitHub Actions in
https://github.com/lxylxy123456/14828/blob/pdf/paper-master.pdf.
We provide a demonstration of the attack we study. The demo should run on any UNIX-like environment that has Python and Chromium installed. Chromium must support manifest V2.
One example configuration we use is Chromium 69 (64-bit) with AdBlock Plus 3.2. The Python version is 3.9.2, with Flask and Werkzeug version 2.2.3. We use Debian 11 with Linux kernel 5.10 as the operating system.
Demo video: https://youtu.be/BWSP0y8dz88
We use Flask as the backend. We modify /etc/hosts
to create two websites.
Setup:
sudo apt-get install python3-pip
sudo pip3 install flask
echo '127.148.28.1 attacker.local' | sudo tee -a /etc/hosts
echo '127.148.28.2 victim.local' | sudo tee -a /etc/hosts
In one shell, start the attacker website:
cd attacker
flask --app attacker.py run -h attacker.local -p 8080
In another shell, start the victim website:
cd victim
flask --app victim.py run -h victim.local -p 8080
The attacker website can be accessed at http://attacker.local:8080/. The victim website can be accessed at http://victim.local:8080/.
First, install Chromium. Make sure the Chromium version supports manifest V2. If you want to an old version of Chromium, ./lxy-notes/README.md#Chromium contains some useful links and hints.
Second, install old version of AdBlock Plus extension for Chrome / Chromium. The version range is 3.2 - 3.5.1 (inclusive). You can likely find this in Crx4Chrome: https://www.crx4chrome.com/history/31928/. For reproducibility, we archive AdBlock Plus version 3.2 at: https://web.archive.org/web/20230424203100/https://f6.crx4chrome.com/crx.php?i=cfhdojbkjhnklbpkdaibdccddilifddb&v=3.2.
Third, open AdBlock Plus Options, and add
http://attacker.local:8080/filter-list
to the filter lists. Each time when
the attacker website changes the filter list, the victim browser needs to
update the filter list in the AdBlock Plus extension.
The software in this project is licensed under GNU Affero General Public License, Version 3 (LICENSE). The paper is licensed under CC BY-SA 4.0.