Get .crx Chrome Extension file and extract source code in one click

Turn any Chrome extension into white box.
Learn from code, debug and pentest it!

How to use it?

  1. Drop the .crx file into the placeholder
  2. Wait until it will be processed
  3. Click "Download" and get source code as .zip archive with all related metadata

How to get .crx Chrome Extension File?

  1. Head your browser to Chrome WebStore
  2. Find an extension you want to save, then copy a link from the address line of your browser
  3. Paste copied link to the field in the right pane and click "OK". Then click appeared button. The download will start immediately.

How that works?

CRX Extractor has been created with the help  of an official Google documentation describing .crx Chrome Extensions file format.

To get a Chrome Extension source code, the utility parses the provided .crx file, extracts 'magic' header and stored code signature.

Along with meta-data, the .crx file contains .zip-archive. This archive contains the extension manifest, source code, popup.html and all related source files.

Want to know more about this tool and about the .CRX file format? Check the about page!

Motivation

The problem of Chrome Extensions security is well-known. Extensions have enormous power, because they allowed to access history and cookies of your browser and even change the content of the page you look at. This opens a huge amount of vectors for fishing attacks and spyware, opening opportunities for a lot kinds of malicious code.

Attackers can track your behaviour in Internet and your geolocation as well. They can steal your Facebook account or authentication cookies for online banking site you use.

The fact that the .crx format documented doesn't make it easily to manipulate. That's why this tool was created.

If you get Chrome Extension source code from .crx, you may research it's behaviour, find a malicious code, and easily learn from code to build better user experiences and improve Chrome browser use cases and defend yourself.

Learn more

  1. Learn how to create your first Chrome Extension
    with Getting Started guide
  2. Packaging of a Chrome Extension into .crx
  3. Google Chrome Extensions: 6 Security Facts

Privacy and personal data

The service allows you to easily get Chrome Extension source code without need in using advanced tools like hex-editor, turning the extraction into an automated process. Furthemore, this tool doesn't use any server-side code and operates only on the side of a browser. It doesn't store any of your personal data, protecting your privacy and rights.

Copyrights notice

The .crx extractor itself is distributed as is, under terms of GNU GPL v3. To obtain a source code of the tool, use the GitHub link from the footer.

Please use all the data you obtain using the tool with the respect to assigned copyrights. Don't redistribute or modify obtained content if you aren't permitted to act.

Communicate

We are at the ProductHunt and Twitter! Rate us, follow us, suggest us better idea!


“Once you have a malicious extension in your Chrome browser,
you're pretty much f***ed!”

Felix Lindner, Head of Recurity Labs, photo by Die Welt Felix Lindner
Head of Recurity Labs, at BlackHat Europe