Turn any Chrome extension into white box.
Learn from code. Debug. Pentest it!
How to use CRX Extractor?
- Drop the
.crx
file into the placeholder - Wait until it gets processed
- Click "Download" and get source code of Chrome extension as .zip archive with all related metadata
How to get .crx Chrome Extension File?
- Head your browser to Chrome WebStore
- Find an extension you'd like to save and copy the URL from the address bar of your browser
- Paste the link to the right pane on CRXExtractor and click "OK". Then click the appeared button. The download should start immediately.
How CRX Extractor works?
To get a Chrome Extension source code, the utility parses the provided .crx file, extracts 'magic' header and the stored code signature.
Along with meta-data, the .crx file contains .zip-archive. This archive contains the extension manifest, source code, popup.html and all related source files.
CRX Extractor has been created with the help
of an official Google documentation describing
.crx
Chrome Extensions file format.
Want to know more about this tool and about the .CRX file format? Check out the about page!
Motivation
The problem of Chrome Extensions security is well-known. Extensions have enormous power, because they allowed to access history and cookies of your browser and even change the content of the page you see. This opens a huge amount of vectors for fishing attacks, cookie stuffing and even spyware, opening up opportunities for malicious code to exploit your network resources.
Attackers can track your behaviour in Internet and your geolocation as well. They can steal your Facebook account or authentication cookies for online banking site you trust.
The fact that the .crx
format documented doesn't make
it easy to manipulate. That's why this tool was created.
If you get Chrome Extension source code from .crx, you get unchained in researching it's behaviour, find a malicious code, and easily learn from code to build better user experiences and improve Chrome browser use cases and defend yourself.
Learn more
- Learn how to create your first Chrome Extension
with Getting Started guide - Packaging of a Chrome Extension into .crx
- Google Chrome Extensions: 6 Security Facts
Privacy and personal data
Get Chrome Extension source code without any advanced tools. CRXExtractor turns the extraction into an automated process accomplished solely on the browser side. This means that we do not store any of your personal data or usage patterns.
However, CRXExtractor use third-party tools to improve the quality of service. Please read carefully privacy info pages of Google Analytics and Google AdSense.
Copyrights notice
The .crx extractor itself is distributed as is, under terms of GNU GPL v3. To obtain a source code of the tool, use the GitHub link from the footer.
Please use all the data you obtain using the tool with the respect to assigned copyrights. Don't redistribute or modify obtained content if you aren't permitted to act.
Communicate
We are at the ProductHunt and Twitter! Rate us, follow us, suggest us a better idea!
Follow @CRXExtractor