Chrome extensions are essentially additional pieces of javascript & css code running along with the ones supplied by the website. While they do enhance the fuctionality of website(s), in order to undestand how exactly are they able to do what they do, and to confirm that they are not doing aything malicious in the background (like sending your session cookies to a remote server) we need to be able to inspect the code encapsulated in the extension.

There are essentially two steps in doing the above mentioned.

Step 1 is procuring the CRX file which is the file format for a chrome extension.

Step 2 is finding the javascript code contained within.

Procuring the CRX File

There are 3 methods of obtaining a CRX file.

First Method

The first and the easiest method of procuring the CRX file is by using a site

Just search for the target extension on the chrome extension portal and paste the url of the chrome extension in the input box in the above site and your download will begin right away.

Second Method

Second method involves downloading a chrome extension which in turn helps us download extensions from the web store. It can be downloaded from here

Once this extension is installed a bright yellow CRX icon will appear. Upon clicking it will present with the option to download the CRX or view its source.

Third Method

The third method involves some manual work. In this method we need to construct the URL ourselves.

There is a base URL, part of which needs to be replaved with the ID of the chrome extension.

The base URL is***%26installsource%3Dondemand%26uc

The *** need to be replaced with the ID of the chrome extension. For example in the extension

The ID of the extension is jifpbeccnghkjeaalbbjmodiffmgedin

Which makes the full URL as

Now that we have covered how to download the extension let move on to know how to analyse the source code.

Acquiring the source code

We can acquire the source code in two ways. Either we can use the extension discussed earlier. Using this extension we can view the source code of an extension in the browser itself or Choose to download it as a ZIP.

The other method involves removing the first few bytes of the CRX file to segregate the headers so that we are only left with the zip file.

That part is explained well in here (click to view) :

Structure of a chrome extension

We need to first find the first occurance of PK in the hex dump of the CRX file. Then we need to skip the bytes before that and move the rest of it to a new output file.

Assuming the offset is hex 132, input file is extension.crx and the output file we need is We need to run the following command on a unix based machine.

dd if=extension.crx skip=00x132 bs=1

You can read more about the dd command by typing man dd inside terminal.

The can be unzipped using the unzip command which reveals all the source code of the extension. This in turn can be modified and repacked in case you want to tweak your extension.

Bugs or Hugs tweet to @detrapdoor