PERS - The Passive Expired Resource Scanner

PERS - The Passive Expired Resource Scanner插件简介

PERS - The Passive Expired Resource Scanner插件描述

A Chrome extension which detects expired domains in webpage resources (such as external images, CSS,  JavaScript) while you browse. Once detected it alerts you to the details  offers multiple ways to verify that the domain is expired. These vulnerabilities often allow f hijacking of the vulnerable webpage.

Useful f penetration testers  audits who wish to automatically identify these vulnerabilities passively while they browse.

Reason f various permissions requested by extension:
* webRequest: Required to hook the onErrOcurred function in Chrome to detect when a resource load has resulted in a netwk err occurring (e.g. "net::ERR_NAME_NOT_RESOLVED").
* webRequestBlocking: Required to block  add headers f certain domain availability querying APIs (e.g. add Origin header).
* : Required because we have to be able to detect failed netwk loads f resources from any domain/URL.
                                

PERS - The Passive Expired Resource Scanner插件离线安装方法

1.首先用户点击谷歌浏览器右上角的自定义及控制按钮，在下拉框中选择设置。

2.在打开的谷歌浏览器的扩展管理器最左侧选择扩展程序或直接输入：chrome://extensions/

3.找到自己已经下载好的Chrome离线安装文件xxx.crx，然后将其从资源管理器中拖动到Chrome的扩展管理界面中，这时候用户会发现在扩展管理器的中央部分中会多出一个”拖动以安装“的插件按钮。

4.下载 PERS - The Passive Expired Resource ScannerChrome插件v0.0.2版本到本地。

5.勾选开发者模式，点击加载已解压的扩展程序，将文件夹选择即可安装插件。

注意：最新版本的chrome浏览器直接拖放安装时会出现“程序包无效CRX-HEADER-INVALID”的报错信息，参照这篇文章即可解决