Run a browser extension in a sandboxed web browser, completely isolated from your main / daily web browser, and without any fear of corrupting or loosing your real data.
Whom is this script intended for?
- Software engineers for unit testing purposes.
- Quality assurance engineers for quality control purposes.
- Product owners for demonstration purposes.
- Cybersecurity engineers for security testing purposes.
For demonstration purposes, this script is based on MetaMask (v11.13.1) browser extension for Chrome web browser, but can easily be modified to suit all of your needs.
As of this writing, Playwright only supports Chromium browser extensions.
Tested on:
- macOS Sonoma 14.0
- Windows 10 Pro and Windows 11 Pro
- Kali Linux 2024.1 (Debian)
Made for educational purposes. I hope it will help!
Future plans:
- add more security related flows.
Open your preferred console from /src/ and run the commands shown below.
Install required packages:
pip3 install -r requirements.txt
Install Chromium web browser:
playwright install chromium
Make sure each time you upgrade your Playwright dependency to re-install Chromium web browser.
Install MetaMask to your main / daily web browser.
Run the script:
python3 automation.py
To set up a sandboxed environment, run:
python3 automation.py -s my_automation_session
If -s option is not specified, a new random user session directory will be created in your current working directory; otherwise, do the setup in your desired directory.
If -e option is not specified, the script will try to locate, copy, and load the copied browser extension for you based on the identifier; otherwise, do the same from the directory you specified.
If -t option is not specified, the script will open a web browser and only load the browser extension.
To continue using the same browser session, simply run the above command again.
If you wish to update your browser extension, then, inside your my_automation_session directory, delete the browser_extension directory and simply run the above command again.
If a browser extension already exists in your user session directory, you will be prompted to overwrite it.
Unpack your desired Chrome browser extension, then, load the dist directory:
python3 automation.py -s my_automation_session -e dist --dev
To switch the internal script settings to the development environment, add --dev option.
- Generic Building Blocks (Single Action)
- Generic Building Blocks (Multiple Actions)
- Webhook Building Blocks (Collaborator Server / Email Service)
- MetaMask Flows
Follow the comments inside the source code for more information.
Automation v1.1 ( https://github.com/ivan-sincek/browser-extension-automation )
Usage: python3 automation.py [-b browser] [-s session] [-e extension] [-i identifier] [-p password] [-t test] [-v value] [-w wait] [--dev] [-x proxy]
DESCRIPTION
Browser extension automation script
BROWSER
Browser to run
Default: chromium
-b, --browser = chromium
SESSION
User session directory
Default: random
-s, --session = my_automation_session | etc.
EXTENSION
Browser extension directory
Default: auto-located based on the identifier
-e, --extension = dist | "/Users/john.doe/Library/Application Support/Google/Chrome/Default/Extensions/nkbihfbeogaeaoehlefnkodbefgpgknn/11.13.1_0" | etc.
IDENTIFIER
Browser extension identifier
Default: nkbihfbeogaeaoehlefnkodbefgpgknn
-i, --identifier = nkbihfbeogaeaoehlefnkodbefgpgknn | etc.
PASSWORD
Browser extension setup and unlock password
Default: Password123!
-p, --password = my_password | etc.
TEST
Test to run
Default: open
-t, --test = open | create | existing | unlock | brute_force_unlock | idle_lock | access_control
VALUE
Pass an extra value to a specific test
Tests:
existing: pass a mnemonic
unlock: pass a [wrong] password
unlock_brute_force: pass a wordlist
access_control: pass a lock state
-v, --value = "w1 w2 ... w12" | WrongPassword123! | wordlist.txt | locked | unlocked | etc.
WAIT
Wait time between browser actions
Default: 2
-w, --wait = 2 | etc.
DEVELOPMENT
Switch the internal script settings to the development environment
-d, --dev
PROXY
Web proxy to use
-x, --proxy = http://127.0.0.1:8080
HELP
Display this help message
-h, --help
Figure 1 - MetaMask Create Wallet
Figure 2 - MetaMask Access Control (Locked)