Welcome to the new design! Please report any bugs or issues, thanks :)
Web Dev + WordPress + Security
BBQ Pro: Block Bad Queries
BBQ Pro: The fastest firewall to protect your WordPress.

Hacking Firefox Extensions

Firefox extensions enable users to customize Firefox with additional features. Generally, Firefox extensions are free, open-source, and easily downloaded as .xpi files. This article explains how to hack Firefox extensions of the .xpi variety. There are many reasons why someone would want to hack a Firefox extension — examples include: editing code, debugging errors, and learning extensions. This hack method requires a web browser, zip utility, and your favorite text editor.

Step 1: Secure an extension

By default, the Firefox browser will cache and attempt to install any "extension.xpi" file it encounters. Once Firefox installs the plugin, it becomes much more complicated to hack. Therefore, it is best to save an offline copy of the extension. This is easily accomplished with a browser such as IE that does not automatically install the extension, but rather provides an option to save a copy. With IE, simply right-click the extension.xpi link and "Save Target As..". Regardless of the method, the point here is to secure a local copy of the extension.xpi file. Remember to make a backup copy.

Step 2: Initial extraction

Once you have a willing extension.xpi file, open it with a zip utility and extract the files into some directory, say, "/xpicontents/". Within the /xpicontents/ directory there should be at least a "chrome" folder, an "install.rdf" file, and a "licence.txt" file. Certain extensions may include additional and/or different files or folders. If anything looks too unfamiliar, extrapolate the method or find a different extension to use as you follow along.

Step 3: Editing the .rdf file

At this point, you have everything needed to edit the install.rdf file. Simply open the file in a text editor, make/save changes, zip the contents of /xpicontents/ into a new file, and change the file extension from .zip to .xpi. On the other hand, editing virtually any other aspect of the extension — JavaScript, CSS, (X)HTML — requires further digging.

Step 4: Hacking the .jar file

Located within the chrome folder, the "something.jar" file contains a variety of files, including JavaScript, CSS, (X)HTML, etc. Most extension editing will ultimately find its way to one of the files contained within the extension’s .jar file. So, to begin, rename the something.jar file to "something.jar.zip". Then, using a zip utility, open the something.jar.zip file and extract its contents into a unique directory, say, "/jarcontents/". Within the /jarcontents/ directory there should be at least two folders, "content" and "skin". Now, dive into the contents folder (or the skin folder, if needed) and edit, hack, and tweak the files to your heart’s content.

Step 5: Repacking the extension

After the necessary edits have been made, it is time to put humpty back together again. The first step is to replace the original contents of the something.jar.zip file with the freshly edited contents. To do this, select both content and skin folders (or whichever contains the edited material), right-click and add the selected folders to the something.jar.zip file located within the /jarcontents/ directory. Then, rename something.jar.zip back to something.jar.

At this point, you are ready to (re)package the chrome folder, install.rdf file, and license.txt file into a new .zip file, which we will call "hacked-extension.zip". To do this, simply select all three items and zip them into a new file named hacked-extension.zip. Finally, rename hacked-extension.zip to match exactly the name of the original extension, extension.xpi.

Step 6: Installation and testing

Once the necessary edits have been made, it is time to install the extension. Open Firefox, drag-and-drop the extension, and click OK to install. Restart Firefox, activate the extension, and check its functionality. Lather, rinse, repeat. It may be a good idea to test the hacked extension under a variety of different user conditions. Or not. Whatever. At this point, it’s entirely up to you. You may also want to save a copy of the original extension together with your hacked extension along with a few notes, just in case.

Well that’s it for now — thank you for your gracious attention. God bless.


  • Hacking Firefox Extensions Book (404 link removed)
  • GUID Generator Web Service (404 link removed)

Jeff Starr
About the Author
Jeff Starr = Designer. Developer. Producer. Writer. Editor. Etc.
WP Themes In Depth: Build and sell awesome WordPress themes.

9 responses to “Hacking Firefox Extensions”

  1. This is helpful. Thank you.

  2. Jeff Starr
    Perishable 2008/02/26 5:32 pm

    Thank you, rutro — I appreciate the feedback! ;)

  3. MontanaMax 2008/04/15 5:55 pm

    Sweet – this worked perfectly. I now have my DownloadManagerTweak running in Firefox 3.x beta. Thanks!

  4. Jeff Starr
    Perishable 2008/04/16 7:46 am

    Excellent! Glad to be of service. Thank you for the feedback :)

  5. Thanks for the help. Been very useful! Had to tweak an add-on so it would install even on Firefox 3, as the maximum version was 2.0 that wouldn’t work obviously but I tweaked the file and voila, works just great.

  6. Jeff Starr
    Jeff Starr 2008/09/28 8:03 am

    Great to hear, Joey! I am glad the article was useful for you :)

  7. As of Nov 2008, there is a Extension by the name of FEBE that makes this story unnecessary.

  8. Jeff Starr
    Jeff Starr 2008/11/16 9:03 pm

    Hi Mike, thanks for the comment, however I disagree that a new extension makes this article unnecessary. It’s one thing to use use an extension, and quite another to actually understand how it works..

  9. Just wanted to say thanks for this article. I bookmarked it a while ago in case I needed to tweak any Firefox 2.x-only add-ons to get them working with 3.x Firefox releases.

    This week I stumbled upon an add-on I had used in v2.x all the time – ConQuery – and using this info I got it working with v3.0.5 in about 2min. =)

    Thanks again!

Comments are closed for this post. Something to add? Let me know.
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
USP Pro: Unlimited front-end forms for user-submitted posts and more.
Never force your users to type out a password (or any long string of characters) by blocking the paste function. Typing long strings leads to MORE errors than simple copy/paste.
Checking in to anyone listening. Stay safe. Pay attention. Don't get lazy.
What's up with Plesk UI lately? Especially on Chrome it looks just awful, all kinds of broken. Come on Plesk devs get it together.
Things get stressful, I try to pray. Not always easy, but always helps to relax and regain focus.
Nice new speed checker at fastorslow.com.
Easy way to exclude certain tests from WP Site Health: Site Health Tool Manager
Excellent (and free) tool for getting tons of site SSL infos: whynopadlock.com