Chrome extension run before page load - javascript

I have a idea for a chrome extension that does "kill switch" the connection to the specified domains before connection established. The core idea of this is that I use PAC proxy on Chrome to assign proxies to domains, while browsing, I don't want to access to, let's say facebook.com, with the real IP address, but only with the proxy IP, but in the case the PAC script didn't work, I want to have a backup. So, I need to run the extension script before the load, not on document_start. Possible? (if it's not possible I want to try other way around like using OS level firewall or something, it should be worked. but prefer Chrome level since while I don't want to access to facebook.com on chrome profile A with the bare IP, I may want to access to facebook.com on chrome profile B with the bare IP.)

Related

Block specific browser without using User-Agent

React app. I want to block specific browser (Kiwi Mobile) from my site. But i can't use User-Agent header, because people, who using site also using chrome extension, which change User-Agent in requests. So, is there any other ways to get browser info?
I tried to detect extension, but it works like a VPN extension: intercepts requests and then send changed data to my servers. I blocked an extension IP in Cloudflare, but it works only for a week, then they start using proxy servers, and detect all proxy servers is nearly impossible.
I need to block using this browser by React app (just not load the page if it is a kiwi browser). Or maybe, block it by cloudflare, if it's possible

Detect 3rd party extension from client

This has been a bit hard to find, given Chrome has changed its API a lot so have found outdated suggestions. And what's not outdated is from the POV of writing an extension
Our js app is having trouble when some users have a specific chrome Extension installed. We want to warn users of potential issues if it sees that extension is present in the users browser.
This extension loads a single content-script and runs in the background. It doesn't have an open connection, exposure variables to the clients window or anything advanced.
Is there a way the client can ping or check for this script?
For instance, I tried using fetch of the chrome-extension:// manifest - same via a script tag loading the extensions main.js but those don't work, chrome complaining it can't load the asset (presumably a permissions issue)
Is it even possible?

How to whitelist custom port entry so Chrome offers the options to enable Camera and Mic

I added a custom port in etc/hosts file
127.0.0.1 testlocalhost.com
When launch server(http not https) from this port, I noticed Chrome banned Camera and Mic permissions, and threw
getUserMedia() no longer works on insecure origins
When launch from localhost directly, I can change these 2 permissions although still seeing Your connection to this site is not secure warning.
I was wondering if it's possible to whitelist the custom port.
thanks!!!
(When test in Firefox, it still gives me the options to change Camera and Mic permissions.)
Right in the error message you must have had, there is a link to this page, where there is a paragraph about Testing Powerful Features which enumerates a few options, and among them,
You can run chrome with the --unsafely-treat-insecure-origin-as-secure="http://example.com" flag (replacing "example.com" with the origin you actually want to test), which will treat that origin as secure for this session. Note that on Android and ChromeOS this requires having a device with root access/dev mode. (This flag is broken in Chrome 63 but fixed in Chrome 64 and later. Prior to Chrome 62, you must also include the --user-data-dir=/test/only/profile/dir to create a fresh testing profile for the flag to work.)
So you just have to start Chrome from command lines with the flag --unsafely-treat-insecure-origin-as-secure="http://testlocalhost.com"
Short answer is no - you cannot bypass the saved word localhost with an IP address which represents it. The reason is that Google Chrome uses the actual word localhost to detect develper debugging and allow using getUserMedia via HTTP. All other addresses, regardless if they represent localhost or not, are only allowed to use getUserMedia via HTTPS or WSS.
Like above post answered, I can run chrome with flag by chrome://flags/ in search bar, search flag: insecure origins treated as secure, enable it, and add your custom ports there, separate with ,

Embedded Devices - Javascript Debugging

I work on embedded devices but am not able to install any software on them (e.g. programs like gdbserver are out). I need to monitor javascript events on those browsers. For example, if we run a web app on the EWB, the device it's on might have a keyboard pop-up. I need a way to see what triggers this event.
I am thinking along the lines of perhaps embedding something into the HTML or javascript that automatically reports any events back to a workstation somewhere.(I already have logs, but they are not live and it's difficult to pinpoint what happens - even beartailing them... wish I could have something like Firebug, but since it's embedded I can't)
Has anyone seen anything along those lines?
To get a debug connection to a web app or page running on a remote device:
Install vorlon using npm
Download ngrok
Start the vorlon server, the server port will probably be localhost:1337 and the following steps assume this
From a terminal/command prompt run ngrok with ngrok http 1337 and it should report an ip address for the other end of the tunnel, something like def01234.ngrok.io available via http and https.
Instead of the local script tag which vorlon suggests, use the remote ngrok address, e.g. <script src="https://def01234.ngrok.io/vorlon.js"></script>. ngrok exposes both http and https - as this is over the public internet I would strongly recommend using a secure connection.
Log onto the vorlon server on your local machine.
If the above test works you are going to want to do two more things:
Get an account at ngrok (or an alternative secure tunnel service) to get a fixed address.
Configure vorlon authentification according to the instructions on this page. By default it is insecure so ANYBODY with the exposed ngrok address could log onto the dashboard and mess with your embedded devices.

How to allow Chrome to access my camera on localhost?

I cloned a project about real-time image processing on a web browser from this link:
Then I could not allow my browser to access my camera.
I got this javascript alert:
Uh-oh, the webcam didn't start. Do you have a webcam? Did you give it
permission? Refresh to try again.
And the allow button is not shown as if I access his site.
To ignore Chrome’s secure origin policy, follow these steps.
Navigate to chrome://flags/#unsafely-treat-insecure-origin-as-secure in Chrome.
Find and enable the Insecure origins treated as secure section (see below).
Add any addresses you want to ignore the secure origin policy for. Remember to include the port number too (if required).
Save and restart Chrome.
I found solution from below link.Hope it will help to someone
https://medium.com/#Carmichaelize/enabling-the-microphone-camera-in-chrome-for-local-unsecure-origins-9c90c3149339
Are you accessing the webpage that is served over HTTP, on localhost? If you are accessing it from http://localhost/... , Chrome will ask for your permission to use the camera.
If you are opening the web page directly, i.e. /Users/Methuz/Documents/index.html then it will not work, even if you explicitly allows it permission
In this case, the workaround I use is to host the HTML file on a webserver. A quick hack is to use python, in the folder where the HTML page is lcoated: python -m SimpleHTTPServer
Step 1:
Find your chrome preferences file:
http://www.forensicswiki.org/wiki/Google_Chrome#Configuration
Step 2:
Open it and Find the "profile" key
Step3:
Under profile there will be a "content_settings" hash, that will have a "pattern_pairs" hash
Add this to it:
"*,*": {
"media-stream-camera": 1
}
Final example:
"profile": {
....
"content_settings": {
....
"pattern_pairs": {
"*,*": {
"media-stream-camera": 1
},
....
}
}
}
WARNING: This will allow all websites access to your camera
Chrome now only allows https:// servers to persistent list (version 39.xx)
https://support.google.com/chrome/answer/2693767?hl=en
Allow: This allows the site to access your camera and microphone at this time and a notification will appear confirming that you’ve granted access. If you select Allow on a "http" URL your preference will not be remembered in future visits. If you select Allow on a "https" URL, your preference will be remembered in future visits.
Maybe this link helps to set your local secure server if you are using Wamp.
http://forum.wampserver.com/read.php?2,32986
Then you can add your local server to persistent allow list of chrome.
Got this problem for days, only this helped:
Reinstall Chrome by removing configuration as well. And try not to sync all the extensions, as they may interfere.
sudo apt-get purge google-chrome-stable
rm -rf ~/.config/google-chrome
Then install from official.
Another solution is to use iframe tag. Jest deploy your page on server (localhost or external) and include it in your local html.
Example:
<iframe src="http://localhost/your_project/index.html"></iframe>
Chrome on HTTP or any other port won't save the preference of Camara share choice.
To save the selection you will need to run on HTTPs, even if you don't have SSL certificate on localhost that fine. Just add https before the localhost url and it will ask you its unsafe, if you want to proceed add it as an exception under Advance options. Do that and then Chrome will save you camera sharing preference for this website. and won't ask you to select allow
You can choose a different default permission setting and manage exceptions in Content settings.
Click the Chrome menu Chrome menu on the browser toolbar.
Select Settings.
Click Show advanced settings.
In the "Privacy" section, click Content settings.
In the "Media" section:
* Ask me when a site requires access to my camera and microphone: Select this option if you want Chrome to alert you whenever a site requests access to your camera and microphone.
* Do not allow sites to access my camera and microphone: Select this option to automatically deny any site requests to access your camera and microphone.
Or click Manage exceptions to remove previously-granted permissions for specific sites.
Source: https://support.google.com/chrome/answer/2696491?hl=en
P/D: the link you provided has an error. I can't access.
Open localhost/webcam.swf
then right click on the flash file then allow the webcam and tick remember
that will add exception for localhost

Categories

Resources