Closed abrahamjuliot closed 2 years ago
Firefox addons can be targeted and identified through JS and CSS behavior detection, but (as far as I know) the limit with this method is the behavior is not consistent across sites and the code is subject to change. But, with this method, it would still be easy to rate the probability of the extension being used based on known behavior.
Source viewer: https://chrome.google.com/webstore/detail/chrome-extension-source-v/jifpbeccnghkjeaalbbjmodiffmgedin
Popular:
Google Translate Adobe Acrobat Tampermonkey Avast Online Security Adblock Plus Adblock uBlock Origin Pinterest Save Button Cisco Webex Grammarly for Chrome Skype Avast SafePrice Honey
Bitwarded (3K+ stars): chrome-extension://nngceckbapebfimnlniiiahkandclblb/images/icon38.png
Zoom Scheduler (900+ stars): chrome-extension://kgjfgplpablkjnlkjmjdecgdpfankdle/images/icon.svg
Top categories:
https://chrome.google.com/webstore/category/ext/7-productivity
uBO filters (cosmetic)
<div class="glx-teaser">glx-teaser</div>
<div class="inplayer-ad">inplayer-ad</div>
<div class="inplayer_banners">inplayer_banners</div>
<div class="in_stream_banner">in_stream_banner</div>
<div class="dbanner">dbanner</div>
<div class="preroll-blocker">preroll-blocker</div>
<div class="happy-inside-player">happy-inside-player</div>
<div>safe</div>
This can also be used to detect Chromium vs Chrome. The official Chrome build comes with a couple of extensions such as the cast one.
in Firefox what is shifted, or added, after constructor
in iframe.contentWindow properties can be very telling
here is AdBlocker Ultimate
(2nd highest number of users on Firefox)
"Array"
​"Element"
​"HTMLElement"
​"HTMLFrameElement"
​"HTMLIFrameElement"
​"HTMLObjectElement"
​"RTCPeerConnection"
​"String"
​"WeakSet"
​"decodeURI"
"decodeURIComponent"
​"encodeURI"
​"encodeURIComponent"
​"escape"
​"unescape"
Nice. I might use that. I'm looking for a 2nd detection method to improve the current technique I'm working on in 8a8917d. Right now the section is focused on detecting resistance but it also detects extensions based on unique patterns in prototype lie details and relies on a stable set of APIs present with minimal extension settings.
here is
AdBlocker Ultimate
(2nd highest number of users on Firefox)
NFI why it came up as No. 2, it's actually No. 7. Adblock Plus
is No. 1 and has the same result
Initial concept is live at https://abrahamjuliot.github.io/creepjs/tests/extensions.html
Detecting extensions in a chromium browser is rather candid. The
manifest.json
file can be viewed in a non-incognito window and underweb_accessible_resources
, the paths here are public, and then the list of public files can be obtained from the system folder.For example, this will detect Grammarly
Chrome Profile Path is at chrome://version/
Steps to obtain resources:
chrome-extension://chlffgpmiacpedhhbkiomidkjlcfhogd/manifest.json
web_accessible_resources
How to get webstore links
https://chrome.google.com/webstore/category/collection/wfh
[...document.querySelectorAll('.webstore-test-wall-tile a')].map(x => x.href)
Concept