A Chrome extension that intercepts all form submissions on all websites

I changed the Chromium browser (as a masters project) to intercept suspicious extension actions like inserting elements etc and to alert users of what the extension is attempting to do. Using this proof-of-concept browser would have helped you debug your ad injection problem!<p><a href="https:&#x2F;&#x2F;cypher.codes&#x2F;writing&#x2F;intercepting-suspicious-chrome-extension-actions" rel="nofollow">https:&#x2F;&#x2F;cypher.codes&#x2F;writing&#x2F;intercepting-suspicious-chrome-...</a><p>- Note: my project specifically tries to protect users from Facebook hijacking and ad injection attacks - the two most common attacks on the CWS!

Related story...<p>I once worked on a price comparison plugin and Firefox is very strict about what your plugins are allowed to do. They review each one and have some strict rules: like you can&#x27;t load and execute Javascript from the web.<p>Most of our competitors just sent every URL you visited to their server. We wanted to be better than that since that is an obvious privacy issue.<p>So we made all our plugins (IE, FF, Chrome) download a whitelist (regex array) of shopping domains our search engine supported and it would only make API calls to our server if it matched that list AND you were on a product page.<p>Had the added benefit of reducing our server load too.<p>The server still gets a list of every page you visit on eCommerce sites but better than on all sites.

Not sure what the fuss is here, the permission is literally called &quot;Read and change all your data on the websites that you visit&quot;. It should be obvious what it can do.

I only heard about this a few week ago and I thought I was up-do-date on internet security. It may be obvious to others, I had no idea an extnetion could do this. This means it can steal you login like phishing but without a spoof URL. I now disable all extensions when logging into important websites

Did you report the malicious extension? Its still available from the Chrome store.

This is not new. In fact, I&#x27;d estimate 20% of all popular plugins know all the websites you&#x27;re visited, Google searches you&#x27;re doing, etc: <a href="https:&#x2F;&#x2F;www.howtogeek.com&#x2F;180175&#x2F;warning-your-browser-extensions-are-spying-on-you&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.howtogeek.com&#x2F;180175&#x2F;warning-your-browser-extens...</a><p>It&#x27;s how SimilarWeb and other clickstream companies get their data. They claim it&#x27;s harmless, but they have the ability to know everything you&#x27;ve inputted, and all the secure URL&#x27;s you&#x27;ve visited (aka that intranet page with all your company salaries or passwords that you think nobody on the web knows about)

So malware. You wrote some malware.

Great demonstration. You could probably just as easily listen for blur on form fields and be even more dangerous.

I never install browser extensions because it is difficult to check what they are doing and many of them require access to all sites. Users should check who wrote the extension and whether they trust the author.

That&#x27;s why I login into my bank or other important accounts in incongnito mode, where, I make sure extensions stay disabled.

Does not work for blockchain.info but does for reddit, hackernews, and facebook