如何在浏览器上检测扩展? [英] How to detect extension on a browser?
问题描述
我正在尝试检测用户浏览器上是否安装了扩展程序.
我试过了:
var detection = function(base, if_installed, if_not_installed) {var s = document.createElement('script');s.onerror = if_not_installed;s.onload = if_installed;document.body.appendChild(s);s.src = base + '/manifest.json';}检测('chrome-extension://' + addon_id_youre_after, function() {alert('boom!');});如果浏览器安装了扩展程序,我会收到如下错误:
<块引用>资源必须列在 web_accessible_resources 清单键中为了被扩展之外的页面加载
GET chrome-extension://invalid net::ERR_FAILED
如果没有,我会得到一个不同的错误.
<块引用>获取 chrome-extension://addon_id_youre_after/manifest.json net::ERR_FAILED
这是我遇到的错误的图像:
我试图捕捉错误.引用,强调我的:
<块引用>在清单版本 2 之前,可以从网络上的任何页面访问扩展中的所有资源.这允许恶意网站对用户已安装的扩展程序进行指纹识别或利用已安装扩展程序中的漏洞(例如 XSS 漏洞).将可用性限制为仅可通过网络访问的资源可最大限度地减少可用的攻击面并保护用户隐私.
由于 Google 积极对抗指纹识别,因此只能可靠地检测到合作的扩展程序.可能存在特定于扩展的黑客 - 例如特定的 DOM 更改、请求拦截或您可以获取的暴露资源 - 但没有通用方法,并且扩展可能随时更改其可见签名".我在这个问题中解释了它:Javascript 检查是否用户安装了第三方 Chrome 扩展程序,但我希望您能更好地了解原因.
总而言之,如果您确实要找到一种将任意扩展暴露给指纹识别的通用方法,这将被视为 Chrome 中的恶意和隐私错误.
I'm trying to detect if an extension is installed on a user's browser.
I tried this:
var detect = function(base, if_installed, if_not_installed) {
var s = document.createElement('script');
s.onerror = if_not_installed;
s.onload = if_installed;
document.body.appendChild(s);
s.src = base + '/manifest.json';
}
detect('chrome-extension://' + addon_id_youre_after, function() {alert('boom!');});
If the browser has the extension installed I will get an error like:
Resources must be listed in the web_accessible_resources manifest key in order to be loaded by pages outside the extension
GET chrome-extension://invalid net::ERR_FAILED
If not, I will get a different error.
GET chrome-extension://addon_id_youre_after/manifest.json net::ERR_FAILED
Here is an image of the errors I am getting:
I tried to catch the errors (fiddle)
try {
var s = document.createElement('script');
//s.onerror = window.setTimeout(function() {throw new Error()}, 0);
s.onload = function(){alert("installed")};
document.body.appendChild(s);
s.src = 'chrome-extension://gcbommkclmclpchllfjekcdonpmejbdp/manifest.json';
} catch (e) {
debugger;
alert(e);
}
window.onerror = function (errorMsg, url, lineNumber, column, errorObj) {
alert('Error: ' + errorMsg + ' Script: ' + url + ' Line: ' + lineNumber
+ ' Column: ' + column + ' StackTrace: ' + errorObj);
}
So far I am not able to catch the errors..
Any help will be appreciated
The first error is informative from Chrome, injected directly into the console and not catchable by you (as you noticed).
The GET errors are from the network stack. Chrome denies load in either case and simulates a network error - which you can catch with onerror handler on the element itself, but not in the window.onerror hander. Quote, emphasis mine:
When a resource (such as an
<img>or<script>) fails to load, an error event using interfaceEventis fired at the element, that initiated the load, and theonerror()handler on the element is invoked. These error events do not bubble up to window, but (at least in Firefox) can be handled with a single capturingwindow.addEventListener.
Here's an example that will, at least, detect the network error. Note that, again, you can't catch them, as in prevent it from showing in the console. It was a source of an embarrasing problem when Google Cast extension (that was exposing a resource) was using it as a detection method.
s.onload = function(){alert("installed")};
s.error = function(){alert("I still don't know")};
Notice that you can't distinguish between the two. Internally, Chrome redirects one of the requests to chrome-extension://invalid, but such redirects are transparent to your code: be it loading a resource (like you do) or using XHR. Even the new Fetch API, that's supposed to give more control over redirects, can't help since it's not a HTTP redirect. All it gets is an uninformative network error.
As such, you can't detect whether the extension is not installed or installed, but does not expose the resource.
Please understand that this is intentional. The method you refer to used to work - you could fetch any resource known by name. But it was a method of fingerprint browsers - something that Google is explicitly calling "malicious" and wants to prevent.
As a result, web_accessible_resources model was introduced in Chrome 18 (all the way back in Aug 2012) to shield extensions from sniffing - requiring to explicitly declare resources that are exposed. Quote, emphasis mine:
Prior to manifest version 2 all resources within an extension could be accessed from any page on the web. This allowed a malicious website to fingerprint the extensions that a user has installed or exploit vulnerabilities (for example XSS bugs) within installed extensions. Limiting availability to only resources which are explicitly intended to be web accessible serves to both minimize the available attack surface and protect the privacy of users.
With Google actively fighting fingerprinting, only cooperating extensions can be reliably detected. There may be extension-specific hacks - such as specific DOM changes, request interceptions or exposed resources you can fetch - but there is no general method, and extension may change their "visible signature" at any time. I explained it in this question: Javascript check if user has a third party chrome extension installed, but I hope you can see the reason for this better.
To sum this up, if you indeed were to find a general method that exposed arbitrary extensions to fingerprinting, this would be considered malicious and a privacy bug in Chrome.
这篇关于如何在浏览器上检测扩展?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
