如何检测浏览器的扩展名? [英] How to detect extension on a browser?
问题描述
我试过这个:
var detect = function(base,if_installed,if_not_installed){
var s = document.createElement('script');
s.onerror = if_not_installed;
s.onload = if_installed;
document.body.appendChild(s);
s.src = base +'/manifest.json';
detect('chrome-extension://'+ addon_id_youre_after,function(){alert('boom!');});
如果浏览器安装了扩展名,我将会得到如下错误:
资源必须在web_accessible_resources清单键
中列出才能被扩展名外的页面加载
GET chrome-extension://无效网:: ERR_FAILED
如果不是,我会得到一个不同的错误。 > b
$ b
GET chrome-extension://addon_id_youre_after/manifest.json net :: ERR_FAILED
下面是我得到的错误图片:
我试图抓住错误(小提琴)
try {
var s = document.createElement('script');
//s.onerror = window.setTimeout(function(){throw new Error()},0);
s.onload = function(){alert(installed)};
document.body.appendChild(s);
s.src ='chrome-extension://gcbommkclmclpchllfjekcdonpmejbdp/manifest.json';
} catch(e){
debugger;
alert(e);
$ b $ window.onerror = function(errorMsg,url,lineNumber,column,errorObj){
alert('Error:'+ errorMsg +'Script:'+ url + 'Line:'+ lineNumber
+'Column:'+ column +'StackTrace:'+ errorObj);
$ / code> 到目前为止,我无法捕捉错误..
任何帮助,将不胜感激
第一个错误是从Chrome提供的信息,直接注入控制台,你(正如你注意到的那样)。
$ b
GET 错误来自网络堆栈。 Chrome在任何情况下都拒绝加载,并模拟网络错误 - 您可以 catch在元素本身上有 onerror 处理程序,但不在 window.onerror hander中。引用,强调我的:
当资源(如
< img>或< script>)加载失败,使用接口Event启动加载,并调用元素上的onerror()处理程序。 这些错误事件不会冒泡到窗口,但是(至少在Firefox中)可以用一个捕获window.addEventListener来处理。 p>
这个例子至少会检测到网络错误。请注意,再次,您不能捕捉它们,因为它可以防止它在控制台中显示。当Google Cast扩展名为(尴尬问题的根源时(b)
$ b
s.onload = function(){alert(installed )};
s.error = function(){alert(我还不知道)};
请注意,您无法区分这两者。在内部,Chrome会将其中一个请求重定向到 chrome-extension:// invalid ,但是这样的重定向对于您的代码是透明的:是加载资源(就像您一样)使用XHR。即使是新的提取API,这应该给予更多的重定向控制,不能帮助,因为它不是一个HTTP重定向。它所得到的是一个无信息的网络错误。
因此,您无法检测扩展是否未安装或未安装,但不会公开资源。
p> 请注意,这是有意的。您引用的方法用于工作 - 任何名字的资源。但是这是一种指纹浏览器的方法 - 这是Google明确调用恶意并希望阻止的一种方法。结果, web_accessible_resources 模型是在Chrome 18中引入的(2012年8月),以屏蔽扩展嗅探 - 需要显式声明暴露的资源。引用,强调我的:
在清单2之前,扩展中的所有资源都可以从网页上的任何页面访问。 这可以让恶意网站为用户安装的扩展指纹指纹或利用已安装扩展中的漏洞(例如XSS错误)。将可用性限制为仅显式地设置为可通过网络访问的资源既可以将可用的攻击面减到最小,又可以保护用户的隐私。
在Google积极应对指纹的情况下,只有合作的扩展程序才能被可靠检测到。 可能存在特定于扩展的黑客攻击,例如特定的DOM更改,请求拦截或可获取的暴露资源 - 但没有一般方法,扩展可能随时更改其可见签名。我解释了这个问题: Javascript检查是否用户有一个第三方铬扩展安装,但我希望你可以看到更好的原因。
总结这一点,如果你确实是找到一个暴露指纹的任意扩展的一般方法,这将被视为恶意和Chrome隐私问题。
I'm trying to detect if an extension is installed on a user's browser.
I tried this:
var detect = function(base, if_installed, if_not_installed) {
var s = document.createElement('script');
s.onerror = if_not_installed;
s.onload = if_installed;
document.body.appendChild(s);
s.src = base + '/manifest.json';
}
detect('chrome-extension://' + addon_id_youre_after, function() {alert('boom!');});
If the browser has the extension installed I will get an error like:
Resources must be listed in the web_accessible_resources manifest key in order to be loaded by pages outside the extension
GET chrome-extension://invalid net::ERR_FAILED
If not, I will get a different error.
GET chrome-extension://addon_id_youre_after/manifest.json net::ERR_FAILED
Here is an image of the errors I am getting:
I tried to catch the errors (fiddle)
try {
var s = document.createElement('script');
//s.onerror = window.setTimeout(function() {throw new Error()}, 0);
s.onload = function(){alert("installed")};
document.body.appendChild(s);
s.src = 'chrome-extension://gcbommkclmclpchllfjekcdonpmejbdp/manifest.json';
} catch (e) {
debugger;
alert(e);
}
window.onerror = function (errorMsg, url, lineNumber, column, errorObj) {
alert('Error: ' + errorMsg + ' Script: ' + url + ' Line: ' + lineNumber
+ ' Column: ' + column + ' StackTrace: ' + errorObj);
}
So far I am not able to catch the errors..
Any help will be appreciated
The first error is informative from Chrome, injected directly into the console and not catchable by you (as you noticed).
The GET errors are from the network stack. Chrome denies load in either case and simulates a network error - which you can catch with onerror handler on the element itself, but not in the window.onerror hander. Quote, emphasis mine:
When a resource (such as an
<img>or<script>) fails to load, an error event using interfaceEventis fired at the element, that initiated the load, and theonerror()handler on the element is invoked. These error events do not bubble up to window, but (at least in Firefox) can be handled with a single capturingwindow.addEventListener.
Here's an example that will, at least, detect the network error. Note that, again, you can't catch them, as in prevent it from showing in the console. It was a source of an embarrasing problem when Google Cast extension (that was exposing a resource) was using it as a detection method.
s.onload = function(){alert("installed")};
s.error = function(){alert("I still don't know")};
Notice that you can't distinguish between the two. Internally, Chrome redirects one of the requests to chrome-extension://invalid, but such redirects are transparent to your code: be it loading a resource (like you do) or using XHR. Even the new Fetch API, that's supposed to give more control over redirects, can't help since it's not a HTTP redirect. All it gets is an uninformative network error.
As such, you can't detect whether the extension is not installed or installed, but does not expose the resource.
Please understand that this is intentional. The method you refer to used to work - you could fetch any resource known by name. But it was a method of fingerprint browsers - something that Google is explicitly calling "malicious" and wants to prevent.
As a result, web_accessible_resources model was introduced in Chrome 18 (all the way back in Aug 2012) to shield extensions from sniffing - requiring to explicitly declare resources that are exposed. Quote, emphasis mine:
Prior to manifest version 2 all resources within an extension could be accessed from any page on the web. This allowed a malicious website to fingerprint the extensions that a user has installed or exploit vulnerabilities (for example XSS bugs) within installed extensions. Limiting availability to only resources which are explicitly intended to be web accessible serves to both minimize the available attack surface and protect the privacy of users.
With Google actively fighting fingerprinting, only cooperating extensions can be reliably detected. There may be extension-specific hacks - such as specific DOM changes, request interceptions or exposed resources you can fetch - but there is no general method, and extension may change their "visible signature" at any time. I explained it in this question: Javascript check if user has a third party chrome extension installed, but I hope you can see the reason for this better.
To sum this up, if you indeed were to find a general method that exposed arbitrary extensions to fingerprinting, this would be considered malicious and a privacy bug in Chrome.
这篇关于如何检测浏览器的扩展名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
