Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Need Chrome Extension Analyzed

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sat Sep 16, 2017 3:33 pm    Post subject: Need Chrome Extension Analyzed Reply with quote

I was hoping that someone could take a look at this chrome extension to see if there is anything fishy about it (mostly js files). For example, see if it sends any data (e.g. urls, images, login credentials) to a remote server.

All this extension is supposed to do is download some images from an Amazon page automatically, for convenience, as opposed to doing each step manually.

You can download the files here:
http://www.mirrorcreator.com/files/KBSIB0ZL/extension_1_0_1.zip_links

Thanks.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Sat Sep 16, 2017 8:22 pm    Post subject: Reply with quote

Looks fine, just adds an event listener to Chromes download event and triggers for matching elements.
Code:
var main_image = $('.image.selected .imgTagWrapper img:first');


If a valid main image is found, it will tell Chrome to download it.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sat Sep 16, 2017 9:23 pm    Post subject: Reply with quote

Thanks for looking at this, atom0s. I will +rep you when I can.

One thing that stood out to me was this segment of code in the jquery.min.js file:

Code:
{try{return new XMLHttpRequest}catch(e){}};var dn=x.ajaxSettings.xhr(),gn={0:200,1223:204},mn=0,yn={};e.ActiveXObject&&x(e).on("unload",function(){for(var e in yn)yn[e]();yn=undefined}),x.support.cors=!!dn&&"withCredentials"in dn,x.support.ajax=dn=!!dn,x.ajaxTransport(function(e){var t;return x.support.cors||dn&&!e.crossDomain?{send:function(n,r){var i,o,s=e.xhr();if(s.open(e.type,e.url,e.async,e.username,e.password),e.xhrFields)for(i in e.xhrFields)s[i]=e.xhrFields[i];e.mimeType&&s.overrideMimeType&&s.overrideMimeType(e.mimeType),e.crossDomain||n["X-Requested-With"]||(n["X-Requested-With"]="XMLHttpRequest")


It seems suspicious to me but that does not say much.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Sat Sep 16, 2017 10:06 pm    Post subject: Reply with quote

++METHOS wrote:
Thanks for looking at this, atom0s. I will +rep you when I can.

One thing that stood out to me was this segment of code in the jquery.min.js file:

Code:
{try{return new XMLHttpRequest}catch(e){}};var dn=x.ajaxSettings.xhr(),gn={0:200,1223:204},mn=0,yn={};e.ActiveXObject&&x(e).on("unload",function(){for(var e in yn)yn[e]();yn=undefined}),x.support.cors=!!dn&&"withCredentials"in dn,x.support.ajax=dn=!!dn,x.ajaxTransport(function(e){var t;return x.support.cors||dn&&!e.crossDomain?{send:function(n,r){var i,o,s=e.xhr();if(s.open(e.type,e.url,e.async,e.username,e.password),e.xhrFields)for(i in e.xhrFields)s[i]=e.xhrFields[i];e.mimeType&&s.overrideMimeType&&s.overrideMimeType(e.mimeType),e.crossDomain||n["X-Requested-With"]||(n["X-Requested-With"]="XMLHttpRequest")


It seems suspicious to me but that does not say much.


jQuery is a very commonly used library for web-based things. Most websites in existence today use it in some form or another. The specific chunk you showed is the minified version of:
https://github.com/jquery/jquery/blob/262acc6f1e0f71a3a8b786e3c421b2e645799ea0/src/ajax/xhr.js

It is used for cross-domain queries and such. Overall though, jQuery is a very well known, widely used and trusted JavaScript library. (And to be honest, jQuery is actually the reason JavaScript is where it is today in terms of how evolved and mature of a language it has become. jQuery shaped it and pushed it to its limits and brought it out of the death sentence it was being served years ago when it was shunned as a language. Now it's one of, if not, the most widely used programming language in the world.)

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sun Sep 17, 2017 4:53 am    Post subject: Reply with quote

Very good. Thanks so much, atom0s, I really appreciate it.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites