What is the purpose and the code content of the "Proxy Script" that Chrome attempts to load every time a new page is loaded?
An easy way to trigger this message is to turn on and off Airplane mode:
This happens when your computer's network settings have a HTTP proxy configured. The proxy auto-config (PAC) script file is specified in those settings; Chrome then downloads it and runs it to determine whether and how each request will be proxied. The script is provided by your proxy, not Chrome.
If you are not intentionally using proxies, you should remove the proxy configuration as it might be either unnecessary or malicious. But if this is a machine owned by your employer, it is probably intentional.
I'm not sure if this work the same way on all OSes, but for me on macOS, there's a link from Chrome's settings to the OS network settings:
The reason the message pops up when you enter/exit airplane mode is probably because that counts as a change of network configuration (between "no internet (and no proxy)" to "yes internet and also proxy"), and it's making sure it has the latest PAC script.
If you want to find out what the script contains, copy the PAC URL out of your network settings and download it separately; then you can read the code (which is JavaScript).
Related
For desktop applications there is a firewall and determines which app can connect to the internet.
Of course internet browsers and other internet apps are always unblocked, other way they are useless.
Now we change point of view from OS->APPS and lets look same way at BROWSER->PLUGINS.
Browser is always online and how I obtain something similar to OS firewall but for the browser plugins? How I know which add-on is actually connecting to its developers server and send some data about my browsing acitvity, add-on usage and so on... ?
Read the code
Unfortunately, AFAIK you have to read the code. For example, the extension
https://github.com/m0rtem/CloudFail/ does call home. You can search for "http" in the code.
Inspect the extension
On Firefox you can inspect an extension.
For example, inspect (aka debug) uBlock. You get the full dev tools on the extension's background page. Go to the "network" tab. Now for testing, go to the extension's options. Update your filter lists. Then go back to extension inspector network tab : you see all the remote calls that the extension made, at your request. But you could also see any hidden call.
content security policy
Sending the user's data to a remote server is not the same thing as writing code with poor security practices, exposing the user to malicious code execution from hackers. But still, it's related.
For Firefox, the default CSP is "script-src 'self'; object-src 'self';" https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy.
So you can read the extension's manifest.json, to see if they changed the default policy.
You can also search for "google analytics" in the code.
Now, be aware that on the official stores, every extension's code base is reviewed by Chrome or Mozilla, so the worst practices (like hacking) are forbidden.
https://wiki.mozilla.org/WebExtensions/policy#II.Security.2F_Privacy
I am intercepting and returning a resource from service worker cache. It takes around 300-400ms to download the content as per Google Chrome devtools. I checked in Firefox, the download is instant.
I expected that download time to be a lot smaller since no network is involved. I intercept the fetch with the usual match function:
event.respondWith(
caches.match(event.request).then(response => response)
);
Is there something wrong I am doing in the way I intercept and return the resource from cache?
You can try the following solutions from this google forum:
Delete your cache and cookies
Use incognito mode If this helps then temporarily disable your extensions to identify which one is causing the rendering problem. To
do this go to chrome://extensions and uncheck Enabled for each
extension one by one.
Reset your browser settings
Turn off hardware acceleration by going to Menu > Settings > Advanced Settings > Under 'System' uncheck Use hardware acceleration
when available.
I need to log the information shown in network tab to a file. I can do it by firing network tab first and then exporting it to a file. But is it possible to run the network tab and exporting it to a file in the background automatically whenever the Chrome is opened?
Is it possible to do?
It depends on your requirement. If your extension involves DevTools, and therefore it is open, you can use the chrome.devtools.network.getHAR() method to get the network traffic. You don't need to navigate to the Network tab.
However, if you want to access the network data without DevTools being opened, this API will not work, as it's only exposed to the DevTools instance. There are a couple of possible options.
Option 1
You could use the chrome.webRequest API to intercept each request/response and append whatever data you want/can to an object. You could then use the chrome.downloads API to download the data. In your case, you could use a data URI.
var url = 'data:application/json;base64,' + btoa(data);
chrome.downloads.download({url: url, filename: 'notQuiteAHAR'json'});
I haven't tested this in practice, and I'm not too sure if you can determine when all requests are done before calling the download.
Option 2
Use the more low level chrome.debugger API, as per the comment by #wOxxOm. The debugging protocol only allows one instance of the debugger at a time, so this will only ever work if you don't have DevTools running. The API exposes a lot more than the chrome.webRequest API, but requires a bit of work to get all the data you need.
There's a repository called chrome-har-capturer, which uses the debugging protocol. Of particular interest is har.js, which uses the events found in the debugger API to manually construct the HAR. The purpose of the library is for remote debugging purposes, but I believe you can use the debugger API in an extension, and so you could probably use aspects of this repository.
As suggested by Gideon Pyzer, HAR Recorder uses chrome debug protocol to record HAR and generate a har file (without opening devtools). If you want a variation, you can fork and make changes on it.
I tried to lookup many answers from stackoverflow but couldnt find anything specific to this, I am implementing payment app and I want to display custom-tab in my app to record user visit by storing user-id, either by setting a cookie or using localstorage or by installing a service worker for the domain that custom tabs opens.
Can a https page loaded in custom-tab write cookies that are also
available when visiting the same page from Chrome?
Is localstorage API available for my domain in custom-tab? if yes,
is stored value available from Chrome?
Is installing service worker allowed from Custom-tab? So I have
access to S/W from Chrome browser?
If none of this possible, how could I record the visit from custom-tab and have it available in Chrome when user opens the domain from chrome browser?
Thanks in advance
Chrome Custom Tabs uses the same Cookie jar as Chrome. So, if a Cookie is created when a user accesses the page from a Custom Tab and Chrome is the Custom Tabs provider, it is also available when the user goes to the same domain from Chrome (outside Custom Tabs).
Same as above.
Yes, it is possible to install a service-worker from a Chrome Custom Tab.
You can check all the above by opening the URL that adds the cookie, install the service-worker or writes to the local store inside a Custom Tab, setup the device for debugging, connecting it to your computer and navigating to chrome://inspect/#devices in Chrome. Then choose the device and inspect the cookies, local storage, service-workers, etc.
I have several accounts for a website and currently I want to write an extension that I can open all the accounts simultaneously in chrome, each tab for one account.
So that means I want each tab with a separate cookie system, is it doable? If so please suggest the API I should use, thanks!
Go to Chrome Preferences. There is a Users section where you can add users. Each new user will have its own cookie jar, so you can log in to a site as many different users at once. It makes new chrome windows, but it seems you cannot drag a tab onto a window of another user.
According to Chrome documentation, you can modify HTTP headers (including cookies) in the onBeforeSendHeaders event handler. So, you need to store new cookies for every account by means of the onHeadersReceived event handler, and then substitute them for every tab in outgoing requests.
There even exists an extension which seems doing almost the thing you want - Chrome Cookie Switcher.
Also I have found an answer that may be helpful for your task: Associate a custom user agent to a specific Google Chrome page/tab.
I really don't think Chrome allows extensions to do this. If I recall correctly, extensions can inspect and block requests, but they can't modify them, such as changing cookies on the fly for each tab.
I suggest you use the --user-data-dir command-line option of Chrome. It allows you to keep several separate profiles, each in its own directory, and then you only need to start chrome with the proper option:
# run this command to use the first profile
google-chrome --user-data-dir=/home/binchen/my_chrome_profiles/my_profile_1
# run this command to use the second profile
google-chrome --user-data-dir=/home/binchen/my_chrome_profiles/my_profile_2
...
Each profile will be in its own Chrome window, with its own cookie store, instead of its own tab, but it's easier than writing an extension.
Lastly, if the website you're mentioning is Google, you can keep several Google accounts open at the same time.