disable chrome http request throttling in extension - google-chrome

how can i disable the anti ddos throttling inside a chrome extension? it is currently only working by set the flag --disable-extensions-http-throttling
inside the extension shortcut, but this is not acceptable when the extension is running on many clients (i would need to set it manually on any client).
I have tried to disable it in the background.js script, but it is not working:
chrome.webRequest.onHeadersReceived.addListener(
function(info) {
var headers = info.responseHeaders;
var throttleHeader = {name: 'X-Chrome-Exponential-Throttling',
value: 'disable'};
headers.push(throttleHeader);
return {responseHeaders: headers};
},
{
urls: ['*://*/*'], // Pattern to match all http(s) pages
types: ['sub_frame', 'xmlhttprequest']
},
['blocking', 'responseHeaders']
);
Are there any other ways to disable throttling for a extension? I am using the latest version of chrome (50.0.2661.102 m)

There is most likely no way to disable throttling from within an extension. Allowing developers to do that would defeat the very purpose of throttling.
In fact the possibility to exploit the X-Chrome-Exponential-Throttling header for this purpose the way you just tried was considered a security issue:
https://bugs.chromium.org/p/chromium/issues/detail?id=318366
This eventually led to removing the X-Chrome-Exponential-Throttling header from Chrome in May 2015:
https://bugs.chromium.org/p/chromium/issues/detail?id=352259

Related

How to make a Chrome Extension to redirect when specific pages are accessed in Manifest V3

I'm trying to make a Chrome extension that redirects to a pre defined page when a specified page is loaded.
I'm using webRequest for this, But now that I have to migrate to Manifest V3, webRequest can not be used anymore.
Can anyone help me with rewrite the script to make it work with Manifest V3?
Here's the script that I use to redirect pages:
var host = "http://example.com";
chrome.webRequest.onBeforeRequest.addListener(
function(details) {
return {redirectUrl: host + details.url.match(/^https?:\/\/[^\/]+([\S\s]*)/)[1]};
},
{
urls: [
"*://foo.com/demo*",
"*://www.foo.com/test/*"
],
types: ["main_frame", "sub_frame", "stylesheet", "script", "image", "object", "xmlhttprequest", "other"]
},
["blocking"]
);
I would not recommend using declarativeNetRequest for this task, it is very limited in its capabilities and has an awkward interface.
It sounds like you want to redirect the user prior to the page being loaded. If that's the case, you need to hook into the request/response lifecycle using chrome.debugger API. I describe how to do that here- his application seems easily adaptable to your own. This is the only way to get the same caliber request manipulation capabilities in MV3 as in MV2.
Alternative approach:
-Use the chrome.webNavigation API. This will just entail setting up event listeners/handlers for one or more of the following:
onBeforeNavigate -> onCommitted -> [onDOMContentLoaded] -> onCompleted
Here you can find many examples of other projects using this API.

Setting sensors (location) in headless Chrome

Is it possible to set custom location coordinates with Chrome Headless? I can't find it in the
Devtools protocol
API. Is there a workaround available?
I googled it and got many methods. I try one by one, almost all of them turn out outdated. Then I find out a solution, use chrome devtools protocol to achieve that.
The small example code below, that it uses the most common tool selenium to execute chrome devtools protocol command.
import time
from selenium.webdriver import Chrome, ChromeOptions
options = ChromeOptions()
options.add_argument("--headless")
driver = Chrome(options=options)
driver.execute_cdp_cmd(
"Browser.grantPermissions",
{
"origin": "https://www.openstreetmap.org/",
"permissions": ["geolocation"]
},
)
driver.execute_cdp_cmd(
"Emulation.setGeolocationOverride",
{
"latitude": 35.689487,
"longitude": 139.691706,
"accuracy": 100,
},
)
driver.get("https://www.openstreetmap.org/")
driver.find_element_by_xpath("//span[#class='icon geolocate']").click()
time.sleep(3) # wait for the page full loaded
driver.get_screenshot_as_file("screenshot.png")
https://chromedevtools.github.io/devtools-protocol/tot/Emulation#method-setGeolocationOverride
and
https://chromedevtools.github.io/devtools-protocol/tot/Emulation#method-clearGeolocationOverride
... then you'll need to contend with ensuring that the correct location sharing setting is set within the user profile (chrome://settings/content/location - which is difficult to access due to being displayed via shadow dom, so using a preconfigured user profile will likely be easier --user-data-dir).
Edit to add: The above does not seem to be effective when using --headless. To resolve this I used https://chromedevtools.github.io/devtools-protocol/tot/Page#method-addScriptToEvaluateOnNewDocument with the following snippet:
navigator.geolocation.getCurrentPosition = function(success, failure) {
success({
coords: {latitude: <your_lat_float>, longitude: <your_lng_float>},
timestamp: Date.now(),
});
}

Chrome off-screen tab capture API, and extension whitelisting

I'd like to use the Chrome off-screen tab capture API in my extension. So, I worked up a manifest with the tabCapture permission, and some code to try it out:
chrome.tabCapture.captureOffscreenTab('http://example.com', {
audio: true,
video: true
}, function () {
console.log(arguments);
});
Unfortunately, I get this error on my console:
Unchecked runtime.lastError while running tabCapture.captureOffscreenTab: Extension is not whitelisted for use of the unstable, in-development chrome.tabCapture.captureOffscreenTab API.
How can I whitelist my extension?
I found a bug report where there was an ask to use _api_features.json rather than hard-coded extension IDs, but I couldn't find that file.
#wOxxOm answered this question!
Snag the ID of the extension on chrome://extensions. Run Chrome like so:
chrome.exe --whitelisted-extension-id=abcdefghijklmnopqrstuvwxyz
It works great!

Edit and replay XHR chrome/firefox etc?

I have been looking for a way to alter a XHR request made in my browser and then replay it again.
Say I have a complete POST request done in my browser, and the only thing I want to change is a small value and then play it again.
This would be a lot easier and faster to do directly in the browser.
I have googled a bit around, and haven't found a way to do this in Chrome or Firefox.
Is there some way to do it in either one of those browsers, or maybe another one?
Chrome :
In the Network panel of devtools, right-click and select Copy as cURL
Paste / Edit the request, and then send it from a terminal, assuming you have the curl command
See capture :
Alternatively, and in case you need to send the request in the context of a webpage, select "Copy as fetch" and edit-send the content from the javascript console panel.
Firefox :
Firefox allows to edit and resend XHR right from the Network panel. Capture below is from Firefox 36:
Chrome now has Copy as fetch in version 67:
Copy as fetch
Right-click a network request then select Copy > Copy As Fetch to copy the fetch()-equivalent code for that request to your clipboard.
https://developers.google.com/web/updates/2018/04/devtools#fetch
Sample output:
fetch("https://stackoverflow.com/posts/validate-body", {
credentials: "include",
headers: {},
referrer: "https://stackoverflow.com/",
referrerPolicy: "origin",
body:
"body=Chrome+now+has+_Copy+as+fetch_+in+version+67%3A%0A%0A%3E+Copy+as+fetch%0ARight-click+a+network+request+then+select+**Copy+%3E+Copy+As+Fetch**+to+copy+the+%60fetch()%60-equivalent+code+for+that+request+to+your+clipboard.%0A%0A&oldBody=&isQuestion=false",
method: "POST",
mode: "cors"
});
The difference is that Copy as cURL will also include all the request headers (such as Cookie and Accept) and is suitable for replaying the request outside of Chrome. The fetch() code is suitable for replaying inside of the same browser.
Updating/completing zszep answer:
After copying the request as cUrl (bash), simply import it in the Postman App:
My two suggestions:
Chrome's Postman plugin + the Postman Interceptor Plugin. More Info: Postman Capturing Requests Docs
If you're on Windows then Telerik's Fiddler is an option. It has a composer option to replay http requests, and it's free.
Microsoft Chromium-based Edge supports "Edit and Replay" requests in the Network Tab as an experimental feature:
In order to enable the option you have to "Enable Experimental Features".
Control+Shift+I (Windows, Linux) or Command+Option+I (macOS)
and tick the checkbox next to "Enable Network Console".
More details about how to Enable Experimental Tools and the feature can be found here
For Firefox the problem solved itself. It has the "Edit and Resend" feature implemented.
For Chrome Tamper extension seems to do the trick.
Awesome Requestly
Intercept & Modify HTTP Requests
https://chrome.google.com/webstore/detail/requestly-modify-headers/mdnleldcmiljblolnjhpnblkcekpdkpa
https://requestly.io/
5 years have passed and this essential requirement didn't get ignored by the Chrome devs.
While they offer no method to edit the data like in Firefox, they offer a full XHR replay.
This allows to debug ajax calls.
"Replay XHR" will repeat the entire transmission.
There are a few ways to do this, as mentioned above, but in my experience the best way to manipulate an XHR request and resend is to use chrome dev tools to copy the request as cURL request (right click on the request in the network tab) and to simply import into the Postman app (giant import button in the top left).
No need to install 3rd party extensions!
There exists the javascript-snippet, which you can add as browser-bookmark and then activate on any site to track & modify the requests. It looks like:
For further instructions, review the github page.

Can local storage databases be cross-accessed between separate Chrome extensions?

Question I think is self explanatory, but if you need more, here it is:
Chrome Extension A saves an email address in localstorage.
Chrome Extension B wants to see that email address.
Is this permitted? (This might be more of an HTML5 thing than a Chrome-specific thing, but my knowledge is limited so I'll frame it within the context of my desire to know the answer).
If you own the two extensions, for instance, your the one maintaining both extensions. You can definitely use cross extension message communication to pass that email or even localStorage to the other extension.
For example, take a look at my extension here:
https://github.com/mohamedmansour/reload-all-tabs-extension/tree/v2
One extension is the core, and the other one is just the browser action (right now they are merged as of v3) but v2 lets them both communicate to each other. The browser action sends a "ping" event, and the core extension listens on such event and returns a "pong". The browser action extension is an "Add-On" to the core extension. When you open up "Options", it uses the options from the core one.
Back to your questions ... To access localStorage cross extensions, you can do something like this:
main core extension:
localStorage['foo'] = 'bar';
var secondary_extension_id = 'pecaecnbopekjflcoeeiogjaogdjdpoe';
chrome.extension.onRequestExternal.addListener(
function(request, sender, response) {
// Verify the request is coming from the Add-On.
if (sender.id != secondary_extension_id)
return;
// Handle the request.
if (request.getLocalStorage) {
response({result: localStorage});
} else {
response({}); // Snub them.
}
}
);
secondary extension:
var main_extension_id = 'gighmmpiobklfepjocnamgkkbiglidom'
chrome.extension.sendRequest(main_extension_id, {getLocalStorage: 1},
function (response) {
var storage = response.result;
alert(storage['foo']); // This should print out 'bar'.
}
);
BTW, I really didn't test this extension. I just copied and pasted from the reload all tabs extension that did something similar.
Not directly, but you can send messages between extensions. So if an extension that stores emails is expecting a request from some external extension, it could read the required data and send it back. More about it here.