dnakov / little-rat Goto Github PK
View Code? Open in Web Editor NEW๐ Small chrome extension to monitor (and optionally block) other extensions' network calls
License: MIT License
๐ Small chrome extension to monitor (and optionally block) other extensions' network calls
License: MIT License
I blocked a specific URL for an extension:
But I still see DNS requests on my router for o1388847.ingest.sentry.io
coming from this extension instance (if I disable the extension, the requests stop) and also actual network traffic to/from the IP the name resolves to, captured with tcpdump
.
I did the full manual installation from this repo, not from the Chrome extension store.
most of the time people only care about enabled extensions
it's hard to browse the list if you have too many extensions and most are disabled
I noticed that the toolbar icon had a badge with a count of 1, but these are the only extensions with counts against them in the panel:
They all have notifications muted โ all the other extensions have a count of 0 since I last hit Reset.
I'm not sure which of these is happening:
The number in the counter is not equal to the numbers against any of the extensions, so it only seems to be happening occasionally.
little rat reminds me of an old extension called Extensions Manager (aka Switcher)
it's list view has lots functions as open options, delete extension, open chromestore page
unfortunately this extension was removed by chrome
I'm thinking maybe little-rat can bring back that cool, neat, functional interface back?
after all all these fuctions are somewhat connected to the core function of little rat
here's what it looked like:
thanks
Maybe use storage.session to save and recover data.
Overview:
The extension currently reports on network requests made by other installed extensions, similar to ObjectiveSee's LuLu firewall for macOS. This feature request is to add blocking capabilities like LuLu, allowing users to prevent specific extensions from sending data without approval.
Requirements:
Every time I start my browser, Little Rat opens a new tab. This is the only extension that does this. Quite unconventional.
I would prefer for Little Rat not to open a new tab by default.
Any plans to support Firefox?
hi there-
little rat found a strange hidden extension (much appreciated), but how can I delete this extension? it's not in the extensions directory of any chrome profile?
filter out the extensions which have accessed internet is a great help.
sorting by internet date will do the same.
maybe a new column to indicate whether the extension has ever accessed internet
since most GETs are harmless, most of the time people will expand an entry looking for POSTs
Will you implement firefox version?
Hi Daniel,
Excellent extension.
When I test out new extensions, I generally block them first with Little Rat to be on the safe side and inspect what the network traffic looks like over time. It would be ideal if your extension blocked all extensions by default, or had an advanced option to "block all newly installed extensions".
Also, sometimes Edge tells me that an extension crashed, and this has also happened to the Little Rat extension. Does this mean the network traffic is being allowed for that brief time of your extension crashing? If so, it would be good to have some mitigations in place to safeguard against that. I'm not certain about how the extension APIs etc. all intersect, but perhaps your extension could push the filters to a host file or even generate manual uBlock Origin rules based on the extensions which are installed.
Can you put edge addons on the shelves? I can't access Chrome web store here. It would be more convenient to put edge addons on the shelves.
Please write what each of these is for
Thanks
Here's an example:
let initializer;
let initialized = false;
chrome.declarativeNetRequest.onRuleMatchedDebug.addListener(async (e) => {
if (!initialized) { await initializer; }
// ...
});
(async function initialize() {
let gLocal = chrome.storage.local.get('muted', ({ muted: m }) => {
muted = m || {};
});
let gManagement = chrome.management.getAll((extInfo) => {
for(let { name, id, icons } of extInfo) {
extensions[id] = { name, id, icon: icons?.[0]?.url, numRequests: 0, reqUrls: {}};
}
});
let i = async () => {
await gLocal;
await gManagement;
initialized = true;
}
initializer = i();
})();
Hey
Just posting my twitter comment here
Works great for me- easy to use. Could we add option to whitelist certain sites to help bring the "red number counter" down. Also wonder if we can add blacklist of malicious sites - the counter could be red for these, and amber for unknown? Green for whitelist?...Blocking?
I see that you've discussed blocking on another issue which sounds complex
But atleast a colour indicator for known bad sites would be a step towards that
Like I've mentioned here I don't think UBO blocks extension traffic so we are vulnerable to it
The current white background is not easy on the eyes. Especially when you open the extension dashboard in a new tab, rather than use the popup window. So i think a dark mode toggle would be very useful.
TLDR: use browser.proxy.onRequest
.
MDN doc about the firefox's proxy API, it's quite different from chromium's chrome.proxy
.
use browser.proxy.onRequest.addListener(listener, {urls:['<all_urls>']})
to get requestDetail
.
usually, the requestDetail.documentUrl
of extension request is in format like: moz-extension://${internalUUID}/path
listener
returns an invalid proxy to block request ๐คฃ
internalUUID
is unique for each extension, but it's different from the extension id returned by browser.management.getAll()
, and I can't find a way to get it in extension.
one way to get internalUUID
is, open this page about:debugging#/runtime/this-firefox
, run some snippet in devtool:
const idPairArr=[];
for(let card of document.querySelectorAll('.card')){
const fields = card.querySelectorAll('dd.fieldpair__description');
if(fields.length>=2){
idPairArr.push({
extensionId:fields[0].innerText,
internalUUID:fields[1].innerText
})
}
}
console.log(idPairArr);
Can I view, something similar to developer console ? (i.e: content, response, status code ...)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.