chrome 扩展中的 POST 请求数据和地址栏更改
[英]POST request data and address bar change in chrome extension
问题描述
I am trying to make a chrome extension that will capture GET and POST request and parameters and evaluate the XSS vulnerability by calling an api with the url and parameters.
我正在尝试制作一个 chrome 扩展,它将捕获 GET 和 POST 请求和参数,并通过使用 url 和参数调用 api 来评估 XSS 漏洞。 At first I tried chrome.webRequest.onBeforeRequest.addListener event listener and it captures a lot of GET requests for each component of the site when I am just hitting the url in address bar.起初我尝试chrome.webRequest.onBeforeRequest.addListener事件监听器,当我刚刚在地址栏中点击 url 时,它为网站的每个组件捕获了大量 GET 请求。 This was too much load for my api server.这对我的 api 服务器来说负载太大了。 So I decided to capture the address bar content since the GET parameters are visible there as well.所以我决定捕获地址栏内容,因为 GET 参数在那里也是可见的。 For capturing POST request I am still using chrome.webRequest.onBeforeRequest.addListener .为了捕获 POST 请求,我仍在使用chrome.webRequest.onBeforeRequest.addListener 。 Now what I want to do is the following: 1. By default my extension should check only address bar content 2. When a button clicked in the extension popup html then only I will capture POST requests What will be best way to do this?现在我要做的是: 1. 默认情况下,我的扩展程序应该只检查地址栏内容 2. 当在扩展程序弹出窗口 html 中单击一个按钮时,只有我会捕获 POST 请求 这样做的最佳方法是什么? Also, Is there any way to filter the GET requests capture so that it will only capture the first url request but not the subsequent components requests?另外,有什么方法可以过滤 GET 请求捕获,使其仅捕获第一个 url 请求而不捕获后续组件请求? I felt, using the chrome.webRequest.onBeforeRequest.addListener was super effective if not for the unnecessary requests captured.我觉得,如果不是为了捕获不必要的请求,使用chrome.webRequest.onBeforeRequest.addListener是非常有效的。
1 个解决方案
解决方案1
1 2020-04-19 08:34:03
You can filter the listener by type to limit it to main document and frames:您可以按type过滤侦听器以将其限制在主文档和框架中:
chrome.webRequest.onBeforeRequest.addListener(details => {
// do something with details.url
}, {
types: ['main_frame', 'sub_frame'],
urls: ['<all_urls>'],
});
In your popup you can show a checkbox to toggle the feature.在您的弹出窗口中,您可以显示一个复选框来切换该功能。
The click listener of the checkbox will save the state to the storage:复选框的点击监听器会将 state 保存到存储中:
document.querySelector('input[type=checkbox]').onclick = e => {
chrome.storage.local.set({watchPost: e.target.checked});
};
The background script will listen to changes in storage and toggle the listener:后台脚本将监听存储的变化并切换监听器:
chrome.storage.local.get('watchPost', _ => {
toggle(_.watchPost);
});
chrome.storage.onChanged.addListener(({watchPost}) => {
if (watchPost) {
toggle(watchPost.newValue);
}
});
function toggle(state) {
const event = chrome.webRequest.onBeforeRequest;
if (state) {
event.addListener(onPost, {urls: ['<all_urls>']});
} else {
event.removeListener(onPost);
}
}
function onPost(details) {
if (details.method === 'POST') {
// ..........
}
}
You can also limit the listener to just one tab, see the documentation .您还可以将侦听器限制为一个选项卡,请参阅文档。 Note that re-registering the same function reference won't work: you'll need to manually call removeListener first, then addListener with the new filter.请注意,重新注册相同的 function 引用将不起作用:您需要先手动调用 removeListener,然后使用新过滤器调用 addListener。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.