ASS - ASCII Smuggling Surfacer

Detect invisible Unicode steganography & smuggling attacks in web pages

# ASS - ASCII Smuggling Surfacer Browser extension that detects and visualizes invisible Unicode characters used in text steganography & smuggling attacks. Full-fidelity port of the [`aid`](https://github.com/wunderwuzzi23/aid) Python CLI scanner. ## Features - 🔍 **50+ invisible character types** — zero-width, directional marks, Unicode tags, variation selectors (VS1–VS256), invisible operators, and more - 🎯 **Smart severity scoring** — color-coded (info → critical) based on consecutive run length and total volume - 🏷️ **Unicode tag decoding** — reveals hidden ASCII messages encoded in U+E0000–U+E007F - 🌈 **Visual highlighting** — glowing overlays on detected characters with severity colors - 💬 **Hover tooltips** — character name, code point, run length, category - 📊 **Category breakdown** — mirrors the Python tool's 10-category classification - 📋 **Detail panel** — full detection report with highlight occurrence - 🔓 **Dynamic Payload Decoder** — custom map '0' and '1' bit characters to decode hidden binary back to ASCII - 🎛️ **Advanced Filtering** — autocomplete, fuzzy search, sequence length limits, and category toggles for granular detection control - 📤 **Export** — JSON and CSV reports matching the Python output format - ⚙️ **Configurable** — toggle confusable spaces, control chars (Cc), space separators (Zs) - ↕️ **Expand All** — instantly expand or collapse all detected hidden text on the page from the detail panel - 🔒 **Privacy-first** — runs entirely locally, no data collection - 🛸 **Hitchhiker's Guide Theme** — auto-triggers on high-volume detections with a retro terminal aesthetic and dynamic calming notice ## Usage 1. **Click the ASS icon** in the toolbar 2. **Press "Scan This Page"** in the popup 3. View highlighted invisible characters on the page 4. **Hover** over highlights for character details 5. **Click** highlights to expand decoded text inline 6. **Toggle Detail Panel** for the full report with category breakdown and export - 🛸 **Consult the Guide** — In Hitchhiker mode, look for the inline link in the header to jump straight to the details ### Settings | Setting | Default | Description | |---------|---------|-------------| | Auto-scan pages | Off | Scan every page automatically | | Sequence length filter | 1-0 | Min/Max limits for consecutive run highlighting (0 = no max limit) | | Fuzzy Search | Off | Match all words anywhere in the Detection Filter name or hex code | | Detect NO-BREAK SPACE | Off | Specifically isolate U+00A0 detection | | Detect confusable spaces | Off | Thin space, hangul filler, etc. (excludes NBSP if toggled separately) | | Detect control chars (Cc) | Off | Unicode Cc category (excludes TAB/LF/CR) | | Detect space separators (Zs) | Off | Unicode Zs category (excludes ASCII space) | | Auto-Hitchhiker | Off | Automatically switch to the HHG theme on suspicious pages | | HHG Threshold | 8 | Total code points required to trigger the guide theme | ## Suspicion Levels | Level | Badge | Condition | |-------|-------|-----------| | 🔴 Critical | Red | Consecutive run ≥ 40 | | 🟠 High | Orange | Run ≥ 10, or total > 100 sparse | | 🟡 Medium | Yellow | Total 10–100, sparse | | 🔵 Info | Blue | Total < 10 | ## Detected Character Types ### Always Detected - **Unicode Tags** (U+E0000–U+E007F) — decoded to ASCII - **Zero-Width & Joiners** — ZWSP, ZWNJ, ZWJ, Word Joiner, CGJ, ZWNBSP - **Directional & Bidi Marks** — LRM, RLM, embeddings, overrides, isolates - **Variation Selectors** — VS1–VS16 (U+FE00–U+FE0F) and VS17–VS256 (U+E0100–U+E01EF) - **Invisible Operators** — function application, invisible times/separator/plus - **Deprecated Format Controls** — U+206A–U+206F ### Optional (Settings) - **NO-BREAK SPACE** — U+00A0 - **Confusable Spaces** — Soft hyphen, quads, thin/hair space, braille blank, hangul filler - **Control Characters (Cc)** — all Cc except TAB/LF/CR - **Space Separators (Zs)** — all Zs except ASCII space ## Privacy This extension processes all data entirely on your device. No data is collected, transmitted, or stored externally. All scanning occurs in your browser's local memory only. ## License MIT License ## Test Tool for creating hidden text https://embracethered.com/blog/ascii-smuggler.html