How Fugu is the Web?
Item media 4 screenshot
Item media 1 screenshot
Item media 2 screenshot
Item media 3 screenshot
Item media 4 screenshot
Item media 1 screenshot
Item media 1 screenshot
Item media 2 screenshot
Item media 3 screenshot
Item media 4 screenshot

Overview

An extension to shine light on the Project Fugu 🐡 APIs web apps want to use.

How it works API data The raw data for the different Project Fugu 🐡 APIs is curated in a spreadsheet, which is then turned into JavaScript, so keeping the list of APIs updated is hopefully a straightforward task. API detection The extension monitors the requests a page makes via the chrome.webRequest.onBeforeRequest.addListener() API. Each response body, grouped by main frame, JavaScript, and Web App Manifest response bodies, is then run through a set of regular expressions like /navigator\.hid\.requestDevice\s*\(/g to determine if the code hints at a Project Fugu 🐡 API potentially being used. Browser support detection Most Project Fugu 🐡 APIs are easily feature-detectable by checking for the existence of interfaces or properties, for example, as in 'BarcodeDetector' in window. Other APIs require a ServiceWorkerRegistration, but luckily the popup window in Manifest V3 extensions uses a service worker, so it can be used via an IIFE that can be run in the client or the service worker. An example is (async () => 'periodicSync' in (await navigator.serviceWorker?.ready || self.registration))(). The support categories are listed below: ✔️ Supported by your browser. 🚫 Not supported by your browser. 🤷 Support unknown for your browser. (The only way to know would be user-agent sniffing.) Deep-linking The extension makes use of Text Fragment URLs to deep-link to the occurrence of a detected API, for example https://airhorner.com/scripts/main.min.js#:~:text=navigator.setAppBadge(. For main frame documents, the source code gets rendered in a helper HTML page controlled by the extension, since it is impossible to link to view-source: protocol links. Limitations • The chrome.webRequest.onBeforeRequest.addListener() API unfortunately does not "see" requests that are handled by a service worker (crbug.com/766433). There are three possible workarounds for this: - Hard-reload via ⌘/ctrl+shift+r. - Open DevTools and check the Bypass for network checkbox in the Service Worker section of the Application tab. - Clear storage in the Storage section of the Application tab. • The extension only does static code analysis, that is, there is no guarantee that the app actually uses the code snippet where a Project Fugu 🐡 API was detected. • Heavily minified code will not be detected. For example, if an app minifies navigator.clipboard.write() to const nav = navigator; nav.clipboard.write(), the extension will not detect this. License Apache 2.0.

0 out of 5No ratings

Google doesn't verify reviews. Learn more about results and reviews.

Details

  • Version
    1.17.0
  • Updated
    January 10, 2024
  • Offered by
    Thomas Steiner
  • Size
    125KiB
  • Languages
    English
  • Developer
    Thomas Steiner
    Neanderstr. 3 Hamburg 20459 Germany
    Email
    steiner.thomas@gmail.com
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has disclosed that it will not collect or use your data. To learn more, see the developer’s privacy policy.

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes

Support

Related

Finding patterns

3.2(5)

Look for patterns inside HTML, JS, CSS and AJAX code

Refuse To Be Human

5.0(3)

Surf the Web as YandexBot. Ever wondered what the YandexBot get’s to see online that you do not?

Link Router

3.0(4)

Route links on any given page to the main log with a certain tag

PRMDB for Bard-Gemini

4.5(2)

Create public and private custom prompts for Google Gemini(Bard)

NativeExt

0.0(0)

WebExtensions native connector management extension

Form Troubleshooter

0.0(0)

Find and fix common form problems.

Parrot API mocking

5.0(5)

Hassle-free mocking of xhr and fetch calls.

A Wrench Menu

5.0(3)

Treasured multi-tool – a spanner within Chrome's works – the missing menu.

Service Worker Detector

3.7(6)

This extension detects if a website registers a Service Worker.

CrBug Release Indicator

5.0(1)

Decorates Chromium Commits on CrBug with Version indicators

xhr-devtool

5.0(1)

xhr-devtool

Xposer

0.0(0)

Uses the Xposer.io API to show the product, the exact version and a full product vulnerability report for a given website.

Finding patterns

3.2(5)

Look for patterns inside HTML, JS, CSS and AJAX code

Refuse To Be Human

5.0(3)

Surf the Web as YandexBot. Ever wondered what the YandexBot get’s to see online that you do not?

Link Router

3.0(4)

Route links on any given page to the main log with a certain tag

PRMDB for Bard-Gemini

4.5(2)

Create public and private custom prompts for Google Gemini(Bard)

NativeExt

0.0(0)

WebExtensions native connector management extension

Form Troubleshooter

0.0(0)

Find and fix common form problems.

Parrot API mocking

5.0(5)

Hassle-free mocking of xhr and fetch calls.

A Wrench Menu

5.0(3)

Treasured multi-tool – a spanner within Chrome's works – the missing menu.

Google apps