I have a website websocket. Someone used Chrome Extension to steal my websocket data. The data itself does not have sensitive information,The backend is also verified so there is no threat
I know that I can monitor any changes in the DOM or enable devtool, but Chrome Extension can still steal my websocket content.
Is there any way to stop it?
Chrome Extension code like this
chrome.debugger.attach({ tabId: tabId }, "1.2", function () {
chrome.debugger.sendCommand({ tabId: tabId }, "Network.enable");
chrome.debugger.onEvent.addListener(onTabDebuggerEvent);
});
function onTabDebuggerEvent(debuggeeId, message, params) {
var debugeeTabId = debuggeeId.tabId;
chrome.tabs.get(debugeeTabId, function (targetTab) {
var tabUrl = targetTab.url;
if (message == "Network.webSocketFrameSent") {
}
else if (message == "Network.webSocketFrameReceived") {
var payloadData = params.response.payloadData;
var request = {
source: tabUrl,
payload: params.response.payloadData
};
websocket.send(JSON.stringify(request));
}
});
}
You need to sign in to view this answers
Leave feedback about this