Hello I would like to use networkingPrivate api, which one is from chrome private API, I have added permission for networkingPrivate but it seems that is not enough. Also I found this
These are only usable by extensions bundled with Chrome, they are not publicly accessible.
here: https://developer.chrome.com/extensions/private_apis, but I'm not sure what that exactly mean, and how to do that.
My original intention is to get info about wifi (ssid,...)?
Thanks
It would be a security risk to allow user extensions to access this information direct from the OS. I think the private API is for Chrome OS, so that you can access and modify OS features direct from the browser, since Chrome OS is basically just a browser.
You could try looking at Native Messaging, which I believe will allow you to connect your extension to a native application installed on the host's machine. The application written by you would have some link between the extension, and then you can pass messages between the two. For example, your extension could request network information, and the native app will get that and send this information back to the extension.
I haven't looked into this so I may be wrong, but worth investigating. I'd be very interested to see the result.
Private APIs are made for internally usage.
For example, DeveloperPrivate API is used on chrome://extensions page.
They have stronger power than other APIs. but they also have security issues if they are open. if you really need to use them, just ask to make new API.
Related
I'm making an app that requires access to the tabs the user has open at the time. I haven't found a way to access this information without deploying my app using Chrome itself.
However, making an extension limits the UI severely (and my app requires a nice, organized UI). However, I understand Chrome apps are about to be discontinues. What other alternative do I have?
Chrome offers extensions as a way to gain access to the internals of the Chrome browser. As mentioned, apps are being discontinued. You can no longer publish new apps which are not specifically for Chrome OS. There are no other API alternatives to gain direct access to the internals of Chrome.
As with any program that is running on a multiprocess operating system or windowing system, your application can use OS and windowing system specific methodologies to snoop on other processes/windows. How to do that is OS/windowing system specific and is way beyond a single Stack Overflow question/answer. However, there is an alternative available that is specifically intended for the case which you describe.
Use Native Messaging
For what you want: Access to internal Chrome information (e.g. the open tabs) while maintaining full control of your user interface (to the extent available in your OS of choice), the documented methodology available to you is to use Native Messaging. You will need to create a Chrome extension to provide access to Chrome internal information. You can communicate that information to the OS native application, which you also create, using the native messaging API. As with most such APIs, it is just a communications channel. You will need to create a message format/protocol which covers your needs.
I want to write an Extension for the google chrome browser which reads some links from a website and copy these links into a file. I want to send this file via ssh to another computer in my local network.
How can I setup and use a ssh connection in my chrome extension?
Assuming you mean scp, not ssh, here are your options:
Set up a WebSocket proxy. Write JavaScript to send the XHR-fetched ArrayBuffer. WebSockets can go over SSL, so you'll probably be satisfied with that rather than implementing SSH in JavaScript (and then scp over that).
Same idea but an HTTP proxy. This would be pretty painful. See Web-based SSH for overview.
Write a Chrome App, thereby getting access to chrome.sockets. Implement SSH in JavaScript. See paramikojs to get started.
Chrome App, Native Client. This can actually work; see Secure Shell. Add scp functionality.
The Chrome-App-based solutions raise a separate question of how to get the web content. You might be able to use Chrome Apps webview. Or you can message the content between the app and a Chrome Extension.
There are probably other approaches as well. But you get the idea: you have a lot of coding ahead of you.
I am using native messaging API in Chrome extension, and I want to ship the native application within my extension.
In Windows, I add a registry key under HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts. Since my application is inside the extension folder after installed, I reference the full path by "%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\...\....json". But in this way, my extension complains "Specified native messaging host not found.".
If I expand the %LOCALAPPDATA% and write the path as "C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\...\....json", then my extension can successfully communicate with the host.
I wonder if this is an intended behavior? Thank you for your help.
There is no expansion of environment variables in the current Chromium code. It sounds like a reasonable feature request, though there might be security reasons not to do it. If you file a bug, we'll have a look and see whether it's feasible.
Synopsis: I am developing a HTML5 web app that will allow tablets(iPad or Droid) to login to a server and perform various functions. The client would like a way to check the devices mac address when logging in. From what I have read, most solutions use activex objects that will not work for webkit browsers.
Question: Does anyone know a solution that would hook into a HTML5 web app seamlessly(Idealy update a hidden form element with the value upon logging in)?
Thanks!
I don't think there's going to be a straightforward way to do this. The web server won't be exposed to a client's MAC address unless they're on the same physical segment...you'll only see the MAC from the most recent router hop in general.
If anything exists, it's going to be a browser plugin (show-stopper on iOS). And it would probably need more than the default permissions available (I don't suspect you can enumerate network interfaces in Java, for example, without asking for elevated permissions).
If you're looking for HTML/JS only then I don't think that this is possible. It won't be exposed.
The problem is that the packets you recieve back will only contain the MAC address of the node on the last hop.
This may be possible via a plugin, but then this limits you on iOS, and possibly also Android as you'd need to provide them a way of getting the plugin first (unless you used a plugin that was installed by default).
Edit: Not that I support an app for every little thing, but it shows that easy to press app buttons sometimes tend to do better than web apps (regardless of being able to make browser shortcuts to home screens). If it is suitable, you could consider loading this within a web view on the target device from within an app, from which you can then of course access MAC addresses and whatever else you may need.
MobiThinking: Mobile applications: native v Web apps – what are the pros and cons?
Forbes: Mobile Web App vs. Native App? It's Complicated
While debugging a client app that uses a Google backend, I have added some debugging versions of the functions and inserted them using the Chrome Developer Tools script editor.
However there are a number of limitations with this approach, first is that the editor doesn't seem to always work with de-minified files, and when the JS file is 35K lines long, this is a problem.
Another issue is that all the initialization that is done during load time, uses the original "unpatched" functions, hence this is not ideal.
I would like to replace the remote javascript.js file with my own local copy, presumably using some regex on the file name, or whatever strategy was suitable, I am happy to use either Firefox or Chrome, if one was easier than the other.
So basically, as #BrockAdams identified, there are a couple of solutions to these types of problem depending on the requirements, and they follow either 1 of 2 methods.
the browser API switcharoo.
The proxy based interception befiddlement.
the browser API switcharoo.
Both firefox and chrome support browser extensions that can take advantage of platform specific APIs to register event handlers for "onbeforeload" or "onBeforeRequest" in the case of firefox and chrome respectively. The chrome APIs are currently experimental, hence these tools are likely to be better developed under firefox.
2 tools that definitely do something like what is required are AdBlock plus and Jsdeminifier both of which have the source code available.
The key point for these 2 firefox apps is that they intercept the web request before the browser gets its hands on it and operate on the other side of the http/https encrpytion stage, hence can see the decrypted response, however as identified in the other post that they don't do the whole thing, although the jsdeminifier was very useful, I didn't find a firefox plugin to do exactly what I wanted, but I can see from those previous plugins, that it is possible with both firefox and chrome. Though they don't actually do the trick as required.
The proxy based interception befiddlement This is definitely the better option in a plain HTTP environment, there are whole bunch of proxies such as pivoxy, fiddler2, Charles Web HTTP proxy, and presumably some that I didn't look at specifically such as snort that support filtering of some sort.
The simplest solution for myself was foxyproxy and privoxy on firefox, and configure a user.action and user.filter to detect the url of the page, and then to apply a filter which swapped out the original src tag, for my own one.
The https case. proxy vs plugin
When the request is https the proxy can't see the request url or the response body, so it can't do the cool swapping stuff. However there is one option available for those who like to mess with their browser. And that is the man-in-the-middle SSL proxy. The Charles Web HTTP proxy appears to be the main solution to this problem. Basically the way it works is that when your browser makes a request to the remote HTTPS server, the ssl proxy intercepts the request and from the ip address of the server generates a server certificate on the fly, which it signs with its own root CA, and sends back to the browser. The browser obviously complains about the self-signed cert, but here you can choose to install the ssl proxy root CA cert into the browser, befuddling the browser and allowing the ssl proxy to man in the middle and make replacements and filters on the raw response body.
Alternative roll your own chrome extension
I decided to go with rolling my own chrome extension, which I am planning to make available. Currently its in a very hardcoded to my own requirements state, but it works pretty good, even for https requests and another benefit is that a browser plugin solution can be more tightly integrated with the browser developer tools.