{"id":28725062,"url":"https://github.com/dobin/defenderforchrome","last_synced_at":"2025-06-15T11:09:51.217Z","repository":{"id":293819915,"uuid":"985182088","full_name":"dobin/DefenderForChrome","owner":"dobin","description":"Chrome Plugin for additional security","archived":false,"fork":false,"pushed_at":"2025-05-17T10:04:49.000Z","size":38,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-17T11:20:00.753Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dobin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-17T08:21:52.000Z","updated_at":"2025-05-17T10:04:53.000Z","dependencies_parsed_at":"2025-05-17T11:30:09.201Z","dependency_job_id":null,"html_url":"https://github.com/dobin/DefenderForChrome","commit_stats":null,"previous_names":["dobin/defenderforchrome"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/dobin/DefenderForChrome","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2FDefenderForChrome","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2FDefenderForChrome/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2FDefenderForChrome/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2FDefenderForChrome/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dobin","download_url":"https://codeload.github.com/dobin/DefenderForChrome/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2FDefenderForChrome/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259964324,"owners_count":22938726,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-15T11:09:50.541Z","updated_at":"2025-06-15T11:09:51.208Z","avatar_url":"https://github.com/dobin.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DefenderForChrome\n\nChrome Plugin for additional security against some social engineering attacks:\n\n* File download whitelist (`.txt`, `.jpg`, ...) for HTML smuggling\n* Clipboard copy blacklist (`powershell.exe`, `mshta.exe`, ...) for ClickFix\n\n\n## Purpose\n\nThis Chrome plugin implements a **whitelist for file extensions**\non file download. This protects against HTML smuggling and other\nfile based initial access techniques for execbait (like `.js`, `.vbs`, `.exe`).\n\nWith this plugin coorporate environments are able to to implement a file\ndownload policy in the browser. As a replacement for content filter\nproxy, when moving towards zero trust. Allowed file extensions are defined in `file-whitelist.json`.\n\nThere is also a **clipboard blacklist** against the commonly\nused ClickFix execbait attack (\"press win-r, paste malicious commands, press enter\"). \nThe `clipboard-blacklist.json` contains a list \nof obviously malicious strings like `powershell` or `mshta`.\n\n\n## Installation for testing\n\n1) Open `chrome://extensions`\n2) Enable `Developer mode`\n3) Click `Load unpacked` and select this git repo directory\n\n\n## Configuration\n\n* `file-whitelist.json`: Define allowed file extensions here\n* `clipboard-blacklist.json`: Define prohibited words here\n\nBoth are case insensitive.\n\n\n## Dev Stuff\n\n### Chrome Plugin Permissions\n\n* `notifications`: Show notifications to the user\n* `downloads`: Access downloads\n* `scripting`, `activeTab`: Inject Clipboard protection\n* `storage`: Access whitelists/blacklists\n* `web_accessible_resources`: Clipboard blacklist data access\n\n\n### File Download Filtering\n\nImplemented in `background.js`.\n\nUsing chrome functionality. \n\n\n### Clipboard Filtering\n\nImplemented in `content.js`. \n\nInjected into every page. \n\n\n## Related Work\n\n[SmuggleShield](https://github.com/RootUp/SmuggleShield) tried to prevent HTML smuggling with machine learning, instead of just filtering file downloads. \n\n[ClipShield](https://github.com/ericlaw1979/clipshield) is a watchdog\nwhich scans the clipboard for malicious things.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdobin%2Fdefenderforchrome","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdobin%2Fdefenderforchrome","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdobin%2Fdefenderforchrome/lists"}