Read me update
This commit is contained in:
z0ccc
parent
f30fa9d5a3
commit
793acc618c
1 changed files with 58 additions and 122 deletions
180
README.md
180
README.md
|
|
@ -1,151 +1,87 @@
|
|||
<img src="src/assets/img/icon-128.png" width="64"/>
|
||||
# Vytal
|
||||
|
||||
# Chrome Extension Boilerplate with React 17 and Webpack 5
|
||||
Protect your privacy by mocking your personal data.
|
||||
|
||||
[](https://www.npmjs.com/package/chrome-extension-boilerplate-react)
|
||||
[](https://www.npmjs.com/package/chrome-extension-boilerplate-react)
|
||||
[](https://www.npmjs.com/package/chrome-extension-boilerplate-react)
|
||||
## About
|
||||
|
||||
[](https://david-dm.org/lxieyang/chrome-extension-boilerplate-react)
|
||||
[](https://david-dm.org/lxieyang/chrome-extension-boilerplate-react?type=dev)
|
||||
Vytal can mock your timezone, locale, geolocation and user agent. This data can be used to track you online or reveal your location.
|
||||
|
||||
## Announcements
|
||||
Vytal is utilizes the chrome.debugger API to mock this data. This allows the data to be changed in frames, web workers and during the initial loading of a website. It also makes the spoofing completely undetectable.
|
||||
|
||||
- **_This boilerplate adopts [Manifest V3](https://developer.chrome.com/docs/extensions/mv3/intro/mv3-overview/)!_** For V2 users, please check out the [manifest-v2](https://github.com/lxieyang/chrome-extension-boilerplate-react/tree/manifest-v2) branch, or use version [3.x](https://www.npmjs.com/package/chrome-extension-boilerplate-react/v/3.3.0).
|
||||
- Check out the [Manifest V3 Migration Guide](https://developer.chrome.com/docs/extensions/mv3/intro/mv3-migration/).
|
||||
- Recently added [devtools](https://developer.chrome.com/docs/extensions/mv3/devtools/) Support! Thanks [GeekaholicLin](https://github.com/lxieyang/chrome-extension-boilerplate-react/issues/17)!
|
||||
- Recently updated from **[React](https://reactjs.org)** ~~16~~ to **17**!
|
||||
- Recently updated from **[Webpack Dev Server](https://webpack.js.org/configuration/dev-server/)** ~~3.x~~ to **4.x** and **[Webpack](https://webpack.js.org/)** ~~4~~ to **5**!
|
||||
- Recently added [TypeScript](https://www.typescriptlang.org/) Support!
|
||||
You can test and compare Vytal and other extensions on https://vytal.io
|
||||
|
||||
## Features
|
||||
Vytal contains no ads and signup is not required.
|
||||
|
||||
This is a basic Chrome Extensions boilerplate to help you write modular and modern Javascript code, load CSS easily and [automatic reload the browser on code changes](https://webpack.github.io/docs/webpack-dev-server.html#automatic-refresh).
|
||||
## Limitations
|
||||
|
||||
This boilerplate is updated with:
|
||||
### Tab initialization
|
||||
|
||||
- [Chrome Extension Manifest V3](https://developer.chrome.com/docs/extensions/mv3/intro/mv3-overview/)
|
||||
- [React 17](https://reactjs.org)
|
||||
- [Webpack 5](https://webpack.js.org/)
|
||||
- [Webpack Dev Server 4](https://webpack.js.org/configuration/dev-server/)
|
||||
- [React Hot Loader](https://github.com/gaearon/react-hot-loader)
|
||||
- [eslint-config-react-app](https://www.npmjs.com/package/eslint-config-react-app)
|
||||
- [Prettier](https://prettier.io/)
|
||||
- [TypeScript](https://www.typescriptlang.org/)
|
||||
There is a slight delay between when a new tab is opened and the debugger starts mocking the data. This allows for websites to get the original value of the data before it is changed. After the initial loading of a tab, this will no longer be an issue.
|
||||
|
||||
This boilerplate is heavily inspired by and adapted from [https://github.com/samuelsimoes/chrome-extension-webpack-boilerplate](https://github.com/samuelsimoes/chrome-extension-webpack-boilerplate), with additional support for React 17 features, Webpack 5, and Webpack Dev Server 4.
|
||||
### Locale override does not mock language data
|
||||
|
||||
Please open up an issue to nudge me to keep the npm packages up-to-date. FYI, it takes time to make different packages with different versions work together nicely.
|
||||
Unlike the Chrome devtools location sensor, overriding the locale does not change language data (such as navigator.language or navigator.languages). There is an open ticket about this here: https://bugs.chromium.org/p/chromium/issues/detail?id=1320419
|
||||
|
||||
## Installing and Running
|
||||
## Data Tampering
|
||||
|
||||
### Procedures:
|
||||
Data spoofed with Vytal can not be detected. Although other extensions which spoof's data can be detected. have If data tampering is detected then a red circle with an ‘x’ will be displayed next to the data value. If the legitimate value cannot be identified then the data will be discarded and will not be used to generate a fingerprint. Clicking on the table row of the tampered value will bring up a dialog box showing the types of tampering.
|
||||
|
||||
1. Check if your [Node.js](https://nodejs.org/) version is >= **14**.
|
||||
2. Clone this repository.
|
||||
3. Change the package's `name`, `description`, and `repository` fields in `package.json`.
|
||||
4. Change the name of your extension on `src/manifest.json`.
|
||||
5. Run `npm install` to install the dependencies.
|
||||
6. Run `npm start`
|
||||
7. Load your extension on Chrome following:
|
||||
1. Access `chrome://extensions/`
|
||||
2. Check `Developer mode`
|
||||
3. Click on `Load unpacked extension`
|
||||
4. Select the `build` folder.
|
||||
8. Happy hacking.
|
||||
## Types of Tampering
|
||||
|
||||
## Structure
|
||||
### Failed Navigator.prototype
|
||||
|
||||
All your extension's code must be placed in the `src` folder.
|
||||
`Navigator.prototype[DataType]` returns a value if the data object was tampered with. Otherwise returns an error.
|
||||
|
||||
The boilerplate is already prepared to have a popup, an options page, a background page, and a new tab page (which replaces the new tab page of your browser). But feel free to customize these.
|
||||
### Failed undefined properties
|
||||
|
||||
## TypeScript
|
||||
`Object.getOwnPropertyDescriptor(navigator, [DataType])` returns an object if the data object was tampered with. Otherwise returns ‘undefined’.
|
||||
|
||||
This boilerplate now supports TypeScript! The `Options` Page is implemented using TypeScript. Please refer to `src/pages/Options/` for example usages.
|
||||
### Failed Navigator property value
|
||||
|
||||
## Webpack auto-reload and HRM
|
||||
`Object.getOwnPropertyDescriptor(Navigator.prototype, [DataType]).value` returns an error if the data object was tampered with. Otherwise returns ‘undefined’.
|
||||
|
||||
To make your workflow much more efficient this boilerplate uses the [webpack server](https://webpack.github.io/docs/webpack-dev-server.html) to development (started with `npm start`) with auto reload feature that reloads the browser automatically every time that you save some file in your editor.
|
||||
### Did not match web worker (\_\_\_)
|
||||
|
||||
You can run the dev mode on other port if you want. Just specify the env var `port` like this:
|
||||
Value does not match the value found in a [web worker](https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers). The web worker value is in the brackets.
|
||||
|
||||
### Location data doesn't match system data
|
||||
|
||||
Occurs when the location data from ip address does not match your location data from your system (such as your timezone).
|
||||
|
||||
### VPN/proxy has been detected
|
||||
|
||||
Your ip address is known to be used by proxies or VPNs.
|
||||
|
||||
### Failed Date.prototype.setDate.toString()
|
||||
|
||||
`Failed Date.prototype.setDate.toString()` returns 'function setDate() { [native code] }' if the data object was NOT tampered with.
|
||||
|
||||
### Failed Screen.prototype
|
||||
|
||||
`Screen.prototype[DataType]` returns a value if the data object was tampered with. Otherwise returns an error.
|
||||
|
||||
### Avail width is greater than width
|
||||
|
||||
Happens when the avail width is greater than the normal width (which is impossible).
|
||||
|
||||
### Avail height is greater than height
|
||||
|
||||
Happens when the height width is greater than the normal height (which is impossible).
|
||||
|
||||
## Dev
|
||||
|
||||
This application uses a React frontend and a Django backend that communicates using the Django REST framework.
|
||||
|
||||
Backend Django setup:
|
||||
|
||||
```
|
||||
$ PORT=6002 npm run start
|
||||
cd backend
|
||||
python manage.py runserver
|
||||
```
|
||||
|
||||
## Content Scripts
|
||||
|
||||
Although this boilerplate uses the webpack dev server, it's also prepared to write all your bundles files on the disk at every code change, so you can point, on your extension manifest, to your bundles that you want to use as [content scripts](https://developer.chrome.com/extensions/content_scripts), but you need to exclude these entry points from hot reloading [(why?)](https://github.com/samuelsimoes/chrome-extension-webpack-boilerplate/issues/4#issuecomment-261788690). To do so you need to expose which entry points are content scripts on the `webpack.config.js` using the `chromeExtensionBoilerplate -> notHotReload` config. Look the example below.
|
||||
|
||||
Let's say that you want use the `myContentScript` entry point as content script, so on your `webpack.config.js` you will configure the entry point and exclude it from hot reloading, like this:
|
||||
|
||||
```js
|
||||
{
|
||||
…
|
||||
entry: {
|
||||
myContentScript: "./src/js/myContentScript.js"
|
||||
},
|
||||
chromeExtensionBoilerplate: {
|
||||
notHotReload: ["myContentScript"]
|
||||
}
|
||||
…
|
||||
}
|
||||
```
|
||||
|
||||
and on your `src/manifest.json`:
|
||||
|
||||
```json
|
||||
{
|
||||
"content_scripts": [
|
||||
{
|
||||
"matches": ["https://www.google.com/*"],
|
||||
"js": ["myContentScript.bundle.js"]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
## Intelligent Code Completion
|
||||
|
||||
Thanks to [@hudidit](https://github.com/lxieyang/chrome-extension-boilerplate-react/issues/4)'s kind suggestions, this boilerplate supports chrome-specific intelligent code completion using [@types/chrome](https://www.npmjs.com/package/@types/chrome).
|
||||
|
||||
## Packing
|
||||
|
||||
After the development of your extension run the command
|
||||
Frontend React setup:
|
||||
|
||||
```
|
||||
$ NODE_ENV=production npm run build
|
||||
cd frontend
|
||||
yarn run start
|
||||
```
|
||||
|
||||
Now, the content of `build` folder will be the extension ready to be submitted to the Chrome Web Store. Just take a look at the [official guide](https://developer.chrome.com/webstore/publish) to more infos about publishing.
|
||||
|
||||
## Secrets
|
||||
|
||||
If you are developing an extension that talks with some API you probably are using different keys for testing and production. Is a good practice you not commit your secret keys and expose to anyone that have access to the repository.
|
||||
|
||||
To this task this boilerplate import the file `./secrets.<THE-NODE_ENV>.js` on your modules through the module named as `secrets`, so you can do things like this:
|
||||
|
||||
_./secrets.development.js_
|
||||
|
||||
```js
|
||||
export default { key: '123' };
|
||||
```
|
||||
|
||||
_./src/popup.js_
|
||||
|
||||
```js
|
||||
import secrets from 'secrets';
|
||||
ApiCall({ key: secrets.key });
|
||||
```
|
||||
|
||||
:point_right: The files with name `secrets.*.js` already are ignored on the repository.
|
||||
|
||||
## Resources:
|
||||
|
||||
- [Webpack documentation](https://webpack.js.org/concepts/)
|
||||
- [Chrome Extension documentation](https://developer.chrome.com/extensions/getstarted)
|
||||
|
||||
---
|
||||
|
||||
Michael Xieyang Liu | [Website](https://lxieyang.github.io)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue