Some good notes for Google Chrome

[Hacker]

1. EditThisCookie
EditThisCookie is a cookie manager. You can add, delete, modify, search, protect and block cookies, extend the time limit, and so on.

2. Visual Event
Visual Event is a convenient JavaScript code parser with a nice interface. That is, in order to find out which function is called when clicked (onclick), just enable the extension.

3. Web Sniffer
Web Sniffer - request sniffer.

4. User-Agent Switcher
User-Agent Switcher - forgery of browser information during a session.
- ip
- user-agent (extended browser information)
- is Javascript/WebGL enabled
- time set on the computer
- time zone
and a lot more...

You can use the extension to edit information about the browser when visiting a resource.

You can check your User-agent here:
www.whoishostingthis.com/tools/user-agent/

5 - Toggle JavaScript
Toggle JavaScript - allows you to instantly disable and enable javascript. As many people know, js is not a harmless thing, it can send a request from your ip address if you visit a site with a malicious js script. The extension allows you to disable js and view pages without it. The interface is light, I clicked it once and turned off js, then turned it on again. The appearance and functionality of your usual sites may change significantly.

 

[Father]

Thousands of Chrome Extensions Disable security headers
2,485 extensions modified at least one security header used by popular websites.

Thousands of extensions for the Google Chrome browser, available in the official Chrome online store, change the security headers on popular websites, exposing users to a wide range of cyber attacks.

Each time a user accesses a website, the browser makes a request to the server and the latter loads the page. Although the sites themselves are displayed using HTML, JavaScript, and CSS code, site administrators can add additional settings to the HTTP connection header to instruct the user's browser to handle the delivered content in a specific way. Not all websites use security headers, but many of today's web services typically use them to protect users from attacks.

Researchers from the Helmholtz Center for Information Security CISPA tried to estimate the number of Chrome extensions that interfere with security headers. Using a custom framework created specifically for the purpose of the study, experts analyzed 186,434 Chrome extensions that were available in the official online store last year. According to the results of the study, 2,485 extensions intercepted and modified at least one security header used by the 100 most popular websites (according to the Tranco list).

The study did not focus on all security headers, but only on the four most common ones, such as Content-Security Policy (CSP), HTTP Strict-Transport-Security (HSTS), X-Frame-Options, and X - Content-Type-Options. In 553 cases, malicious extensions disabled all four security headers.

The most frequently disabled security header was CSP, which allows site owners to control which web resources a page is allowed to load in the browser, and provides protection against XSS attacks and data intrusion.