доступ к рутрекеру
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
Расширение предназначено для доступа к сайту https://rutracker.org. Все что от вас требуется - установить. Дальше можете пользоваться сайтом как делали это раньше.
Tags
Privacy Practices
Security Analysis — доступ к рутрекеру
Permissions
Code Patterns Detected
External Connections
Package Contents 21 files · 306KB
What This Extension Does
The 'доступ к рутрекеру' extension provides free access to rutracker.org for Russian citizens. It claims to require no further action beyond installation, allowing users to access the site as before.
Permissions Explained
- proxycheck this: This permission allows the extension to control your internet proxy settings.
Technical: The 'proxy' permission grants access to the Proxy Configuration API, enabling the extension to modify system-wide proxy settings. This could potentially allow malicious code to intercept or manipulate network traffic. ⚠ 1 - activeTabexpected: This permission lets the extension access and interact with the currently active web page.
Technical: The 'activeTab' permission grants access to the Tab API, allowing the extension to read and modify the content of the active tab. This could potentially enable malicious code to steal sensitive information or inject malware into the page. - browsingDatacheck this: This permission allows the extension to access browsing history, cookies, and other data stored by Chrome.
Technical: The 'browsingData' permission grants access to the Browsing Data API, enabling the extension to read and modify browsing history, cookies, and other sensitive information. This could potentially allow malicious code to steal user credentials or track browsing behavior. ⚠ 1 - storageexpected: This permission lets the extension store data locally on your device.
Technical: The 'storage' permission grants access to the Storage API, allowing the extension to read and write local storage. This could potentially enable malicious code to steal or manipulate sensitive information stored by other extensions or web pages. - *://rutracker.org/*expected: This permission allows the extension to access and interact with rutracker.org.
Technical: The 'https://rtk.rmcontrol.net/' and '*://rutracker.org/*' permissions grant access to specific domains, enabling the extension to communicate with these sites. This could potentially allow malicious code to inject malware or steal sensitive information from these sites.
Your Data
The extension accesses browsing history, cookies, and other data stored by Chrome, and sends data to rutracker.org and rtk.rmcontrol.net. It also uses the Proxy Configuration API to modify system-wide proxy settings.
Technical Details
Code Findings
The extension assigns innerHTML to an element, which could potentially allow malicious code to inject cross-site scripting (XSS) attacks.
Technical: The extension uses the innerHTML property to assign a string value to an element. This could potentially enable XSS attacks if the assigned string contains malicious code.
💡 This pattern is commonly used in legitimate extensions for content injection and manipulation.
The extension uses String.fromCharCode to obfuscate code, which could potentially make it harder to detect malicious behavior.
Technical: The extension uses the String.fromCharCode method to convert a character code to a string. This is often used for obfuscation and could potentially be used to hide malicious code.
💡 This pattern is commonly used in legitimate extensions for encoding and decoding data.
The extension creates script elements dynamically, which could potentially allow malicious code to inject malware or steal sensitive information.
Technical: The extension uses the Document Object Model (DOM) to create script elements dynamically. This could potentially enable malicious code to inject malware or steal sensitive information if not properly sanitized.
💡 This pattern is commonly used in legitimate extensions for content injection and manipulation.
The extension uses the Proxy Configuration API to modify system-wide proxy settings, which could potentially allow malicious code to intercept or manipulate network traffic.
Technical: The extension grants access to the Proxy Configuration API, enabling it to modify system-wide proxy settings. This could potentially enable malicious code to intercept or manipulate network traffic if not properly secured.
💡 This pattern is commonly used in legitimate extensions for network configuration and management.
The 'доступ к рутрекеру' extension has several concerning permissions and code patterns, including the use of the Proxy Configuration API, creation of script elements dynamically, and assignment of innerHTML. While it claims to provide free access to rutracker.org for Russian citizens, its behavior raises significant concerns about data exposure and potential malicious activity. Users should exercise caution when installing this extension.
