Sytools
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Blocks ads and trackers from Wasaby apps, ensuring seamless integration between your browser and these platforms, benefiting developers who rely on this technology for their applications. Lets you access a streamlined experience within your browser, ideal for users of Wasaby-created software. Brings together browser and app functionality for a cohesive user interface.
Overview
Бесплатное расширение для тесной интеграции между браузером и приложениями, созданными на платформе Wasaby: (https://wasaby.dev/)
Что сможете с расширением:
- Устанавливать десктопные версии приложений Wasaby прямо из браузера.
- Минимизировать сбои и ошибки за счет надежной связи между веб-приложениями и их десктопными версиями.
- Получать быстрый доступ к нужным приложениям благодаря удобным закладкам прямо в браузере.
- Вести учет посещаемых сайтов пользователями приложений Wasaby на системах Unix.
Есть пожелания по улучшению работы приложений?
Вы можете делиться диагностической информацией с техподдержкой для устранения проблем. С помощью одного нажатия кнопки передавайте сетевые запросы с текущей страницы браузера и браузерные логи подключения к десктопным приложениям. Сбор данных будет вестись только на сайтах, разработанных на платформе Wasaby.
Остались вопросы?
Читайте подробную информацию на сайте: https://saby.ru/help/plugin/sbis3plugin
Tags
Privacy Practices
Security Analysis — Sytools
Permissions
Code Patterns Detected
External Connections
Package Contents 11 files · 335KB
What This Extension Does
The Sytools extension integrates your browser with Wasaby applications, allowing you to install desktop versions directly from the browser, minimize errors, access apps quickly through bookmarks, and track user site visits on Unix systems. This extension is suitable for users who rely heavily on Wasaby applications.
Permissions Explained
- storageexpected: This permission allows the extension to store data locally on your device.
Technical: The extension can access local storage, which may include sensitive user data. This could be exploited if an attacker gains control of the extension's code or injects malicious scripts into the browser. - tabsexpected: This permission allows the extension to interact with your open tabs and windows.
Technical: The extension can access tab metadata, such as URLs and titles. This could be exploited if an attacker injects malicious scripts into the browser or accesses sensitive user data through tab interactions. - nativeMessagingcheck this: This permission allows the extension to communicate with native applications on your device.
Technical: The extension can inject code into native applications, which could be exploited if an attacker gains control of the extension's code or injects malicious scripts into the browser. This is a critical risk due to its potential for lateral movement and data exfiltration. ⚠ 1 - alarmsexpected: This permission allows the extension to schedule background tasks.
Technical: The extension can schedule alarms, which could be exploited if an attacker injects malicious scripts into the browser or accesses sensitive user data through alarm interactions. - scriptingexpected: This permission allows the extension to execute scripts in your browser.
Technical: The extension can inject code into web pages, which could be exploited if an attacker gains control of the extension's code or injects malicious scripts into the browser. This is a medium risk due to its potential for data exfiltration and lateral movement. - downloadsexpected: This permission allows the extension to interact with your downloads.
Technical: The extension can access download metadata, such as file paths and contents. This could be exploited if an attacker injects malicious scripts into the browser or accesses sensitive user data through download interactions. - downloads.openexpected: This permission allows the extension to open downloads in your default application.
Technical: The extension can access file paths and contents, which could be exploited if an attacker injects malicious scripts into the browser or accesses sensitive user data through download interactions. - notificationsexpected: This permission allows the extension to display notifications in your browser.
Technical: The extension can access notification metadata, such as titles and contents. This could be exploited if an attacker injects malicious scripts into the browser or accesses sensitive user data through notification interactions. - debuggercheck this: This permission allows the extension to debug and inspect your browser's code.
Technical: The extension can inject code into web pages, which could be exploited if an attacker gains control of the extension's code or injects malicious scripts into the browser. This is a critical risk due to its potential for data exfiltration and lateral movement. ⚠ 1 - bookmarksexpected: This permission allows the extension to interact with your bookmarks.
Technical: The extension can access bookmark metadata, such as titles and contents. This could be exploited if an attacker injects malicious scripts into the browser or accesses sensitive user data through bookmark interactions.
Your Data
The extension accesses local storage, interacts with your open tabs and windows, communicates with native applications, schedules background tasks, executes scripts in your browser, interacts with your downloads, displays notifications, and debugs and inspects your browser's code. It sends data to api.sbis.ru, developer.chrome.com, github.com, extensionworkshop.com, bugzilla.mozilla.org, stackoverflow.com.
Technical Details
- api.sbis.ru
- developer.chrome.com
- github.com
- extensionworkshop.com
- bugzilla.mozilla.org
- stackoverflow.com
- HTTP
- HTTPS
- cookies
- tokens
- keystrokes
- page content
Code Findings
The extension uses the Debugger API to inject code into web pages, which could be exploited if an attacker gains control of the extension's code or injects malicious scripts into the browser.
Technical: The extension uses the chrome.debugger API to inject code into web pages. This is a critical risk due to its potential for data exfiltration and lateral movement.
💡 Legitimate extensions may use the Debugger API for debugging purposes, but this should be done with caution and only when necessary.
The extension uses NativeMessaging to communicate with native applications on your device, which could be exploited if an attacker gains control of the extension's code or injects malicious scripts into the browser.
Technical: The extension uses the chrome.runtime API to inject code into native applications. This is a critical risk due to its potential for lateral movement and data exfiltration.
💡 Legitimate extensions may use NativeMessaging for communication with native applications, but this should be done with caution and only when necessary.
The extension uses scripting to inject code into web pages, which could be exploited if an attacker gains control of the extension's code or injects malicious scripts into the browser.
Technical: The extension uses the chrome.tabs API to inject code into web pages. This is a medium risk due to its potential for data exfiltration and lateral movement.
💡 Legitimate extensions may use scripting for legitimate purposes, such as interacting with web pages or providing additional functionality.
The Sytools extension has several security concerns due to its use of the Debugger API and NativeMessaging. While it provides useful features for integrating your browser with Wasaby applications, we recommend exercising caution when installing this extension and regularly reviewing its permissions and behavior.
