![]() ![]() I think that’s enough information for you to review your extension and decide for yourself what do. #Awesome screenshot chrome extension fullI see little difference between a client-side attack and this ‘service’, except that it can be argued that the end user willingly (but maybe unwittingly) entered into the agreement. Whether you’re looking for image editing, annotation capabilities or the lowest cost, here are the nine best screenshot Chrome extensions to meet your needs: LightShot Awesome Screenshot GoFullPage Nimbus Blipshot One Click Full -Click Webpage Screenshot Screen Capture Fireshot qSnap 1. The potentially sensitive URLs are sent over plaintext HTTP in easily base64-decryptable form, and through the use of some ‘niki-bot’ crawler (which is apparently so malicious its User-Agent requires obfuscation with no reference to SimilarWeb, Awesome Screenshot, or any other explanation for its use – nor does it bother to respect robots.txt), seems to intend to make further reconnaissance against these URLs at a later date. Chrome Extension - After capturing and finishing annotations on your image, you can upload the image to your Awesome Screenshot account for permanent storage. The tracking and transmission of your browsing history is happening automatically, silently, with no proper explanation in the extension’s details on the Chrome App Store. There are 4 options for uploading a captured image from the Chrome extension, drag and drop, choosing an image from your computer, and pasting an image from the clipboard. It wasn’t long before negative reviews on the Chrome app store led me to these two articles, which both seemed to confirm that the extension contains javascript which sends browsing activity in plaintext to an upstream service lb., which redirects or makes use of an API belonging to, which some say is part of a third service called SimilarWeb. Unless someone tracks your browsing activity from the browser, and stores it somewhere etc.īolstered by this corroborating story, I decided to look further into this AwesomeScreenshot extension. Somehow, niki-bot seems to know about these URLs. He started seeing this new bot trying to access some pages that a regular crawler may not get access to, pages that require authentication to access, or to know even know that they exist. I am no security expert, so I will borrow words of Miguel Jacq, a Linux administrator who has an interesting story to tell, about this extension and a related bot, “niki-bot”. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |