mirror of
https://github.com/momenbasel/keyFinder.git
synced 2026-06-08 00:53:55 +02:00
anthonyonazure
bfc73ba018
- Prevent fake finding injection via per-session nonce validation between MAIN world interceptor and ISOLATED world content script - Fix CSV formula injection in export by sanitizing cell values - Serialize storage writes to prevent race conditions across tabs - Cap findings at 5000 with oldest-first eviction - Delete findings by unique ID instead of URL to avoid collateral removal - Validate keyword length (50 chars) and count (50 max) - Add MutationObserver for SPA support (dynamic DOM scanning) - Add explicit CSP to manifest - Add per-tab alert icon with red dot overlay when secrets are found
47 lines
1.2 KiB
JSON
47 lines
1.2 KiB
JSON
{
|
|
"name": "KeyFinder",
|
|
"description": "Passively discovers API keys, tokens, and secrets leaked in page scripts, DOM, network responses, and browser storage. Available for Chrome and Firefox.",
|
|
"version": "2.0.0",
|
|
"manifest_version": 3,
|
|
"action": {
|
|
"default_icon": {
|
|
"16": "icons/icon16.png",
|
|
"48": "icons/icon48.png",
|
|
"128": "icons/icon128.png"
|
|
},
|
|
"default_popup": "popup.html"
|
|
},
|
|
"icons": {
|
|
"16": "icons/icon16.png",
|
|
"48": "icons/icon48.png",
|
|
"128": "icons/icon128.png"
|
|
},
|
|
"content_scripts": [
|
|
{
|
|
"matches": ["<all_urls>"],
|
|
"js": ["js/patterns.js", "js/content.js"],
|
|
"run_at": "document_idle",
|
|
"all_frames": true
|
|
},
|
|
{
|
|
"matches": ["<all_urls>"],
|
|
"js": ["js/interceptor-loader.js"],
|
|
"run_at": "document_start",
|
|
"all_frames": true
|
|
}
|
|
],
|
|
"content_security_policy": {
|
|
"extension_pages": "script-src 'self'; object-src 'self'"
|
|
},
|
|
"background": {
|
|
"service_worker": "js/background.js"
|
|
},
|
|
"web_accessible_resources": [
|
|
{
|
|
"resources": ["js/interceptor.js"],
|
|
"matches": ["<all_urls>"]
|
|
}
|
|
],
|
|
"permissions": ["activeTab", "storage"]
|
|
}
|