8

Is it possible to spoof Chrome plugins?

I noticed that their names are stored in Preferences and Local State file in /Users/mainuser/Library/Application\ Support/Google/Chrome/Default/Preferences and /Users/mainuser/Library/Application\ Support/Google/Chrome/Local\ State respectively (on Mac), but manually changing the contents of these files gets treated as file corruption. Any idea how to spoof it?

Plugin information are publicly available and are easily inspected with something like this:

var x=navigator.plugins.length; // store the total no of plugin stored 
console.log(x);
var txt="";
for(var i=0;i<x;i++)
{
  txt=navigator.plugins[i].name; 
    console.log(txt);
}
potato
  • 4,479
  • 7
  • 42
  • 99
  • 1
    Just a guess - try running a checksum of those files before changing them and finding that value somewhere? If you find it, make your change and update the checksum to match your changed checksum. Or maybe it's phoning home and obtaining a comparison that way (unlikely). Or it could be as simple as using the date modified to detect a manipulation? – oooyaya May 13 '16 at 14:57
  • 1
    can you provide a concrete example of exactly what plugin you want to *spoof* and in what manner? – Tudor Constantin May 14 '16 at 08:45
  • Any plugin. Don't know the way so I can't answer in what manner. – potato May 14 '16 at 08:59
  • @brumbrum why do you want to spoof it ? – codefreaK May 14 '16 at 15:15
  • Paranoid about browser fingerprinting I guess. – potato May 14 '16 at 17:17

3 Answers3

1

I assume you want to modify an extension that you have installed on your machine in order to improve it.

You can use the Developer Mode and load the modified extension:

Extensions that you download from the Chrome Web Store are packaged up as .crx files, which is great for distribution, but not so great for development. Recognizing this, Chrome gives you a quick way of loading up your working directory for testing. Let's do that now.

Visit chrome://extensions in your browser (or open up the Chrome menu by clicking the icon to the far right of the Omnibox: The menu's icon is three horizontal bars. and select Extensions under the Tools menu to get to the same place).

Ensure that the Developer mode checkbox in the top right-hand corner is checked.

Click Load unpacked extension… to pop up a file-selection dialog.

Navigate to the directory in which your extension files live, and select it.

Alternatively, you can drag and drop the directory where your extension files live onto chrome://extensions in your browser to load it.

If the extension is valid, it'll be loaded up and active right away! If it's invalid, an error message will be displayed at the top of the page. Correct the error, and try again.

Tudor Constantin
  • 26,330
  • 7
  • 49
  • 72
0

Paranoid about browser fingerprinting I guess.

If you want hide navigator.plugins list, see this plugin :

https://github.com/bcaller/plugin-privacy-chrome

See content.js#L27 :

properties.plugins = vecw({}, true);
user2226755
  • 12,494
  • 5
  • 50
  • 73
0

The "real" fix is to stop the enumeration of plugins for everybody, so there is no fingerprint information (after everyone upgrades): https://bugs.chromium.org/p/chromium/issues/detail?id=271772

If you hide navigator.plugins, that is also an identifying (single bit) feature that will make you stand out since there will be very few users who hide navigator.plugins. Which is why you'd want to spoof. From another answer, from @Hors Sujet, https://github.com/bcaller/plugin-privacy-chrome is a great place to start how to program a spoof. You'll want to look like the vast majority of Chrome users (I'm not sure that actually exists, though.)

But what you likely really want is EFF's Privacy Badger.

Start here to see the number of bits you can be fingerprinted by: https://panopticlick.eff.org/

And then install Privacy Badger from here: https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp

Chris Buck
  • 745
  • 5
  • 15