Login/Register
What is "chrome-extension://"
Asked Answered
Solved javascriptwebgoogle-chrome-extensionskype
B

6

7

I found the some strange <script/> tags on a site:

<script src="chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/document_iterator.js"></script>
<script src="chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/find_proxy.js"></script>
...

I haven't been able to find much information on this, but I highly doubt this is actually related to Google Chrome since this site in particular is still using <table>s for layout, and the source in question was retrieved with curl not a graphical web browser.

So,

  1. What on earth is this?
  2. What is chrome-extension://
  3. Why is it using lifbcibllhkdhoafpjfnlhfpfgnpldfl as a directory name
  4. Why is it pretending to be valid URL to a javascript file?
  5. Why would I need find_proxy or document_iterator

Solved. As far as I know...

chrixian was right, It seems that only on this and a few select other pages, someone had re-saved them from Chrome's source-view with the Skype extension installed.

Thanks everyone for all your help, +1's for all! enjoy!

Belly answered 18/10, 2012 at 21:7 Comment(8)
Do you have the skype extension installed?Charybdis
From what I can see it's a method for providing resources embedded in an extension to a web page in general. chrome-extension is the specific pseudo-url handler for referring to internal stuff, the lifbci... junk is the internal identifier of a particular extension, and the rest is just whatever resource you want provided. IN this case, it's Skype, probably for their "change anything that looks like phone number into a link" junk. See code.google.com/p/notscripts/issues/detail?id=107Philender
If you look in the HTML, do you see the chrome-extension script tags? What about if you curl it from another computer?Mitosis
I don't think you understood what I was asking. When I asked you if you saw the chrome-extension script tags in the HTML, I meant on your physical server when viewing in a text editor. In other words, is the source itself corrupted, is something in between the server and the client corrupted, or is just the client corrupted? We know you see it on the client -- via curl -- but what about on the server or the network? You could maybe use tcpdump or tcpflow to view the HTML as it's leaving the server. Hope this helps!Mitosis
Another thing you can try is to put the HTML document on another server and curl it from both IP address clients you used before. This might help further isolate the source of the problem.Mitosis
@jMort253 yes, the actual page contains it. It's static HTML.Belly
So it was Chrome... just not the way everyone thought it was. Evil. ;-)Jandel
@ScottA indeed, I should have guessed as much, the page in question also had a menu system that is plastered onto the page at run-time with javascript. Evil indeed.Belly
F
4

If you are using cURL to get the page, you're getting the HTML as it exists on the server--so I think a safe assumption would be: the author of the page initially saved the page from Chrome, he had an extension installed that inserted these script tages and lastly he didn't remove the script tags for one reason or another before putting the page on the server.

Fr answered 19/10, 2012 at 15:49 Comment(3)
except I think this page was made before chrome even existed, as I mention it uses <table> for layout, as far as I can tell the latest change was before 2004. Chrome came out in 2008.Belly
Wow, nice omniscience there, I just checked some of the other pages, and sure enough, a few of them don't have these script tags. As far I can tell this is what happened; someone edited the page and saved from the chrome source view. Why, I'll never know.Belly
@Fr +1 Thanks. I was having the same issue. The page source code was indeed the result of a copy/paste from the chrome browser for local revision testing on someone's box. So these types of script tags can be deleted before putting pages on the servers.Prestonprestress
C
6

That is actually Skype Click to Call chrome extension.

Manage and view it using this link chrome://extensions/?id=lifbcibllhkdhoafpjfnlhfpfgnpldfl

enter image description here

Clachan answered 3/10, 2013 at 5:39 Comment(1)
Thanks for the ?id= tip, since I don't use chromium all that much.Belly
F
4

If you are using cURL to get the page, you're getting the HTML as it exists on the server--so I think a safe assumption would be: the author of the page initially saved the page from Chrome, he had an extension installed that inserted these script tages and lastly he didn't remove the script tags for one reason or another before putting the page on the server.

Fr answered 19/10, 2012 at 15:49 Comment(3)
except I think this page was made before chrome even existed, as I mention it uses <table> for layout, as far as I can tell the latest change was before 2004. Chrome came out in 2008.Belly
Wow, nice omniscience there, I just checked some of the other pages, and sure enough, a few of them don't have these script tags. As far I can tell this is what happened; someone edited the page and saved from the chrome source view. Why, I'll never know.Belly
@Fr +1 Thanks. I was having the same issue. The page source code was indeed the result of a copy/paste from the chrome browser for local revision testing on someone's box. So these types of script tags can be deleted before putting pages on the servers.Prestonprestress
U
3

This is added by chrome as the page loads, to inject the extension's Javascript code into the page, so it can access the HTML document.

Unfinished answered 18/10, 2012 at 21:10 Comment(2)
That's odd. Maybe someone has copied the page source of a page and accidentally copied this code with it.Unfinished
That's wat version control is good for. To find out who on earth does stuff like that.Unfinished
M
2

Chrome, like Firefox, provides developers with an easy API to extend the functionality of the web browser without needing to actually download and build the browser to do so.

They also provide a robust delivery system. In Google's case, it's the Google Chrome Web Store.

Extensions are installed locally on your computer, and use long strings as directory names to reduce the risk of collisions with another extension. In other words, if you and I both named our extensions "mycoolextension", then there would be a problem if a person tried to install your extension and my extension. The long string helps prevent collisions such as this.

The chrome-extension:// protocol is used by the browser to make requests to these local resources. Chrome extensions are developed using HTML5, JavaScript, and CSS, along with an API exposed to allow the local JavaScript to perform actions it would not normally be able to do on the Internet.

When you see these in the Chrome developer tools, it's just the extension doing it's thing, whatever that may be.

If you're seeing these, then you likely installed some extensions from the Chrome Web Store. To view them, go to the Tools menu and select "Extensions". This will show you a list of all installed Chrome extensions and apps.

To learn more about extension development, see the Getting Started Tutorial.

Also, as someone else mentioned, you're using the Skype Call Extension. However, an app using that directory name doesn't appear in the first page of the search results. It might be worth doing some more research to make sure you got that extension from a legitimate source, whether that be Skype or the Chrome Web Store.

If you're seeing it in Chrome developer tools for every request you make, it means it has access to all your websites, which could be benign, like if they're just making phone numbers clickable, or it could be malicious, if it's scraping your bank account info and shipping it off to some third party server. :)

Mitosis answered 18/10, 2012 at 21:17 Comment(0)
L
2

The Skype extension causes it by inserting all kinds of junk in webpages that you visit. Do you have the Skype browser extension installed for Chrome? Just disable the extension.

Leviticus answered 18/10, 2012 at 21:18 Comment(1)
@Leviticus is right, this was injected by "Skype Click to Call" Chrome extension and someone decided to copy the source code after the script was injected and publish it.Trapp
J
1

It's a Chrome extension, and chrome-extension:// is a URL for extensions to address their contents via Javascript.

lifbcibllhkdhoafpjfnlhfpfgnpldfl is the unique identifier for the extension. I can't find it with a search, but apparently it might be Skype.

It's not pretending... it is a valid URL. The Javascript file is located in the extension. If you were to look on your harddrive you'd probably find that very file in the extensions folder.

The functions its calling probably are some sort of detection used by the extension to see if it needs to enable itself.

See this for some additional information:

Checking if user has a certain extension installed

Jandel answered 18/10, 2012 at 21:17 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.