Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 14:08:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

GITBOOK-4316: No subject

Browse source
This commit is contained in:
CPol 2024-04-19 00:28:25 +00:00 committed by gitbook-bot
parent fb82ef7e95
commit 0e8c469cda
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
.gitbook/assets/image (1235).png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 46 KiB

2
pentesting-web/browser-extension-pentesting-methodology/README.md
View file

@ -468,6 +468,8 @@ Therefore, the memory of the Browser Extension **shouldn't be considered secure*
Of course, do **not put sensitive information in the code**, as it will be **public**.
To dump memory from the browser you could **dump the process memory** or to go to the **settings** of the browser extension click on **`Inspect pop-up`** -> In the **`Memory`** section -> **`Take a snaphost`** and **`CTRL+F`** to search inside the snapshot for sensitive info.
## Content Script **↔︎** Background Script Communication
A Content Script can use the functions [**runtime.sendMessage()**](https://developer.chrome.com/docs/extensions/reference/runtime#method-sendMessage) **or** [**tabs.sendMessage()**](https://developer.chrome.com/docs/extensions/reference/tabs#method-sendMessage) to send a **one-time JSON-serializable** message.