Chromium NetLog dump viewer

Plugin Vulnerabilities

Adds warning message to WordPress Plugin Directory pages when plugins are from developer we have released security advisories for. One of the little understood realities of security issues with WordPress plugins is that the insecurity of them is not evenly spread across those plugins. Instead, many developers are properly securing their plugins and others get them properly secured when alerted they haven’t done that, while other plugin developers either are unable or unwilling to properly secure their plugins. With the latter group, among the issues we have seen, are developers who have introduced new serious vulnerabilities that are substantially similar to vulnerabilities that they know have been exploited in their plugins. In situations where we become aware of developers who have shown that inability or unwillingness to properly secure their plugin, we are releasing advisories to warn customers of our service and the wider WordPress community of the risk of utilizing those developers' plugins. This extension adds a notice on the pages of the WordPress Plugin Directory for the plugins from those developers.

HAR Recorder

Records network request and generates HAR file. har-recorder Chrome extension to record network request and generates HAR file. Uses https://github.com/cyrus-and/chrome-har-capturer to handle requests.

AppScan Activity Recorder

Record traffic and actions to use in an AppScan Dynamic Analysis scan Use the AppScan Activity Recorder to record traffic and actions for use in an AppScan Dynamic Analysis scan. Capture manual crawl, login, and multi-step data (traffic and actions). Recording Traffic: To record browser activity, 1. Before recording, log out from the site you intend to record and disable auto-sign in/auto-fill from Chrome settings. This enables the extension to record all browser tab activity. 2. From the Chrome Web Store, click Add to Chrome to add the recorder extension to the Chrome browser. 3. Open the website you want to record. 4. On the address bar, click the AppScan Activity Recorder extension icon to start recording the browsing activity. The AppScan extension icon blinks indicating it is recording the activity. Note: The extension icon’s tooltip displays the domain URL being recorded. This is particularly useful when you are accessing different sites in the same Chrome browser instance. 5. Perform the browsing activity, leaving the system tray window open. This extension records browser traffic including request/response and user actions. The scope of recording is only for the tab where the extension is invoked; no activity is recorded for other tabs. 6. To stop recording: • Click the AppScan extension icon to stop recording, or • Click 'Cancel' in the Chrome debugging message dialog box. The extension prompts you to save the recording in *.dast.config file format. Extension Options: The AppScan Activity Recorder extension includes options to view recording activity in a debugger window and to enable encryption. To set AppScan Activity Recorder options: 1. Open the Options page: a. Right-click the extension icon and select 'Options', or b. From the Chrome Extensions management page, select 'Details' > 'Extension options' for the extension. 2. Select options. • Debugger Selection: • Show debugger during recording: Show user activity in a separate window. In normal mode (without the debugger window enabled), the system tray window displays recording information only. • Encryption Selection: • No Encryption: Recorded data will not be encrypted. • Default Encryption: Encrypt the recording to prevent exposure of sensitive recorded information. Uses a common mechanism supported across all environments. Encrypted recorded files with Default Encryption are supported in HCL AppScan Enterprise version 10.4.0 and above, HCL AppScan on Cloud, and any HCL AppScan integrations (HCL AppScan Jenkins and HCL AppScan Azure DevOps Plugins, for example) that integrate with HCL AppScan Enterprise and HCL AppScan on Cloud. • Advanced Encryption: Utilizes an environment-specific encryption mechanism to prevent exposure of sensitive recorded information. This option reveals additional product selection options. Encrypted recorded files with Advanced Encryption are supported in HCL AppScan Enterprise version 10.10.0 and above, HCL Appscan 360° version 2.0.1 and above, HCL AppScan on Cloud, and any HCL AppScan integrations (HCL AppScan Jenkins and HCL AppScan Azure DevOps Plugins, for example) that integrate with HCL AppScan Enterprise, HCL Appscan 360° and HCL AppScan on Cloud. • Product Selection (Visible only if Advanced Encryption is selected): • AppScan on Cloud: Allows selection of the US or EU region for AppScan on Cloud. • AppScan on Premises or Private Cloud: Provides input fields for up to three deployment URLs. At least one URL is mandatory if this option is selected. 3. Click 'Save'. Saves the selected options to Chrome's local storage. If 'Advanced Encryption' is chosen, • Validates that at least one product is chosen and, if "onPrem" is selected, at least one URL is provided. • Fetches and validates encryption keys from the provided URLs or region endpoints. • Access to these URLs or region endpoints is essential for saving the options. The saved options will then be used for subsequent recordings. Notes: • Analysis of recordings from websites using HTTP/2 is not currently supported. • On Chrome Version 84.0.4147.105 (Official Build released on July 28th, 2020) (64-bit) and newer, the info banner lingers after the recording is stopped explicitly via the AppScan Activity Recorder icon. This does not hamper the saved recording or the extension functionality in any way. The Chrome Web Store Dev Support team has confirmed this as an intentional change. Click 'Cancel' to dismiss the banner. • The "runtime_blocked_hosts" extension settings GPO policy to validate the URL to record traffic is not supported from version 2.0.0. Changelog: • 2.1.0 - Support for environment-specific encryption. • 2.0.1 - Bug fixes • 2.0.0 - Migrated from Manifest V2 to Manifest V3 • 1.1.0 - Support to encrypt recorded files. - Bug fixes. • 1.0.10 - Updated AppScan icons. • 1.0.9 - Support for adding browser version and debug option to recorded traffic file. - Bug Fixes related to GPO support. • 1.0.8 - Support for "runtime_blocked_hosts" Extension settings GPO policy to validate the URL to record traffic. Follow instructions in “Set Chrome app and extension policies (Windows)” in this link: https://support.google.com/chrome/a/answer/7532015 to set "runtime_blocked_hosts" Extension settings GPO policy in Chrome Browser. Follow instructions in “Configure Microsoft Edge policy settings on Windows” in this link: https://docs.microsoft.com/en-us/deployedge/configure-microsoft-edge to set "runtime_blocked_hosts" Extension settings GPO policy in Edge Browser. - Capture AppScan Activity Recorder version info in recorded traffic file. • 1.0.7 - Fixed a bug to resolve issues wherein partial headers and HTML response were being captured in recorded traffic files. • 1.0.6 - Support for the new Edge version released on January 15th, 2020 and downloadable from "https://support.microsoft.com/en-in/help/4501095/download-the-new-microsoft-edge-based-on-chromium". Follow instructions in “To add an extension to Microsoft Edge from the Chrome Web Store” in this link: "https://support.microsoft.com/en-us/help/4538971/microsoft-edge-add-or-remove-extensions" to install AppScan Activity Recorder extension in Edge. • 1.0.4 - Support to start recording from a blank URL. • 1.0.3 - Support for log window to record cookies, actions and the requests being hit. • 1.0.0 - First release

Octohint

IntelliSense hint for GitHub With Octohint installed, when you view code at GitHub (For example this demo), you'll get features as follows: - Mouse Hover: Show information of current token - Left Click: Show all references of current token - [⌘] + Click: Go to definition of current token (For Windows and Linux user, use [Ctrl] instead) Octohint is a pure client thing. All code analysis are performed at your browser, which means your code and actions log like click, mousemove will never be sent to any server.