Inject Demo

This demo shows how to gain access to a page's isolated world and alter its variables and functions.

Chrome doesn't allow you to directly access page's Javascript from an extension. There's several discussions on how to bypass that security measure. Techniques like script injection no longer work; answers like this one point you to use TamperMonkey. But remember that TM itself is a Chrome Extension! So there must be some way of bypassing that security without the help of TM.

Chrome Extensions' docs may mislead you into thinking that it is not possible. Here the docs say that Inline JavaScript will not be executed. At first I thought that it even included script tags with a src attribute, but I was wrong! In fact, that it the only way I found that really works as of now. Well, I really don't understand why is it safe if the script in a separate file rather than directly embedded; I've seen a lot of people in forums questioning the validity of this security measure. Anyway, it took me a while to figure out that putting the script in a separate file works.

This demo provides a index.html with a simple script that creates a function and calls it periodically using setTimerInterval(). The extension folder contains the demo extension which, when loaded by Chrome, will access the isolate world created for the page and override the function aforementioned.

How to Run

Clone this repo locally. Open Chrome, go to chrome://extensions/ and drag the extension folder over the extensions page to install the extension.

You must serve index.html using some simple web server (e.g., using Node.js or Python). Alternatively, you can access it live here. It won't work if you load it via file://.

Open the console and you should see something like the following output:

Script running...
Gained access to page's isolated world.
hackMe() has been hacked.
hackMe() returned 1
hackMe() has been hacked.
hackMe() returned 2
...

Reference

About

Languages

Language:JavaScript 65.2%Language:HTML 34.8%