Opener Detector

Checks for window.opener vulnerabilities as you browse.

What is Opener Detector?

Opener Detector is a Chrome extension developed by Harry Cutts, and its main feature is "Checks for window.opener vulnerabilities as you browse.".

Extension Screenshots

screenshot

Download Opener Detector Extension CRX File

Download Opener Detector extension files in crx format, manually install Chrome extensions in the browser, or share the crx files with friends to easily install Chrome extensions.

Extension Usage Instructions

                        A simple browser extension which checks for window.opener vulnerabilities as you browse. When it finds one, it shows a warning page in the vulnerable tab, so that you can report or fix the vulnerability. (Use the back button to return to the page.) Individual pages and whole domains can be added to an ignore list, and by default, vulnerabilities between pages of the same origin (e.g. https://example.com/foo.html and https://example.com/bar.html) are not reported, though this can be changed in the settings.

window.opener vulnerabilities allow Web pages to control the tab which opened them. They can be fixed on many browsers simply by adding rel=noopener to your links. For more details, check out Mathias Bynens' article (https://mathiasbynens.github.io/rel-noopener/).

Please use responsibly. Disclose vulnerabilities you find, or fix them. Keep your hat white.

Source code is available on GitHub (https://github.com/HarryCutts/opener-detector), under the 3-clause BSD license. Contributions welcome!

Extension Basic Information

Name Opener Detector Opener Detector
ID glgmjdmfggnngmedfgccfdbhdjlfafin
Official URL https://chromewebstore.google.com/detail/opener-detector/glgmjdmfggnngmedfgccfdbhdjlfafin
Description Checks for window.opener vulnerabilities as you browse.
File Size 29.94 KB
Installation Count 77
Current Version 1.0.0
Last Updated 2017-09-04
Publish Date 2017-09-03
Rating 5.00/5 Total 1 Ratings
Developer Harry Cutts
Payment Type free
Supported Languages en
manifest.json 
{
    "update_url": "https:\/\/clients2.google.com\/service\/update2\/crx",
    "manifest_version": 2,
    "name": "Opener Detector",
    "version": "1.0.0",
    "description": "Checks for window.opener vulnerabilities as you browse.",
    "homepage_url": "https:\/\/github.com\/HarryCutts\/opener-detector",
    "icons": {
        "48": "icons\/icon.png",
        "96": "icons\/[email protected]"
    },
    "permissions": [
        "storage"
    ],
    "options_ui": {
        "page": "options.html"
    },
    "content_scripts": [
        {
            "matches": [
                ""
            ],
            "js": [
                "lib\/browser-polyfill.min.js",
                "config.js",
                "check.js"
            ]
        }
    ],
    "web_accessible_resources": [
        "vuln_report_page.html"
    ]
}

Related Extensions

Check for .git directory existence
Check for .git directory existence
Scripter debugger extension
Scripter debugger extension
PERS - The Passive Expired Resource Scanner
PERS - The Passive Expired Resource Scanner
GitHub submodule links
GitHub submodule links
Git Mining
Git Mining
captureCalls
captureCalls
DOM-JSON Tree Matcher
DOM-JSON Tree Matcher
Investigate with Lacework
Investigate with Lacework
PhishBlock
PhishBlock
Plugin Vulnerabilities
Plugin Vulnerabilities
No Opener, No Phishers
No Opener, No Phishers
Privacy Crawler
Privacy Crawler