This matter started from the previous research on grabbing Moutai software. Recently, out of curiosity, I wanted to write various scripts of Moutai, but since there are open source ones, I don’t want to write them myself, so I just made a hand out party. But the turning point of the incident occurred. Now the comments on github say that the script is not easy to use. JD.com changed the interface, so it started to capture packets by itself. Changed, and then NB one. Inadvertently discovered something, every link I visited JD.com in the packet capture was sent back to this website with parameters by a mysterious non-JD domain name link, which caught my attention.
Where did this mysterious link come from?
Open the browser, turn on the debugging mode, open a shopping link on JD.com, turn on the debugging mode, refresh, and grab the execution result
Under the network in debug mode, find the suspicious link, click it, and click initiator (meaning the initiator) in the right label, and find this suspicious browser plug-in
The browser plug-in is "Baidu library download this plug-in for free"
This plug-in was installed by me before, but I didn’t uninstall it. I wanted to download some things from Baidu Library that required points to download, because I didn’t have any points and I was reluctant to spend money. Then I found this plug-in and installed it. Tested, the result was not easy to use, and I forgot uninstalled, so it stayed.
After analyzing, what does this js do?
1. Download the rules and get some rules in its own background, such as the links of Jingdong, Taobao, Suning and other major e-commerce platforms
2. Change the link on the page, and change the product link into a link with your own promotion
Pages without plugins, product links without promotion
With the plug-in browser, the product is added with a promotional link
3. Send the clicked link back to the plug-in's own server
This operation is unacceptable to me. It is no problem for me to use your plug-in to promote and make money for me, but why do you upload my records? (guess for statistics)
In the end, I checked the domain name back, and it belonged to an employee of a large factory, who had also published books. I don't know much about the browser plug-in industry. Is this the norm for browser plug-ins?
In conclusion
1. Don't use unknown browser plug-ins casually, close or remove them in time if you don't need them;
2. There are permission controls in the browser plug-in settings, and many default to all websites. For example, the plug-in mentioned today should select the specified website, so that it will not appear that all websites have the right to modify it.
The practice of this browser plug-in is strikingly similar to the rumored news that QQ will scan your browser records a few days ago.
There are a lot of browser plug-ins on the market now, which greatly facilitate our efficiency, but at the same time, we may do some small tricks, because it has too many permissions, and there is no place in the browser plug-in to indicate that it is satisfying you. It will do some other functions at the same time, which caused me to be very unhappy after I found out, and I have deleted this browser plug-in.
If you have installed a lot of browser plug-ins, hurry up and take a look.
