Open
Conversation
Member
|
Thanks for your interest in palantir/phishcatch, @Agrejus! Before we can accept your pull request, you need to sign our contributor license agreement - just visit https://cla.palantir.com/ and follow the instructions. Once you sign, I'll automatically update this pull request. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Added functionality to capture ChatGPT API requests and user inputs. To capture what users send to ChatGPT, we needed to intercept network requests and read their bodies. This is challenging in Chrome extensions due to security restrictions. The chrome.webRequest.onBeforeRequest API can intercept requests but doesn't expose request bodies, so we can't read POST payloads. Given this, I came up with two alternative approaches:
I ended up choosing monkey patching. Monkey patched fetch and XHR in the MAIN world content script using the @rxliuli/vista library. This allows intercepting requests before they're sent, cloning requests to read their bodies, filtering for ChatGPT conversation endpoints, extracting user inputs from the request payload, and sending the data to the background service worker via window.postMessage (since MAIN world scripts don't have direct access to chrome.runtime APIs). The content script (interceptor) runs in "world": "MAIN" to access the page's JavaScript context, otherwise monkey patching will not work. We use a discriminated union type system for type-safe message passing. Requests are filtered by URL pattern (chatgpt.com + /conversation endpoint). We parse ChatGPT's request format to extract user message inputs. This approach requires careful implementation to comply with Chrome Web Store policies, I would have to double check and see if monkey patching fetch and XHR would be an issue. The extension only intercepts requests to specific endpoints and processes data locally before sending alerts to the server.
Once the intercepted data is processed in the background service worker, alerts are sent to the server via POST requests to the /alert endpoint (e.g., http://localhost:8000/alert). The alert payload uses a discriminated union type system with two main alert types: CredentialAlert (for password reuse, DOM hash, user reports, etc.) and ConversationAlert (for ChatGPT conversation intercepts). The server validates the pre-shared key (PSK) and processes each alert type accordingly. Failed alerts are stored locally and retried automatically, with old alerts being filtered out during cleanup. The server endpoint is configured via the extension's config and can be set to any server URL.