JavaScript Injection – Manipulate Objects

I want to inject JavaScript to a website locally via address bar.
The purpose is to make some modifications of the website only for me.

What is the correct way to find and then manipulate objects / variables? Especially when the JS is obfuscated.

Say, I know for sure there has to be an instance of a certain class which has a certain method.
F12 both on Chrome and on FF did not help me too much but maybe I am doing something wrong.

To be more precise, I will give a real problem.
This website is an open source chess server.
It uses an open source library to represent a board (github).
I know for sure that there has to be a move() method.

Now the question is simple: how do I find this instance and calling move() in order to programmatically move pieces?

Patch javascript app.js in chrome (extention)

I have a website in which the app.js (react) is obfuscated.

I found the function I need, it is wrapped in a lot of callbacks.

Task: Access this function from my extention.

I do:

  1. I am defining a global variable: var myVar;

  2. I put a breakpoint in the right place: debugger;

  3. In the developer console I assign the value of the function to the variable: myVar = a (‘dfegtrgr’).D().Cddf

  4. In the Extension, I can use myVar.Сddf()

It is necessary to automate this. How to do this, what options?

  1. How can I get the function “a (‘dfegtrgr’). D (). Cddf”?

  2. Is it possible to patch app.js from userscript / background.js to insert “myVar = a(‘dfegtrgr’).D().Cddf”?

app.js when loading a page has a new name, so chrome script override is not suitable. I need to find a script for the fragment of interest in the function (for example, e = gg [‘dd’])

How can Web App disable CSS or Javascript browser add-on or extension?

I am looking for how to disable css or javascript code injection of the browsers’ plugins in our web app.

As an example, when we use Facebook’s messenger app at www.messenger.com, the site disables most of the browser’s plugins or extensions. How can I implement such control in our web app?

Thanks in advance. Regards.

How Facebook Messenger Web App disable CSS or Javascript browser add-on or extension?

I am looking for how to disable css or javascript code injection of the browsers’ plugins in our web app.

As an example, when we use Facebook’s messenger app at www.messenger.com, the site disables most of the browser’s plugins or extensions. How can I implement such control in our web app?

Thanks in advance. Regards.

Chrome extension architecture with code injection (code obtained from an external server)

I need to develop an chrome extension to perform scraping on certain web pages of our customers in the private area of ​​each user once logged on those web pages (all this always under the approval of the user informing him at all times the data that will be obtained). Each of our clients has a different website and the necessary scraping code is different for each of the clients. Every month we get new clients, so we have to develop the necessary scraping script for new clients. In addition, the information obtained from scraping will be sent by the extension to our REST web service for storage in a database.

To avoid having to generate a new version of the extension every time we develop the scraping script of the new clients, I had thought of developing a web service of type REST that the extension would initially consult, and that would return the URLs of all the clients, along with all the scripts associated with each client. In this way, we would only make a version of the extension and the scraping script would store it in a database and return it to the extension through the web service indicated above and the extension would inject it as a content script using the chrome.tabs.executeScript() method. Once the scraping is done, the result would be sent by the extension to the corresponding web service.

Would the architecture that I have commented be feasible in terms of security? If it is not, what options do I have? This project is very important for my company and I have to look for the right options.

Is there a problem with the injection of javascript code stored in our external system?

Is there a problem with sending the information obtained by scraping to our external server for storage?

I am very worried about all this, can someone help me?

Thank you very much in advance.