0

I am working on a chrome extension that auto fills and logins the user to a local hosted web based software that unfortunately runs on http(and there is no way to change that), to perform specific automated tasks through the extension. During every login, Chrome browser redirect's to "Form is insecure" page and there is no way to access it through the content script, so that I can perform a click operation on the "Send anyway" button on that page and proceed further to my actual website.

Whatever data or message I send from background script is only received after I manually click the "Send anyway" button. I even tried choosing to "allow" the insecure content on browser's privacy setting for the particular URL of my website but no luck. Is there anyway to get around this? A way to programmatically access the button or permanently disable browser from redirecting to this.

  • 1
    Extensions can't do it after it happened, but maybe you can simply modify the `action` URL in the form beforehand? – wOxxOm Jul 14 '23 at 20:33
  • Unfortunately I don't have access to modify the software that we are using. – Karthik Vishwanath Jul 15 '23 at 01:36
  • 1
    It should be possible in your extension's content script. – wOxxOm Jul 15 '23 at 05:58
  • I will give that a shot. If you don't mind explaining a bit more, what would I need to be potentially modifying in the `action`? And on another track, do you think whether it would be possible to use `chrome.scripting` to execute `keydown` events to get to the button? – Karthik Vishwanath Jul 15 '23 at 22:39
  • Insecure means the action URL is http and not https, so maybe you can trivially replace it. As for events, there are lots of examples around. You can also just do `elem.click()`. – wOxxOm Jul 16 '23 at 04:28
  • Yeah, I checked and its weird. There is no `form` that its using, so it seems like its running a script to fetch the login data and is being redirected to a http page. And I tried injecting a script file and ran few basic commands to this specific tab, but no luck. Like I mentioned, content script can't access the page to begin with so can't run any events where I get the specific elements from the page. – Karthik Vishwanath Jul 17 '23 at 01:36
  • 1
    Your content script should be able to access the original page **before** redirection and fix its problem. To see how the redirection occurs you can set a breakpoint on navigation events: https://puu.sh/JLykq/6f022deca6.png – wOxxOm Jul 17 '23 at 04:40

0 Answers0