Skip to content

bad-antics/nullsec-discord-browser-shield

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
src
src
 
 
styles
styles
 
 
README.md
README.md
 
 
manifest.json
manifest.json
 
 
popup.html
popup.html
 
 

Repository files navigation

NullSec Discord Browser Shield 🛡️

Browser extension to protect Discord Web from token theft, XSS attacks, and malicious scripts.

Features

🚫 Request Blocking

  • Webhook Exfiltration: Blocks attempts to send tokens to Discord webhooks
  • Suspicious Domains: Blocks requests to known data exfiltration services
  • Token Detection: Identifies and blocks token theft attempts

🔒 Client-Side Protection

  • Script Injection Guard: Monitors and blocks malicious script injection
  • Iframe Protection: Prevents clickjacking attacks
  • Form Hijack Prevention: Blocks form action tampering
  • Clipboard Protection: Monitors copy/paste for token leakage

🛠️ API Hardening

  • Fetch Hook: Monitors all fetch() requests for token exfiltration
  • XHR Hook: Protects XMLHttpRequest from abuse
  • WebSocket Guard: Monitors WebSocket connections
  • Eval Protection: Detects suspicious eval() usage

Installation

Chrome/Edge

  1. Download or clone this repository
  2. Go to chrome://extensions
  3. Enable "Developer mode"
  4. Click "Load unpacked"
  5. Select the extension folder

Firefox

  1. Go to about:debugging
  2. Click "This Firefox"
  3. Click "Load Temporary Add-on"
  4. Select manifest.json

How It Works

Discord Web Page
       ↓
┌─────────────────────────┐
│  Content Script         │  ← Monitors DOM, blocks injections
│  - MutationObserver     │
│  - Event listeners      │
└─────────────────────────┘
       ↓
┌─────────────────────────┐
│  Injected Script        │  ← Hooks APIs, blocks exfiltration
│  - fetch() hook         │
│  - XHR hook             │
│  - WebSocket hook       │
└─────────────────────────┘
       ↓
┌─────────────────────────┐
│  Background Worker      │  ← Monitors network requests
│  - webRequest API       │
│  - Threat logging       │
└─────────────────────────┘

Blocked Threats

Threat Type Protection
Token Grabbers API hooks prevent exfiltration
Webhook Theft Request blocking
XSS Attacks Script injection monitoring
Clickjacking Iframe blocking
Clipboard Hijack Copy/paste monitoring
Eval Injection Function hooking

Configuration

Click the extension icon to access settings:

  • Toggle webhook blocking
  • Toggle token exfiltration protection
  • Toggle script injection guard
  • View threat statistics

Privacy

This extension:

  • ✅ Runs entirely locally
  • ✅ No data sent to external servers
  • ✅ No analytics or tracking
  • ✅ Open source

License

MIT License - Part of NullSec Linux project

About

Browser extension for Discord Web token protection

Topics

chrome-extension security privacy discord firefox-extension browser-extension nullsec token-protection

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages