avatarAndre Camillo, CISSP

Summary

A non-developer attempts to create a Chromium-based browser extension with AI assistance, detailing the process and encountered challenges.

Abstract

The article describes the journey of a non-developer seeking to create a Chromium-based browser extension from scratch with the help of AI. The purpose of the extension is to provide network information without relying on unverified and potentially risky third-party extensions. The author outlines the process in six steps, with the initial steps focusing on determining the purpose and setting up the development environment. They encounter various challenges, such as outdated packages and JSON issues, while trying to create the extension's basic structure. The author also discusses the use of AI to support the project and highlights the potential of AI as a valid tool for assisting in such endeavors.

Opinions

  • The author believes that creating a browser extension can be a daunting task without AI assistance.
  • They express concern over the lack of major providers' extensions in the store, leading to reliance on unverified extension providers.
  • The author emphasizes the importance of security and user privacy when developing browser extensions.
  • They suggest using AI to support and assist in the development process.
  • The author points out the potential risks of using unverified extensions, as demonstrated by the high-risk score of an extension from ipinfo.io in a vulnerability management test.
  • They mention that publishing an extension requires creating an account and following the guidelines and requirements for publishing on the Chrome Web Store.
  • The author concludes that with AI assistance, realizing what one wishes is possible.

Is it Possible to Create a Chromium-based Browser Extension from Scratch with the help of AI?

Chromium metal — or CR on the periodic table of Elements

Ok, so here’s the deal, for some time now I’ve wanted to create a Browser extension based on Open Source, completely trustworthy from a verification perspective.

Its job is to provide network information, to avoid having to use a PowerShell script to AWS’ API or open up a new browser tab just to ask “What’s my IP address”. An extension should spit that out for me whenever I want, period.

The biggest issue is that there aren’t any major providers’ extensions in the store, so we end up having to rely on sketchy and unverified extension providers… Lots of 5 stars, yeah — but none have Open Source and/or are focused on security nor user privacy.

I’ve taken one of these (from ipinfo.io) through a browser extension risk check using Microsoft Defender for Endpoints’ Vulnerability Management and found that it seems to be pretty high risk :

Within Extensions, “Website Access Permissions” are used by Chrome extensions to specify which websites the extension can access and interact with. These permissions are declared in the extension’s manifest file and determine what data and features the extension can access on the specified websites.

There are lots of APIs that offer this information, so gathering the data isn’t an issue, but mostly: How to build and publish a Chromium-based Browser extension, for a non-developer?

Said project would be daunting, should we live in a world where we relied on books and search based web (i.e. 2021). But it’s the year 2023 and AI has taken over as a valid way to support and ASSIST (I wouldn’t say lead yet) such projects. And this is what I want to test in this article.

Step 1. How to create a Browser extension?

I asked ChatGPT and here’s the answer:

1. Determine the purpose and functionality of your extension: Before you begin building your extension, it’s important to determine what you want it to do and what functionality it should have. This will help you determine the necessary tools and resources you will need.

2. Set up your development environment: You will need a few tools to start developing your extension, including a code editor, a browser, and a way to test your extension. For Chrome extensions, you will need to use the Chrome browser and enable developer mode in the browser settings.

3. Create the basic structure of your extension: Your extension will need some basic files and directories, including a manifest file, background scripts, and HTML and CSS files for the user interface.

4. Write the code: The code for your extension will depend on its purpose and functionality. You may need to use JavaScript, HTML, and CSS to build the user interface and functionality of your extension.

5. Test and debug your extension: Once you have built your extension, you will need to test it to ensure that it works as expected. Use the Chrome browser’s developer tools to debug any issues you encounter.

6. Publish your extension: Once your extension is ready to be released, you will need to publish it on the Chrome Web Store. You will need to create an account and follow the guidelines and requirements for publishing your extension.

Right… so:

Step “1” is done.

Step “2” is also done, in my Dev rig I use VS code and a Chromium-based browser already and intending to use IPinfo.io as the backend provider.

Installed Node.js, with Chocolatey, Python (for the sake of doing it) and GIT to complement my setup.

Just missing some packages that are needed (after learning in upcoming steps) — so added webpack-dev-server and had to move on with this warning, attempting to run

npm audit fix - - force

didn’t solve the issue.

Had to troubleshoot some fun issues —

With which chatGPT had some thoughts

At this stage, I was unable to pinpoint the issue (might be an outdated implementation?) I switched to a different github repo for Chome extention boilerplate: lxieyang/chrome-extension-boilerplate-react: A Chrome Extensions boilerplate using React 18 and Webpack 5. (github.com)

Indeed, this repo has less outdated packages:

And could be “fixed”:

Trying to run it led to some JSON issue:

Which I could validate the actual character issue with: JSON Online Validator and Formatter — JSON Lint

P.S.: Performing some IT Vendor Risk Management here, who’s ipinfo.io? And what security controls do they implement/abide to?

I don’t have access to a platform check, so relying on public signals here…

According to their own website, ipinfo.io:

Step “3” — I need more details on this… so back to asking it and here are the “deets”:

Manifest file: The manifest file is a JSON file that provides information about your extension, such as its name, version number, description, and icons. It also includes permissions that your extension needs to access certain features or data in the browser. The manifest file is a required component of every Chrome extension.

Background scripts: Background scripts are JavaScript files that run in the background of the browser and provide functionality for your extension. These scripts can be used to respond to events, interact with the browser’s APIs, and communicate with other components of your extension.

HTML and CSS files: If your extension includes a user interface, you will need to create HTML and CSS files to define the layout and styling of your interface. You can use these files to create pop-ups, menus, or other UI components that allow users to interact with your extension.

Other files and directories: Depending on the complexity of your extension, you may need to create other files and directories to support its functionality. For example, you may need to create JavaScript files to handle specific events or interactions, or images to be used as icons or other UI elements.

This seems like a lot of stuff… so wonder if there are templates for these… surely on GitHub! And here’s the answer:

An example is the “Chrome Extension Boilerplate” template, which includes a more extensive set of files and directories to help you build a robust and scalable Chrome extension. This template includes several components, such as a background script, content script, popup UI, options page, and several utility scripts for handling common tasks like storage and messaging.

These templates are open source and can be customized to meet your specific needs. There are also many other templates and frameworks available that can help you get started with building a Chrome extension, depending on your level of experience and the complexity of your project.

Beautiful, looking for this on the web I bumped on FreeCodeCamp’s video on how to build a Chrome extension — added to my sources list…

Build a Chrome Extension — Course for Beginners — YouTube

It was quite helpful and led me to this GitHub page with some code templates.

GitHub — samuelsimoes/chrome-extension-webpack-boilerplate at react

After modifying the GitHub template and a few tweaks I had a working test extension:

And this took me 3 hours on a Sunday afternoon — fun days.

What’s still left to do

At least the following:

4. Write the code: The code for your extension will depend on its purpose and functionality. You may need to use JavaScript, HTML, and CSS to build the user interface and functionality of your extension.

5. Test and debug your extension: Once you have built your extension, you will need to test it to ensure that it works as expected. Use the Chrome browser’s developer tools to debug any issues you encounter.

6. Publish your extension: Once your extension is ready to be released, you will need to publish it on the Chrome Web Store. You will need to create an account and follow the guidelines and requirements for publishing your extension.

I’d say this would take at least another 6 hours for proper learning, testing and validation.

A task I might leave for another day.

For now, though, I can conclude that with AI assistance, realizing what you wish is possible.

Learn more about my Cloud and Security Projects: https://linktr.ee/acamillo

Consider subscribing to Medium (here) to access more content that will empower you!

Thank you for reading and leave your thoughts/comments!

./references

Scattered throughout the document

How to Build a Chrome Extension (freecodecamp.org)

Development
Security
Beginner
AI
ChatGPT
Recommended from ReadMedium
avatarBenedict Neo
Roadmap to Learn AI in 2024

A free curriculum for hackers and programmers to learn AI

11 min read
avatarArtturi Jalli
I Built an App in 6 Hours that Makes $1,500/Mo

Copy my strategy!

3 min read
avatarFabio Matricardi
Llama3 is out and you can run it on your Computer!

After only 1 day from the release, here is how you can run even on your Laptop with CPU only the latest Meta-AI model.

8 min read
avatarKelvin
The Best Laptop for Cyber Security in 2024 🔐

This One If For All My IT People

10 min read
avatarVatsal Saglani
Llama 3 + Groq is the AI Heaven

Llama 3 shines on Groq with blazing generation

9 min read
avatarHazel Paradise
How I Create Passive Income With No Money

many ways to start a passive income today

5 min read