Hacker News new | ask | show | jobs
by tyingq 2743 days ago
Interesting. Browser plugins, by nature, include source code. I wonder if there's an easy fix. Can you describe the issue in a little more detail?
2 comments
tln 2743 days ago
Password managers usually use native messaging, ie a native helper app

https://developer.chrome.com/apps/nativeMessaging

link
paul167 2743 days ago
I took a shot at building a browser plugin for 1pass [1] a little while back.

Turns out, the hardest thing is not the crypto or the browser to app communication, but parsing the HTML to accurately find the login forms. If I remember correctly, the browser plugin on Mac actually sends the entire HTML to the app for parsing. The parser is probably quite complicated and they avoid reimplementing it in extensions that way.

[1] https://medium.com/@paulsc/making-a-1password-client-15dd39a...

link
tyingq 2743 days ago
Of course that also protects the IP :)

Also, great post. I love reading reverse engineering stories.

link