[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

GoTestPro

Version 2.3.3 View in Chrome Web Store

Last scanned: about 3 hours ago

Extension Details

Rating: 5.0 ★ (1 rating)

Users: 101

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension has extremely limited trust indicators with only 101 users and a single 5-star rating, which is insufficient to establish credibility. The lack of developer information, company details, and recent update history raises significant red flags. The name "GoTestPro" suggests testing functionality, but no clear description is provided to validate its legitimate purpose.

Concerns:

This extension exhibits numerous alarming characteristics that suggest potential malicious intent. The debugger permission is particularly concerning as it allows manipulation of other extensions and deep system access. The combination of broad host permissions covering all URLs, unlimited content script injection capabilities, and web navigation tracking creates a perfect storm for data theft and privacy violations. The downloads permissions could enable unauthorized file access or malicious file distribution. The extensive permission set far exceeds what most legitimate testing tools would require.

Recommendations:

Do not install this extension under any circumstances. The risk profile is too severe for safe use even in an isolated environment. If testing functionality is genuinely needed, seek well-established alternatives from reputable developers with transparent documentation and substantial user bases. The combination of excessive permissions, minimal user adoption, and lack of developer transparency strongly suggests this could be malware disguised as a testing tool.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: debugger

This extension has the debugger permission. Can debug and manipulate other extensions/apps. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: downloads

This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webNavigation

This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

MEDIUM

Medium-Risk Permission: unlimitedStorage

This extension has the unlimitedStorage permission. Can store unlimited data locally.

Security Analysis Details

Required Permissions:

storage
tabs
debugger
activeTab
notifications
contextMenus
webNavigation
downloads.shelf
downloads
scripting
unlimitedStorage
downloads.open
declarativeNetRequest
declarativeNetRequestWithHostAccess

Host Permissions:

<all_urls>
http://*/*
https://*/*
file://*

Embedded URLs (224 total):

http://purl.org/dc/elements/1.1/	http://creativecommons.org/ns#
http://www.w3.org/1999/02/22-rdf-syntax-ns#	http://www.w3.org/2000/svg
http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd	http://www.inkscape.org/namespaces/inkscape
http://purl.org/dc/dcmitype/StillImage	http://svg-edit.googlecode.com/
http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd	https://bit.ly/3cXEKWf
http://www.w3.org/1999/xhtml	https://github.com/ajaxorg/ace/issues/2312
https://github.com/gitbrent/bootstrap-switch-button-react	https://github.com/gitbrent
https://github.com/webpack-contrib/style-loader#insertat	https://reactjs.org/docs/error-decoder.html?invariant=
https://getbootstrap.com/	https://github.com/twbs/bootstrap/blob/main/LICENSE
http://mobius.ovh/docs/selectr	http://jmespath.org
http://jmespath.org/tutorial.html	https://ace.c9.io/
http://json-schema.org/draft-07/schema	http://json-schema.org/schema
https://raw.githubusercontent.com/ajv-validator/ajv/master/lib/refs/data.json#	https://github.com/ajv-validator/ajv/blob/master/lib/definition_schema.js
http://json-schema.org/draft-07/schema#	http://json-schema.org/draft-04/schema#
http://json-schema.org/draft-06/schema#	http://fb.me/use-check-prop-types
http://www.w3.org/1999/xlink	http://www.w3.org/XML/1998/namespace
http://www.w3.org/1998/Math/MathML	https://git.io/JUIaE#
https://redux.js.org/Errors?code=	https://github.com/uuidjs/uuid#getrandomvalues-not-supported
https://github.com/nodejs/node/wiki/Intl	https://github.com/indutny/elliptic/issues
https://github.com/indutny/elliptic	https://github.com/crypto-browserify/crypto-browserify
https://example.com	https://github.com/microsoft/playwright.git
https://playwright.dev	https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads
https://support.microsoft.com/en-us/help/3145500/media-feature-pack-list-for-windows-n-editions	https://playwright.azureedge.net
https://playwright-akamai.azureedge.net	https://playwright-verizon.azureedge.net
https://edgeupdates.microsoft.com/api/products	https://github.com/baruchvlz/resq/blob/5c15a5e04d3f7174087248f5a158c3d6dcc1ec72/src/utils.js#L29
https://github.com/openssl/openssl/blob/master/README-PROVIDERS.md#the-legacy-provider	https://github.com/nodejs/node/issues/40672#issuecomment-1243648223
https://github.com/jestjs/jest	https://jestjs.io/docs/configuration#testenvironment-string
https://aka.ms/playwright/expect-compatibility	http://foo.com
http://foo.com/	https://github.com/facebook/regenerator/blob/main/LICENSE
https://github.com/babel/babel/issues/14056	https://bugs.chromium.org/p/v8/issues/detail?id=3334
http://babeljs.io/docs/plugins/external-helpers/	http://babeljs.io/docs/plugins/transform-react-jsx/
http://babeljs.io/docs/plugins/#modules	http://babeljs.io/docs/plugins/preset-react/
http://babeljs.io/docs/plugins/#presets	https://babeljs.io/docs/en/babel-core/#options
https://babeljs.io/docs/en/options#filename	https://github.com/thlorenz/convert-source-map#upgrading
https://babeljs.io/docs/configuration#print-effective-configs	https://github.com/babel/babel/tree/main/packages/babel-plugin-syntax-async-do-expressions
https://github.com/babel/babel/tree/main/packages/babel-plugin-syntax-decimal	https://github.com/babel/babel/tree/main/packages/babel-plugin-syntax-decorators
https://github.com/babel/babel/tree/main/packages/babel-plugin-proposal-decorators	https://github.com/babel/babel/tree/main/packages/babel-plugin-syntax-do-expressions
https://github.com/babel/babel/tree/main/packages/babel-plugin-proposal-do-expressions	https://github.com/babel/babel/tree/main/packages/babel-plugin-syntax-export-default-from
https://github.com/babel/babel/tree/main/packages/babel-plugin-proposal-export-default-from	https://github.com/babel/babel/tree/main/packages/babel-plugin-syntax-flow
https://github.com/babel/babel/tree/main/packages/babel-preset-flow	https://github.com/babel/babel/tree/main/packages/babel-plugin-syntax-function-bind

Page 1 of 3

Raw Manifest

{
  "name": "GoTestPro",
  "icons": {
    "16": "img/icon.png",
    "48": "img/icon.png",
    "128": "img/icon.png"
  },
  "action": {
    "default_icon": {
      "19": "img/icon.png",
      "38": "img/icon.png",
      "128": "img/icon.png"
    },
    "default_title": "GoTest Pro"
  },
  "version": "2.3.3",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Achieve End-to-End Automation Testing with GoTestPro",
  "permissions": [
    "storage",
    "tabs",
    "debugger",
    "activeTab",
    "notifications",
    "contextMenus",
    "webNavigation",
    "downloads.shelf",
    "downloads",
    "scripting",
    "unlimitedStorage",
    "downloads.open",
    "declarativeNetRequest",
    "declarativeNetRequestWithHostAccess"
  ],
  "content_scripts": [
    {
      "js": [
        "lib/jquery.min.js",
        "lib/cssesc.js",
        "lib/targetSelector.js",
        "lib/xpath.js",
        "contentScript.js"
      ],
      "module": "true",
      "run_at": "document_end",
      "matches": [
        "<all_urls>"
      ],
      "all_frames": true,
      "match_about_blank": true
    },
    {
      "js": [
        "execute.js"
      ],
      "world": "MAIN",
      "module": "true",
      "run_at": "document_end",
      "matches": [
        "<all_urls>"
      ],
      "all_frames": true,
      "match_about_blank": true
    }
  ],
  "host_permissions": [
    "<all_urls>",
    "http://*/*",
    "https://*/*",
    "file://*"
  ],
  "manifest_version": 3,
  "externally_connectable": {
    "matches": [
      "http://dev-gtp.royalcyber.org/*",
      "https://dev-gtp.royalcyber.org/*",
      "http://localhost:4200/*",
      "https://eu.gotestpro.com/*",
      "https://app.gotestpro.com/",
      "https://dev.gotestpro.com/",
      "https://prod.gotestpro.com/",
      "https://rcsolutiondev.service-now.com/"
    ]
  },
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "lib/alertScripts.js",
        "lib/pdf.js",
        "lib/pdf.worker.js"
      ]
    }
  ]
}

by ✦ Astarte

GoTestPro

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (224 total):

Raw Manifest

Detections

Manifest Findings