So I got someone trying to crack my plugin by just inspecting the fetch object: which is for me very clever the way it was done, It thought me something new, so what would you suggest for more protection? I know this is a game between crackers and us and is exciting to learn new ways of security:
This is the code that the hacker tried, and is so funny he didn’t even removed the emojis from ChatGPT…
// --- START OF SAFE INSPECTOR v2 ---
try {
// Save the original fetch function as soon as it becomes available
const originalFetch = fetch;
// Replace it with our own version
fetch = function(url, options) {
console.log('\n=====================================');
console.log('🚀 UXP request intercepted!');
console.log(`URL: ${url}`);
console.log(`Options: ${JSON.stringify(options, null, 2)}`);
if (options && options.body) {
try {
// Attempt to decode the request body for easier reading
const decodedBody = JSON.parse(options.body);
console.log(`Body (decoded): ${JSON.stringify(decodedBody, null, 2)}`);
} catch (e) {
console.log(`Body (not JSON): ${options.body}`);
}
}
console.log('=====================================\n');
// IMPORTANT: Call the original fetch function so the plugin continues to work normally
return originalFetch(url, options);
};
console.log("--- SAFE INSPECTOR ACTIVATED ---");
} catch (e) {
console.error("Error while activating inspector:", e);
}
// --- END OF INSPECTOR ---
// ... your original code from index.js continues below ...
The fact that someone bypasses our security is an opportunity to learn new layers of security.
Don’t just relly on ChatGPT giving you ways to protect your code, try different things to make it more difficult to crack.