n8endpoint

n8endpoint.dev

3.0 (

2 ratings

)

Extension Developer Tools 289 users

3 out of 5

2 ratings

Learn more about results and reviews.

Ben Borseth Sep 11, 2025

Does what it says. Would be great if you could gather multiple endpoints together from multiple pages before exporting them in one export.

Yousef Biutrig Sep 1, 2025

Detect that the user is on a login page. Display a popup alerting the user that they have been logged out and need to log back in. Disable the real 1Password extension. Replace the malicious extension's logo with the 1Password logo and also replace its name with "1Password". When the malicious extension opens, show the fake 1Password login UI and hide the injected popup. On submit, send the credentials to the attacker's server. Close the fake 1Password popup. Re-enable the real 1Password exte... Show more

3 out of 5 found this helpful

Ashok Monks Developer Sep 1, 2025

n8endpoint has no login or account system, it does not disable other extensions, and it never collects or sends credentials. The behaviour you described is not possible with our code or permissions. What the code actually does: Manifest: required permissions are activeTab and scripting. Optional permissions are downloads and storage, with optional host access <all_urls>. There is no management permission, no background service worker, and nothing that could alter or disable other extensions. Popup UI: a simple scan and export interface with no sign-in forms or authentication flows. Popup logic: when you click Enable it may request optional permissions, when you click Scan it injects a one-shot content script, and it can export a JSON via chrome.downloads. There are no fetch or XHR calls, no data exfiltration, and no use of chrome.management. Content script: reads visible text on the current page to find HTTP methods and URLs, then returns matches to the popup. It uses no Chrome APIs, makes no network calls, and does not modify the DOM in a way that resembles a login.