Bug: Extension breaks WebSocket/Socket connections on all websites
Description
When the RSC Detector extension is enabled, it causes socket errors on websites that rely on WebSocket connections (e.g. speedtest.net, online games, live dashboards). The affected sites show errors like:
DOWNLOAD TEST ERROR — A socket error occurred during the download test. A firewall could be blocking the connection or the server might be having some issues.
This happens on every site even when the user is not actively using the extension's exploit feature.
Root Cause
The bug is in rules.json. The declarativeNetRequest rule is always active from the moment the extension is installed. It strips the Origin header and modifies the Referer header on all XHR requests across all websites:
{
"condition": {
"urlFilter": "*",
"resourceTypes": ["xmlhttprequest"]
},
"action": {
"type": "modifyHeaders",
"requestHeaders": [
{ "header": "Origin", "operation": "remove" },
{ "header": "Referer", "operation": "set", "value": "Referer-modified-value" }
]
}
}WebSocket upgrade handshakes require a valid Origin header. When the extension strips it, the server rejects the connection — causing socket failures on sites like speedtest.net.
These header modifications are only needed during the RCE exploit request (performExploit()), NOT for passive scanning or fingerprinting.
Steps to Reproduce
- Install the RSC Detector extension
- Navigate to https://speedtest.net
- Click Go to start a speed test
- Observe: "DOWNLOAD TEST ERROR: A socket error occurred"
- Disable the extension → refresh → speed test works normally
Expected Behavior
The extension should only modify request headers when the user actively clicks the EXEC button to run the exploit. All other browsing should be completely unaffected.
Proposed Fix
- Empty
rules.json to [] — remove the always-on rule
- In
background.js, use chrome.declarativeNetRequest.updateDynamicRules() to add the header-stripping rule only when an exploit starts, and remove it immediately after using try/finally
- In
content.js, wrap the exploit fetch with exploit_start / exploit_end messages to background.js
This way the Origin header is only stripped for the single exploit request, and all other site traffic is completely unaffected.
Environment
- Chrome (any recent version)
- Extension version: 1.0
- OS: Any
Severity
High — This bug affects normal browsing on all websites whenever the extension is installed, regardless of whether the user is actively using any exploit features.
Bug: Extension breaks WebSocket/Socket connections on all websites
Description
When the RSC Detector extension is enabled, it causes socket errors on websites that rely on WebSocket connections (e.g. speedtest.net, online games, live dashboards). The affected sites show errors like:
This happens on every site even when the user is not actively using the extension's exploit feature.
Root Cause
The bug is in
rules.json. ThedeclarativeNetRequestrule is always active from the moment the extension is installed. It strips theOriginheader and modifies theRefererheader on all XHR requests across all websites:{ "condition": { "urlFilter": "*", "resourceTypes": ["xmlhttprequest"] }, "action": { "type": "modifyHeaders", "requestHeaders": [ { "header": "Origin", "operation": "remove" }, { "header": "Referer", "operation": "set", "value": "Referer-modified-value" } ] } }WebSocket upgrade handshakes require a valid
Originheader. When the extension strips it, the server rejects the connection — causing socket failures on sites like speedtest.net.These header modifications are only needed during the RCE exploit request (
performExploit()), NOT for passive scanning or fingerprinting.Steps to Reproduce
Expected Behavior
The extension should only modify request headers when the user actively clicks the EXEC button to run the exploit. All other browsing should be completely unaffected.
Proposed Fix
rules.jsonto[]— remove the always-on rulebackground.js, usechrome.declarativeNetRequest.updateDynamicRules()to add the header-stripping rule only when an exploit starts, and remove it immediately after usingtry/finallycontent.js, wrap the exploit fetch withexploit_start/exploit_endmessages to background.jsThis way the
Originheader is only stripped for the single exploit request, and all other site traffic is completely unaffected.Environment
Severity
High — This bug affects normal browsing on all websites whenever the extension is installed, regardless of whether the user is actively using any exploit features.