Browser extension to protect Discord Web from token theft, XSS attacks, and malicious scripts.

• Webhook Exfiltration: Blocks attempts to send tokens to Discord webhooks
• Suspicious Domains: Blocks requests to known data exfiltration services
• Token Detection: Identifies and blocks token theft attempts

• Script Injection Guard: Monitors and blocks malicious script injection
• Iframe Protection: Prevents clickjacking attacks
• Form Hijack Prevention: Blocks form action tampering
• Clipboard Protection: Monitors copy/paste for token leakage

• Fetch Hook: Monitors all fetch() requests for token exfiltration
• XHR Hook: Protects XMLHttpRequest from abuse
• WebSocket Guard: Monitors WebSocket connections
• Eval Protection: Detects suspicious eval() usage

1. Download or clone this repository
2. Go to chrome://extensions
3. Enable "Developer mode"
4. Click "Load unpacked"
5. Select the extension folder

1. Go to about:debugging
2. Click "This Firefox"
3. Click "Load Temporary Add-on"
4. Select manifest.json

Discord Web Page
       ↓
┌─────────────────────────┐
│  Content Script         │  ← Monitors DOM, blocks injections
│  - MutationObserver     │
│  - Event listeners      │
└─────────────────────────┘
       ↓
┌─────────────────────────┐
│  Injected Script        │  ← Hooks APIs, blocks exfiltration
│  - fetch() hook         │
│  - XHR hook             │
│  - WebSocket hook       │
└─────────────────────────┘
       ↓
┌─────────────────────────┐
│  Background Worker      │  ← Monitors network requests
│  - webRequest API       │
│  - Threat logging       │
└─────────────────────────┘

Click the extension icon to access settings:

• Toggle webhook blocking
• Toggle token exfiltration protection
• Toggle script injection guard
• View threat statistics

This extension:

• ✅ Runs entirely locally
• ✅ No data sent to external servers
• ✅ No analytics or tracking
• ✅ Open source

MIT License - Part of NullSec Linux project