RoPro - Enhance Your Roblox ExperienceSecurity Analysis

Dynamically creates script elements, potentially loading external malicious code.

Dynamically sets a script's src attribute to load external code at runtime.

Listens for keyboard events, a common technique used by keyloggers.

Decodes base64 data, commonly used to hide malicious payloads.

Makes HTTP requests to external servers, may be used for data exfiltration.

Sends messages via Chrome runtime, could communicate with external services.

Uses XMLHttpRequest to make network calls.

Modifies window.location to redirect the user, potentially to phishing or malicious pages.

Fetches external URL: https://api.ropro.io/disabledFeatures.php

Line exceeds 5000 characters (entropy: 5.0516372676538905)

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

Sets innerHTML directly, which can lead to XSS if used with untrusted data.

Reads or writes to localStorage, which may contain sensitive site data.

String with entropy 5.71 bits — may be encoded/encrypted data

js/libraries/jquery-3.5.1.min.js