Most security extensions just block a threat and move on. I always wondered — *okay, but who's actually behind this?
So I built something that answers that. It's a Chrome extension paired with a small backend that runs on your machine. When it detects something suspicious, it automatically cleans up your session and quarantines the tab — no clicking required. And instead of just saying "this is dangerous," it tries to trace the attack back to where it's really coming from.
It's a student project. It works, but it's definitely not perfect.
What I need from you
- Try to use it and tell me what breaks
- Report bugs (GitHub Issues are open)
- Tell me honestly what's confusing or missing
- Ideas for what you'd want a tool like this to do
Everything you need is in the README — setup is one command.
Any feedback at all helps. Even "I couldn't get it running" is useful to me. Thanks in advance!
Top comments (3)
Student project that quarantines tabs AND traces attack sources? That's more than most production tools I've seen. I'm in QA — happy to poke at it over the weekend. One question: how does it handle single-page apps where the 'page load' event doesn't fire the same way? Would love to see if your auto-quarantine catches XSS in dynamically injected scripts.
If I am being honest, I haven't tested SPA yet properly.
The extension currently listens to page load events, so you might be onto a real gap there. Dynamically injected scripts slipping through is exactly the kind of thing I'd love to know about.
Please do poke at it — break it if you can. I'd rather know now than later. Drop anything you find in the GitHub Issues, and I'll look at every single one.
I am grateful for the insight you have provided me
Respect the honesty on SPA coverage. page load events + dynamic injection is a real gap — I'll poke at it when I get a chance. Good luck with the project 🙌