Hello! I’m trying to learn about MM, in particular how the credentials is stored safely in chrome.storage.session. I’m running the extension locally and tried to remove the scuttling done by Lavamoat, but I still cannot access the session data via chrome.storage.session.get(null) or similar in the console. Any help would be appreciated!
This following works for showing local encrypted data, which indicates I’ve turned off scuttling:
globalThis.chrome.storage.local.get(data, result => {
var vault = result.data.KeyringController.vault;
console.log(vault);
});
but I cannot get access to the password stored in globalThis.chrome.storage.local in a similar fashion. Are there multiple scuttling layers and I’ve not turned them all off perhaps?
Hi 0xroosh, thanks, but that is just a description of V3 Manifest, which MM uses indeed. My question is more about how to disable scuttling because I’ve disabled Lavamoat according to the instructions I’ve found out there, but I still cannot access chrome.storage.session even though I would think it’d be possible. I’m doing this for educational purposes and to try to learn how to apply Lavamoat to my own project.