# Chrome Extension

## Jsmon Chrome Extension Guide: Automated JS Reconnaissance

The Jsmon Chrome Extension is your personal, passive reconnaissance tool, designed for security researchers and penetration testers. It automatically captures JavaScript (JS) URLs as you browse and submits them to your Jsmon workspace for real-time analysis, including checking for secrets, API paths, and more.

### 1. Installation

Go to Jsmon Chrome Extension link and click on Add to Chrome button.

{% embed url="<https://chromewebstore.google.com/detail/jsmon-chrome-extension/bhkfnhmplfhhecndkdhinlliibjecfdk>" %}

#### Prerequisites

* A Google Chrome or Chromium-based browser (e.g., Brave, Edge).
* A Jsmon account at `https://jsmon.sh` (to obtain your API Key and Workspace ID).

#### Step-by-Step Installation

1. **Navigate to the Chrome Web Store:** Open your browser and go to the extension link: `https://chromewebstore.google.com/detail/jsmon-chrome-extension/bhkfnhmplfhhecndkdhinlliibjecfdk` .
2. **Add the Extension:** Click the **"Add to Chrome"** or **"Install"** button.
3. **Confirm Installation:** Review the required permissions and click **"Add extension"**.
4. **Pin the Extension:** Click the puzzle piece icon (Extensions menu) in your toolbar, and then click the **Pin** icon next to the Jsmon Extension entry for easy access.

### 2. Configuration and Authentication

The extension needs your credentials to link to your personal workspace.

#### Step 1: Obtain Your API Key and Workspace ID

1. Log into your account on the Jsmon web application at `https://jsmon.sh`.
2. Navigate to the **Settings >** **JSMON API** section.
3. Generate and copy your personal **API Key**.

<figure><img src="/files/mBI5EfYs8psvWl1hPMy5" alt=""><figcaption></figcaption></figure>

#### Step 2: Configure the Extension

1. Click the **Jsmon Extension Icon** in your Chrome toolbar.
2. **Enter API Key:** Paste the API key into the prompt.<br>

   <figure><img src="/files/kH5ROBA8LSpOf9lrWsjv" alt="" width="332"><figcaption></figcaption></figure>
3. **Select Workspace:** The extension will prompt you to select an existing workspace from your account. Choose the workspace where you want the collected JS URLs to be stored.
4. Click **"Start Scanning"** (or a similar button) to save the settings and initialize the connection.\ <br>

   <figure><img src="/files/TQcQqzsXDDnqKHawqQrQ" alt="" width="331"><figcaption></figcaption></figure>

### 3. Usage: Automated JS URL Collection

Once configured, the extension passively monitors your browsing activity.

#### Automated Scanning

1. **Turn On:** Click the **"Turn on"** button (or toggle) inside the extension popup to begin monitoring.
2. **Browse:** As you browse websites, the extension will automatically intercept requests for `.js` files and any file matching Content-Type containing `javascript` and send those URLs to the Jsmon API.
   * **Important Note:** The extension initially captures traffic from **every tab**—including background traffic from sites like Google, YouTube, and analytics beacons. This is why the **Domain Scope Filter** is a critical next step.

#### CRITICAL: Using the Domain Scope Filter

The **Domains in scope** feature is essential for two reasons:

1. **API Consumption:** It prevents you from wasting API calls on irrelevant domains (e.g., Netflix, Amazon) that you are not actively hacking.
2. **Data Cleanliness:** It ensures your workspace is only populated with data relevant to your target domains.

**How to Set the Scope:**

1. In the extension popup, locate the **"Domains in scope"** input field.
2. **Add Target Domains:** Enter the domains you are actively targeting for security research (e.g.,  `acmecorp.com`).
3. **Delimiter:** Use a **comma** (`,`) to separate multiple domains (e.g., `support.acmecorp.com, videos.acmecorp.com`).
4. **Activation:** The extension will now **only** submit JS URLs that match the specified domains, drastically reducing noise and saving API usage.

### 4. Viewing and Querying Results (On the Web App)

All data collected by the Chrome Extension is sent to your chosen Jsmon workspace dashboard for detailed analysis.

1. **View URLs:** Navigate to the **JS URLs** section on the Jsmon web app to see the list of collected JavaScript files.
2. **Analysis:** The platform automatically performs reconnaissance on these files and provides results under:
   * **JS Intelligence**
   * **Keys & Secrets**

By properly setting up the scope, the Jsmon Chrome Extension becomes a highly efficient tool for passive JS reconnaissance, ensuring you capture all relevant JS assets without exceeding your API limits.

<a href="https://cal.com/jsmon/30min" class="button primary" data-icon="calendar-days">Want to learn more? Schedule a meeting with Jsmon Team!</a>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://knowledge.jsmon.sh/documentation/extensions/chrome-extension.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.