AI 产品解读Secure password input control bridge for Chinese banking websites — connects web pages on adbc.com.cn and hellotech.com.cn to a native secure edit control application via Chrome's native messaging API.
Protects user passwords from keyloggers and screen capture malware by delegating password input to a native OS-level secure edit control, rather than using standard browser text fields.
1. User navigates to a banking page on *.adbc.com.cn or *.hellotech.com.cn. 2. Content script injects a DOM element signaling extension presence. 3. Banking web page detects the element and sends a 'connect' message via chrome.runtime.sendMessage to the extension. 4. Extension establishes a native messaging port to the locally installed CFCA secure edit control host. 5. Banking page requests secure input operations; extension relays them to native host. 6. Native host renders a secure input field (OS-level, resistant to keyloggers) and returns encrypted results. 7. Extension relays results back to the web page via content script custom events.
Acts as a communication bridge between banking web pages and a native secure edit control host applicationSignals extension presence to supported banking websites via a DOM element injectionRelays messages bidirectionally: web page ↔ extension ↔ native host via chrome.runtime.connectNativeSupports multiple concurrent connections with connection sequence trackingProvides callback event dispatching from native host back to web page content scripts
- 目标用户
- Customers and employees of ADBC (Agricultural Development Bank of China) using online banking / Users of hellotech.com.cn financial services / Any user required to install CFCA secure edit control for financial website access in China
- Extension is very small (7 files, ~15KB) with minimal surface area — low risk of hidden paid/login features, but also limited UI to inspect.
- The native messaging host application is not included in this package and cannot be analyzed — it may have its own login/licensing requirements.
- CFCA (China Financial Certification Authority) is a well-known Chinese PKI provider; the extension is a standard companion component but we cannot verify the native host's behavior from source alone.
付费分析未识别到付费功能
No payment, subscription, billing, license check, premium tier, or upgrade UI exists anywhere in the extension source. The 'pro' keyword hits are from variable names like 'productID = "com.cfca.seceditctl.adbc"' (content.js:1) and verified_contents.json hashes — all false positives. The extension is a free security utility companion component provided by CFCA for banking website integration.
- 置信度
- 95
- 支付平台
- --
- 来源
- AI / 高
- 需要登录
- 否
- 登录理由
- The extension itself implements no login, authentication, or account mechanism. It acts as a communication bridge between banking web pages and a native messaging host. The 'auth' keyword hit in manifest.json is from '"author": "CFCA"' (line 8) — a false positive. The destination banking websites (adbc.com.cn) likely require their own login, but the extension code contains no login enforcement.
