History

8 snapshots

Tracking since Apr 16, 2026.

View as table

Date	Users	Rating	Reviews	Version
Apr 16, 2026	5	5.00	2	1.0.0
Apr 27, 2026	6	5.00	2	1.0.0
May 4, 2026	6	5.00	2	1.0.0
May 10, 2026	7	5.00	2	1.0.11
May 15, 2026	10	5.00	2	1.0.11
May 21, 2026	11	5.00	2	1.0.11
May 27, 2026	8	5.00	2	1.0.11
Jun 3, 2026	10	5.00	2	1.0.11
Now	9	5.00	2	1.0.11

Changelog

May 4, 2026

description

# ASS - ASCII Smuggling Surfacer

Browser extension that detects and visualizes invisible Unicode characters used in text steganography & smuggling attacks.

Full-fidelity port of the [`aid`](https://github.com/wunderwuzzi23/aid) Python CLI scanner.

## Features

- 🔍 **50+ invisible character types** — zero-width, directional marks, Unicode tags, variation selectors (VS1–VS256), invisible operators, and more
- 🎯 **Smart severity scoring** — color-coded (info → critical) based on consecutive run length and total volume
- 🏷️ **Unicode tag decoding** — reveals hidden ASCII messages encoded in U+E0000–U+E007F 
- 🌈 **Visual highlighting** — glowing overlays on detected characters with severity colors
- 💬 **Hover tooltips** — character name, code point, run length, category
- 📊 **Category breakdown** — mirrors the Python tool's 10-category classification
- 📋 **Detail panel** — full detection report with highlight occurrence
- 🔓 **Dynamic Payload Decoder** — custom map '0' and '1' bit characters to decode hidden binary back to ASCII
- 🎛️ **Advanced Filtering** — autocomplete, fuzzy search, sequence length limits, and category toggles for granular detection control
- 📤 **Export** — JSON and CSV reports matching the Python output format
- ⚙️ **Configurable** — toggle confusable spaces, control chars (Cc), space separators (Zs)
- ↕️ **Expand All** — instantly expand or collapse all detected hidden text on the page from the detail panel
- 🔒 **Privacy-first** — runs entirely locally, no data collection
- 🛸 **Hitchhiker's Guide Theme** — auto-triggers on high-volume detections with a retro terminal aesthetic and dynamic calming notice

## Usage

1. **Click the ASS icon** in the toolbar
2. **Press "Scan This Page"** in the popup
3. View highlighted invisible characters on the page
4. **Hover** over highlights for character details
5. **Click** highlights to expand decoded text inline
6. **Toggle Detail Panel** for the full report with category breakdown and export
- 🛸 **Consult the Guide** — In Hitchhiker mode, look for the inline link in the header to jump straight to the details

### Settings

| Setting | Default | Description |
|---------|---------|-------------|
| Auto-scan pages | Off | Scan every page automatically |
| Sequence length filter | 1-0 | Min/Max limits for consecutive run highlighting (0 = no max limit) |
| Fuzzy Search | Off | Match all words anywhere in the Detection Filter name or hex code |
| Detect NO-BREAK SPACE | Off | Specifically isolate U+00A0 detection |
| Detect confusable spaces | Off | Thin space, hangul filler, etc. (excludes NBSP if toggled separately) |
| Detect control chars (Cc) | Off | Unicode Cc category (excludes TAB/LF/CR) |
| Detect space separators (Zs) | Off | Unicode Zs category (excludes ASCII space) |
| Auto-Hitchhiker | Off | Automatically switch to the HHG theme on suspicious pages |
| HHG Threshold | 8 | Total code points required to trigger the guide theme |

## Suspicion Levels

| Level | Badge | Condition |
|-------|-------|-----------|
| 🔴 Critical | Red | Consecutive run ≥ 40 |
| 🟠 High | Orange | Run ≥ 10, or total > 100 sparse |
| 🟡 Medium | Yellow | Total 10–100, sparse |
| 🔵 Info | Blue | Total < 10 |

## Detected Character Types

### Always Detected
- **Unicode Tags** (U+E0000–U+E007F) — decoded to ASCII
- **Zero-Width & Joiners** — ZWSP, ZWNJ, ZWJ, Word Joiner, CGJ, ZWNBSP
- **Directional & Bidi Marks** — LRM, RLM, embeddings, overrides, isolates
- **Variation Selectors** — VS1–VS16 (U+FE00–U+FE0F) and VS17–VS256 (U+E0100–U+E01EF)
- **Invisible Operators** — function application, invisible times/separator/plus
- **Deprecated Format Controls** — U+206A–U+206F

### Optional (Settings)
- **NO-BREAK SPACE** — U+00A0
- **Confusable Spaces** — Soft hyphen, quads, thin/hair space, braille blank, hangul filler
- **Control Characters (Cc)** — all Cc except TAB/LF/CR
- **Space Separators (Zs)** — all Zs except ASCII space

## Privacy

This extension processes all data entirely on your device. No data is collected, transmitted, or stored externally. All scanning occurs in your browser's local memory only.

## License

MIT License

## Test Tool for creating hidden text

https://embracethered.com/blog/ascii-smuggler.html

ASS (ASCII Smuggling Surfacer) scans web pages for invisible Unicode characters that are used to hide data inside ordinary-looking text. This includes prompt injection payloads, steganographic messages, and binary-encoded content hidden using techniques like Unicode Tags, Variation Selectors, and zero-width character sequences.

─────────────────────────────────────
HOW TO USE
─────────────────────────────────────

1. Click the ASS icon in the browser toolbar.
2. Click "Scan This Page" in the popup.
3. Any invisible characters found are highlighted on the page with a colored glow.
4. Hover over a highlight to see the character name, code point, run length, and category.
5. Click a highlight to expand decoded text inline.
6. Click "Open Detail Panel" to open the full side panel report.

─────────────────────────────────────
POPUP
─────────────────────────────────────

After a scan, the popup shows:
- Overall suspicion level (Info, Medium, High, or Critical)
- A count per character category (e.g. Zero-Width, Unicode Tags, Variation Selectors)
- A button to open the side panel for the full report

─────────────────────────────────────
DETAIL PANEL
─────────────────────────────────────

The side panel provides the full inspection report. It updates automatically when a scan completes and contains the following sections:

SUMMARY
Shows the suspicion level, the reason for that level, total invisible code point count, unique character count, longest consecutive run, and longest Unicode tag run.

DECODED STRINGS
Lists all decoded plaintext extracted from the page, grouped by encoding method (Unicode Tags, Variation Selectors, Dynamic Payload, etc.).

DETECTION CARDS
Each detected character or consecutive run is shown as a card with:
- Character name and type
- Number of consecutive characters in the run
- Code point(s)
- Decoded text (where applicable)
- Surrounding text context
- A "Highlight occurrence" button that scrolls the page to that detection

EXPAND ALL / COLLAPSE ALL
The "Expand All" button expands every inline decoded text block on the page at once. Clicking it again collapses them.

EXPORT
Results can be exported from the panel header menu in two formats:
- JSON: full structured report
- CSV: one row per detection

─────────────────────────────────────
DYNAMIC PAYLOAD DECODER
─────────────────────────────────────

Some hidden payloads encode binary data by using two different invisible characters to represent 0 and 1. The Dynamic Payload Decoder reconstructs and decodes these binary strings.

To use it:
1. After a scan, open the detail panel.
2. In the Dynamic Payload Decoder section, use the two dropdowns to assign "Char 0" and "Char 1" from the detected characters.
3. The decoder groups consecutive runs of those characters into a binary string and attempts ASCII decoding.
4. Both the selected mapping (Configuration A) and its inverse (Configuration B) are shown.
5. Use the Flip button to swap the two assignments.

If two character types account for more than 50% of the hidden content found, the decoder will auto-suggest them. The auto-suggest threshold is adjustable in settings.

─────────────────────────────────────
DETECTION FILTER
─────────────────────────────────────

The Detection Filter controls which character types are included in or excluded from scan results.

To use it:
1. Type a character name or code point (e.g. "U+200B" or "zero-width") into the filter input.
2. Select a character from the dropdown to add a filter chip.
3. New chips default to Exclude mode, hiding that character type from results.
4. Click the toggle on a chip to cycle through: Exclude, Disabled, and Include.
5. Click × on a chip to remove it.

Category-level toggles allow entire character groups to be included or excluded at once. Fuzzy search mode matches any word in any order against character names and code points.

─────────────────────────────────────
SETTINGS
─────────────────────────────────────

Auto-scan pages (default: off)
Scans each page automatically when it loads.

Detect NO-BREAK SPACE (default: off)
Includes U+00A0 in scan results.

Detect confusable spaces (default: off)
Includes soft hyphen, various spacing quads, thin/hair space, braille blank, and hangul filler.

Detect control characters - Cc (default: off)
Includes all Unicode Cc category characters, excluding TAB, LF, and CR.

Detect space separators - Zs (default: off)
Includes all Unicode Zs category characters, excluding ASCII space.

Sequence length filter (default: min 1, max 0)
Restricts highlighted runs by length. Set a minimum to ignore short isolated characters, or a maximum to focus on short bursts. 0 means no upper limit.

Highlight Style
Controls the visual style of the glow overlay on detected characters.

Visual Profile
Sets the color theme for the side panel UI (Default or Hitchhiker's Guide).

Auto-Hitchhiker (default: off)
Automatically switches the panel to the Hitchhiker's Guide theme when the total code point count exceeds the configured threshold.

HHG Threshold (default: 800)
The number of invisible code points required to trigger auto-Hitchhiker mode.

Fuzzy Search (default: on)
Enables fuzzy word-order matching in the Detection Filter.

─────────────────────────────────────
SUSPICION LEVELS
─────────────────────────────────────

Critical (red): Longest consecutive run of 40 or more invisible characters.
High (orange): Longest run of 10 or more, or more than 100 total sparse characters.
Medium (yellow): 10 to 100 total invisible characters, sparse.
Info (blue): Fewer than 10 total invisible characters.

─────────────────────────────────────
DETECTED CHARACTER TYPES
─────────────────────────────────────

Always detected:
- Unicode Tags (U+E0000–U+E007F), decoded to ASCII
- Zero-width characters: ZWSP, ZWNJ, ZWJ, Word Joiner, CGJ, ZWNBSP
- Directional and Bidi marks: LRM, RLM, embeddings, overrides, isolates
- Variation Selectors: VS1–VS16 (U+FE00–U+FE0F) and VS17–VS256 (U+E0100–U+E01EF)
- Invisible mathematical operators: function application, invisible times, invisible separator, invisible plus
- Deprecated format controls: U+206A–U+206F

Detected when enabled in settings:
- NO-BREAK SPACE: U+00A0
- Confusable spaces: soft hyphen, quads, thin/hair/narrow space, braille blank, hangul filler
- Control characters (Cc): all Cc except TAB, LF, CR
- Space separators (Zs): all Zs except ASCII space (U+0020)

─────────────────────────────────────
PRIVACY
─────────────────────────────────────

All processing runs locally in the browser. No data is sent to external servers. No analytics or telemetry is collected or transmitted.

─────────────────────────────────────
TEST TOOL
─────────────────────────────────────

To create pages with hidden characters for testing:
https://embracethered.com/blog/ascii-smuggler.html

Permissions & access

Permissions: activeTabstoragesidePanelscripting
Host access: None declared

Screenshots

ASS - ASCII Smuggling Surfacer screenshot 1

ASS - ASCII Smuggling Surfacer screenshot 2

ASS - ASCII Smuggling Surfacer screenshot 3

ASS - ASCII Smuggling Surfacer screenshot 4

ASS - ASCII Smuggling Surfacer screenshot 5

About