Firefox, SQLite and DOM, oh my…

June 25, 2008

I want to preface the following withLions, Tigers and Bears, oh my.

  1. I am probably late to the party and everybody already know all about this and
  2. There probably isn’t any issue here.  Just got me to thinking.

I was reading the Firefox’s Super Cookies post on the CERIAS Blog and it made me go hmmm. You should go read Pascal’s post first because it is an interesting bit o’ info, but here are the bits that are germane to my thoughts.

First:

DOM storage allows web sites to store all kinds of information in a persistent manner on your computer, much like cookies but with a greater capacity and efficiency.

Then:

To find out what information web sites store on your computer using DOM storage (if any)

and:

You should find a file named “webappsstore.sqlite”. To view the contents in human readable form, install sqlite3

So, this makes me think there is a sql interface somewhere in Firefox.  In light of all the SQL injections issues recently, I just have to wonder what kind of fun might exist here.

Kevin

Photo by annarchy1

Advertisements

Firekeeper – How did I miss this one

March 27, 2008

I can’t remember where I saw this yesterday, it may have been on Internet Storm Center. Anywho, there is a Firefox add-on/extension/thingy called Firekeeper. From their webpage at Firekeeper – detect and block malicious sites.

Firekeeper is an Intrusion Detection and Prevention System for Firefox. It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts. Rules can also be used to effectively filter different kinds of unwanted content.
Features of Firekeeper include:

  • Ability to scan HTTP(S) request URL, response headers and body, and to cancel processing of suspicious requests
  • Encrypted and compressed responses are scanned after decryption/decompression
  • Privacy friendly – no data is send to external servers, all scanning is done on the local computer
  • Very fast pattern matching algorithm (taken directly from Snort).
  • Interactive, verbose alerts that give an ability to choose a response to detected attack attempt.
  • A detailed view of suspicious response headers and body
  • Event logging
  • Ability to use any number of files with rules and to automatically load files from remote location.

I have played around with it a bit and it is quite nifty.

Caveat: It breaks twitterfox. I will be posting a bug report about that.

-Kevin