基于XPCOM代理的浏览器扩展行为分析技术研究

文章通过对Firefox浏览器提供给浏览器扩展调用的XPCOM（Cross Platform Component Object Module）组件进行分析,发现浏览器扩展的主要功能都要通过调用XPCOM组件得以实现。本文在对Firefox的源代码进行分析的基础上,通过添加、修改其XPCOM组件部分的源代码,实现对浏览器扩展调用的XPCOM组件的劫持功能,从而可以获知浏览器扩展在Firefox中运行时的实时行为。     

CFan通辑令

漏洞再现:Firefox侧栏脚本注入漏洞 影响系统:Firefox　1.0.2前所有版本 漏洞分析:随着Firefox浏览器被越来越多的人使用,它的漏洞也慢慢显露出来,最近又发现一个新的漏洞—Firefox的侧边栏脚本允许远程代码执行。当用户在侧边栏中将恶意网页标记为书签的时候就会出现问题,恶意网页会打开特权页面,通过运行JavaScript程序,利用用户的权限就可以执行任意代码,如果代码中夹带着木马等程序,电脑就会被恶意攻击者远程控制。 补“洞”办法:官方已经发布了Firefox1.0.2版的浏览器,修补了上述漏洞,建议用户升级。如果不能升级新版本的浏览器建议…     

CFan安全信息榜

补丁公告:Firefox更新版本公告补丁相关:Firefox浏览器作为与IE竞争的主要对手在近2年的时间内占领了不少用户市场,随着使用范围的增大,与之相关的安全漏洞也被频繁地发现,最近Mozilla公司针对Firefox浏览器在针对HTML解析引擎存在的解析特制HTML代码时会出现空指针引用,导致浏览器崩溃问题推出了相关的补丁程序。该版本的更新修补了Firefox浏览器在处理HTML代码过程中可能出现的致命错误,从而避免了被恶意攻击者进行攻击的可能。此次更新适用于Firefox1.0.7以下版本以及当前广大用户使用的1.0.7版本。补丁下载:http://www.mozilla.…     

CFan通辑令

漏洞再现:IE和Firefox皆未幸免的浏览器漏洞影响系统:IE6.0、Firefox1.14等多种流行的浏览器漏洞分析:网络上常见的浏览器都受这次发现的钓鱼式攻击的影响,原因是由于JavaScript不显示或包含其他的来源。如一个广为人知网站的访问者被恶意钓鱼攻击者诱骗在一个并非来自本网站的     

打造属于你的浏览器 Firefox扩展程序精选

新一代浏览器Firefox安全、易用并支持标签浏览方式,不过,在使用时你是否发现它缺少其他浏览器上常用的一些功能?没关系,通过Firefo扩展程序,不论是IE还是Maxthon和Opera上的特色功能,甚至是在各种浏览器上流行的扩展功能,你都能够在Firefox上实现。     

让Firefox 3推荐更多的插件

数量众多的扩展程序(插件),让Firefox浏览器的功能变得十分强大。作为最新的Firefox3的一个新功能,在软件的附加组件中多了一个推荐附加组件(扩展     

让Firefox启动不再假死

在使用Firefox浏览器的过程中,我们都或多或 少会安装一些扩展插件来增强功能,但部分插件占用 系统资源比较多,启动浏览器时会出现假死现象。其 实,你可以为Firefox创建一个桌面快捷方式,然后右     

备份Firefox的广告屏蔽列表

Firefox现在被视为IE浏览器最大的竞争对手,由于它支持扩展插件以及多标签浏览等多项实用的功能,很多朋友纷纷视它为自己的主打浏览器。而Firefox高手玩家们都喜欢使用AdblockPlus这款插件程序来屏蔽一些广告网页     

Firefox 4移动版正式发布,全新功能抢先看

3月29日,Mozilla在全球同步发布其首款正式版Firefox 4移动浏览器。Firefox4 Mobile是Mozilla基金会自桌面版的Firefox之后推出的一款基于Android平台和Maemo平台的手机和平板设备专用浏览器。它充分的利用了Android和Maemo平台多屏切换功能,创造性地将可视化的多标签设计在主屏幕的左侧,而将其他功能和扩展项设计在屏幕的右侧,从而在最有效利用手机屏幕的同时．让Firefox4Mobile成为了一款真正实用方便的多标签手机浏览器。     

移动Firefox《电脑爱好者》定制

为什么许多人不喜欢Firefox CFan移动Firefox界面没有Maxthon漂亮,有点简陋,有点土选择了评价非常高的界面主题,并依照IE及流行的第三方浏览器重新设置了工具栏本身功能比较弱,想用好,还得安排功能扩展,麻烦预置了20多个最流行、最实用的扩展,不用再单独安装有些网页浏览不正常通过IETab扩展,只要单击相应按钮就能直接在Firefox中使用IE核心浏览网页Firefox其他特点:完全绿色、完全移动,复制到任意目录或U盘中即可运行;浏览速度超快,通过扩展功能与Maxhton不相上下,甚至更强;根据大量资料对Firefox进行了核心调整与优化,内存占用更少…     

浏览器取证技术

随着信息时代的来临,一些不法分子在实施犯罪之前往往会上网查询信息,他们所用的浏览器便成了司法机关取证的关键. 能否提取有效的犯罪线索或证据,取决于浏览器取证方法的好坏,本文介绍了目前主流的火狐浏览器、IE浏览器的取证技术,概述了IE缓存文件和基于SQLite数据库的火狐浏览器历史系统的日志文件结构,提出了信息恢复方法. 通过对已删除日志文件或缓存文件信息提取,来达到获取证据的目的,分析用户的行为.     

Enhancing web browser security against malware extensions

In this paper we examine security issues of functionality extension mechanisms supported by web browsers. Extensions (or “plug-ins”) in modern web browsers enjoy unrestrained access at all times and thus are attractive vectors for malware. To solidify the claim, we take on the role of malware writers looking to assume control of a user’s browser space. We have taken advantage of the lack of security mechanisms for browser extensions and implemented a malware application for the popular Firefox web browser, which we call browserSpy, that requires no special privileges to be installed. browserSpy takes complete control of the user’s browser space, can observe all activity performed through the browser and is undetectable. We then adopt the role of defenders to discuss defense strategies against such malware. Our primary contribution is a mechanism that uses code integrity checking techniques to control the extension installation and loading process. We describe two implementations of this mechanism: a drop-in solution that employs JavaScript and a faster, in-browser solution that makes uses of the browser’s native cryptography implementation. We also discuss techniques for runtime monitoring of extension behavior to provide a foundation for defending threats posed by installed extensions.     

WhiteScript: Using social network analysis parameters to balance between browser usability and malware exposure

Drive-by-download malware exposes internet users to infection of their personal computers, which can occur simply by visiting a website containing malicious content. This can lead to a major threat to the user’s most sensitive information. Popular browsers such as Firefox, Internet Explorer and Maxthon have extensions that block JavaScript, Flash and other executable content. Some extensions globally block all dynamic content, and in others the user needs to specifically enable the content for each site (s)he trusts. Since most of the web-pages today contain dynamic content, disabling them damages user experience and page usability, and that prevents many users from installing security extensions. We propose a novel approach, based on Social Network Analysis parameters, that predicts the user trust perspective for the HTML page currently being viewed. Our system examines the URL that appears in the address bar of the browser and each of the inner HTML URL reputations, and only if all of them have a reputation greater than our predetermined threshold, it marks the webpage as trusted. Each URL reputation is calculated based on the number and quality of the links on the whole web pointing back to the URL. The method was examined on a corpus of 44,429 malware domains and on the top 2000 most popular Alexa sites. Our system managed to enable dynamic content of 70% of the most popular websites and block 100% of malware web-pages, all without any user intervention. Our approach can augment most browser security applications and enhance their effectiveness, thus encouraging more users to install these important applications.     

DOMtegrity: ensuring web page integrity against malicious browser extensions

In this paper, we address an unsolved problem in the real world: how to ensure the integrity of the web content in a browser in the presence of malicious browser extensions? The problem of exposing confidential user credentials to malicious extensions has been widely understood, which has prompted major banks to deploy two-factor authentication. However, the importance of the “integrity” of the web content has received little attention. We implement two attacks on real-world online banking websites and show that ignoring the “integrity” of the web content can fundamentally defeat two-factor solutions. To address this problem, we propose a cryptographic protocol called DOMtegrity to ensure the end-to-end integrity of the DOM structure of a web page from delivering at a web server to the rendering of the page in the user’s browser. DOMtegrity is the first solution that protects DOM integrity without modifying the browser architecture or requiring extra hardware. It works by exploiting subtle yet important differences between browser extensions and in-line JavaScript code. We show how DOMtegrity prevents the earlier attacks and a whole range of man-in-the-browser attacks. We conduct extensive experiments on more than 14,000 real-world extensions to evaluate the effectiveness of DOMtegrity.

     

Web前端开发技术研究

阐述Web前端开发相关技术等,主要聚焦于基于Web浏览器编程的前端开发技术和标准,内容包括HTML/XHTML、层叠样式表(CSS)、文档对象模型(DOM)、JavaScript、跨浏览器开发、Firefox扩展开发以及Web站点设计与维护等。     

Web前端开发技术研究

阐述Web前端开发相关技术等．主要聚焦于基于Web浏览器编程的前端开发技术和标准,内容包括HTML／XHTML、层叠样式表（CSS）、文档对象模型（DOM）,JavaScript、跨浏览器开发、Firefox扩展开发以及Web站点设计与维护等。     

基于dom4j转换XML为XHTML页面的方法

跨库检索系统的SRU接口返回的检索结果是XML文件流。IE浏览器可以解析该文件流,根据XSLT文件,自动转换为XHTML文件流,显示检索结果。但是,Firefox,Google Chrome浏览器却无法解析这个XML文件流,它们显示的是非标准格式的文本文字,用户无法查看检索结果。为了使这些浏览器能正常显示检索结果,采用dom4j的应用开发接口,应用XSLT文件,把XML文件流转换为XHTML文件流,从而使检索结果能在Firefox,Google Chrome浏览器上正常显示。     

利用Firefox浏览器实现基于IPv6的WWW服务器的访问

在现有阶段,如何实现由IPv4向IPv6过渡以及由此而产生的过渡机制成为了一个研究热点。考虑到Firefox是一个免费的、跨Windows,MacOSX及Linux等平台的浏览器,即以Firefox浏览器技术为立足点,以Java语言作为开发工具,Windows操作系统作为平台,在双协议栈主机中,借鉴传统的IPv4传输层代理机制,对IPv4和IPv6协议进行转换,利用socket的独立于网络协议的特性,通过软件的编写,修改socket套接字中的某些参数,让代理服务器调用系统的IPv6协议栈来通信,实现接入IPv6。