Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google's Browser Interception Plugin For Chrome

CmdrTaco posted more than 3 years ago | from the mine-now-thanks dept.

Chrome 26

An anonymous reader writes "Google has released a passive in-the-browser reconnaissance plugin, called the 'DOM Snitch'. By intercepting JavaScript calls to the browser infrastructure, it detects common cross-site scripting, mixed content and insecure DOM changes. The plugin displays the DOM modifications in real time so developers don't have to pause the application to run an outside debugger. It exports traces for easier collaboration and analysis."

cancel ×

26 comments

Sorry! There are no comments related to the filter you selected.

Blah blah blah (-1, Troll)

Anonymous Coward | more than 3 years ago | (#36527664)

blah blah blah evil blah blah blah

Re:Blah blah blah (-1, Offtopic)

somersault (912633) | more than 3 years ago | (#36527746)

Blah blah blah I don't understand the summary blah blah blah.

Re:Blah blah blah (0)

Anonymous Coward | more than 3 years ago | (#36527762)

This doesn't seem evil. I don't really understand it's usefulness, but it sounds like it could be to some.

Re:Blah blah blah (-1)

Anonymous Coward | more than 3 years ago | (#36527786)

yeah they should intercept and drop a google analtics in there.

captcha monopoly

Re:Blah blah blah (2)

Shikaku (1129753) | more than 3 years ago | (#36527828)

Herp derp. I don't understand DOM debugging tools so I am gonna assume it is malicious.

Protip: if you're so concerned about Chrome(ium) having backdoors for Google, don't use it. There are many other browsers to choose from.

Hint: this is a service similar to what Noscript provides, except Noscript stops them while this feature highlights where it may be possible.

Re:Blah blah blah (1)

bondsbw (888959) | more than 3 years ago | (#36528506)

This is the great thing about 2011, after all. Back a decade or so ago, saying "Concerned about IE? Don't use it." was just unrealistic for many web apps.

I, for one, welcome our new open, competitive overlords.

Re:Blah blah blah (0)

Anonymous Coward | more than 3 years ago | (#36529182)

No no, it should go like this:

BWAAAA!.... BWAAAA!dim-dum dim-dum dim-dum dim-dumBWAAAA!...

Oh wait interception. My Bad.

Plug-in is going to be very popular. (1)

140Mandak262Jamuna (970587) | more than 3 years ago | (#36527868)

Plug-in is going to be very popular, among the malware purveyors ! looking for some automated way to find all the holes in the websites. Though this is going to create some new exploits in some pages, it is good in the long run. It is essentially spraying red paint on all unlocked cars in a neighborhood. Some cars will be burgled in the short run. But all car owners will start locking their cars, in the long run.

Re:Plug-in is going to be very popular. (1)

kelemvor4 (1980226) | more than 3 years ago | (#36529952)

A ridiculous concept to be sure, but one that is used in real life. A friend of mine found a note in his car from the local police department asserting that they had burgled his car and that he should lock it. Personally I think he should have gone to the trouble of pressing charges against them, but that's beside the point. It's unfortunate that many people today find this sort of practice acceptable. Neither burglary or website hacking is acceptable regardless of the reason you're doing it. Maybe next they'll go around raping women to prove that the women should have been carrying mace and stun guns? Oh wait, I think they do that in Libya right now...

DOM DOM (0)

Anonymous Coward | more than 3 years ago | (#36527910)

Damn It! I thought this said inception plugin!

Re:DOM DOM (1)

silverglade00 (1751552) | more than 3 years ago | (#36530758)

You can always write a plugin for the plugin. Problem solved!

Please, no. (1)

Tei (520358) | more than 3 years ago | (#36527970)

Writting complex webpages is already complex enough withouth having to check against any type of antivirus, "protection" plugin, etc...

And what protection is a system so one user is not afected, wen all others that use the same page will be afected? Is better to fix the page first.

Re:Please, no. (0)

Anonymous Coward | more than 3 years ago | (#36528010)

I believe the point is for web developers to use this plugin to fix their pages, so, er, I don't see the problem.

Re:Please, no. (1)

thePowerOfGrayskull (905905) | more than 3 years ago | (#36528078)

To be fair the summary is poorly written; the initial description implied that it could be used exactly as GP thought it was intended.

Re:Please, no. (1)

Tei (520358) | more than 3 years ago | (#36528530)

Oh... you are right. Seems a extension for the existing panels on the browser.

It'd be interesting to have a security audit (1)

VincenzoRomano (881055) | more than 3 years ago | (#36528300)

on the plugin itself.

This is a tool for website designers! (1)

subanark (937286) | more than 3 years ago | (#36528360)

The purpose of this tool is to help make your website not rely on external resources in such a way that it could make your website dangerous if your 3rd party affiliates decide to either exploit your users, or they get their resources hacked into. E.g. you have a form; your form allows custom avatars, someone decides to make a special custom avatar that rewrites the current page to put a custom login area that can steal people's passwords as they log in.

NoScript? (0)

Anonymous Coward | more than 3 years ago | (#36528766)

Is this the api or hooks that NoScript needs to finally come the chrome?

Congrats (1)

MikePikeFL (303907) | more than 3 years ago | (#36528862)

Congrats Radi! Looks awesome, and perchance a suitable replacement for that *other* DOM based testing tool that I still use to this day even though the code base is wicked old and uber-outdated. :-)

Using Firefox for this since a while (0)

Anonymous Coward | more than 3 years ago | (#36529368)

Firefox has such plugins to detect XSS, etc since years (noscript, requestpolicy and many others)
Just mentioning as the article makes it sound like you couldnt do it before

Interceptions... (3, Funny)

jkiller (1030766) | more than 3 years ago | (#36529616)

You can search for this semi-useful extension with keywords: "Brett Favre plug-in"

Re:Interceptions... (0)

Anonymous Coward | more than 3 years ago | (#36531588)

I live in Minnesota you insensitive clod!

Only 18 comments? (3, Interesting)

Qzukk (229616) | more than 3 years ago | (#36529664)

Everyone who uses chrome probably did what I did and ran out to install the extension to see what happens on slashdot.

Answer: it breaks the fuck out of slashdot whether it's in active, passive, or standby mode, pretty much all of the 2.0ish stuff like replies and opening comments ceases to work (everything opens a new page).

Uninstalled it and now slashdot is back to the normal level of brokenness. Apparently whatever it does to "inject" all this stuff needs just a little more work to make sure it doesn't disturb the javascript that is already there.

Re:Only 18 comments? (1)

datapharmer (1099455) | more than 3 years ago | (#36531068)

forget just slashdot and web 2.0 you can't even load google's encrypted search page with this thing enabled in any form. Google: at the very least test with your own site before releasing to the entire friggin' world!

Re:Only 18 comments? (0)

Anonymous Coward | more than 3 years ago | (#36531174)

In Google's defense, the plugin is labeled "experimental."

Re:Only 18 comments? (0)

Anonymous Coward | more than 2 years ago | (#36538674)

did not RTFA but this sounds like passive reconnaissance at its finest.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>