Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Chrome Google Security Technology

Google's Browser Interception Plugin For Chrome 26

Posted by CmdrTaco
from the mine-now-thanks dept.
An anonymous reader writes "Google has released a passive in-the-browser reconnaissance plugin, called the 'DOM Snitch'. By intercepting JavaScript calls to the browser infrastructure, it detects common cross-site scripting, mixed content and insecure DOM changes. The plugin displays the DOM modifications in real time so developers don't have to pause the application to run an outside debugger. It exports traces for easier collaboration and analysis."
This discussion has been archived. No new comments can be posted.

Google's Browser Interception Plugin For Chrome

Comments Filter:
  • Plug-in is going to be very popular, among the malware purveyors ! looking for some automated way to find all the holes in the websites. Though this is going to create some new exploits in some pages, it is good in the long run. It is essentially spraying red paint on all unlocked cars in a neighborhood. Some cars will be burgled in the short run. But all car owners will start locking their cars, in the long run.
    • A ridiculous concept to be sure, but one that is used in real life. A friend of mine found a note in his car from the local police department asserting that they had burgled his car and that he should lock it. Personally I think he should have gone to the trouble of pressing charges against them, but that's beside the point. It's unfortunate that many people today find this sort of practice acceptable. Neither burglary or website hacking is acceptable regardless of the reason you're doing it. Maybe ne
  • Writting complex webpages is already complex enough withouth having to check against any type of antivirus, "protection" plugin, etc...

    And what protection is a system so one user is not afected, wen all others that use the same page will be afected? Is better to fix the page first.

  • The purpose of this tool is to help make your website not rely on external resources in such a way that it could make your website dangerous if your 3rd party affiliates decide to either exploit your users, or they get their resources hacked into. E.g. you have a form; your form allows custom avatars, someone decides to make a special custom avatar that rewrites the current page to put a custom login area that can steal people's passwords as they log in.
  • Congrats Radi! Looks awesome, and perchance a suitable replacement for that *other* DOM based testing tool that I still use to this day even though the code base is wicked old and uber-outdated. :-)

  • by jkiller (1030766) on Wednesday June 22, 2011 @10:55AM (#36529616)
    You can search for this semi-useful extension with keywords: "Brett Favre plug-in"
  • Only 18 comments? (Score:4, Interesting)

    by Qzukk (229616) on Wednesday June 22, 2011 @10:57AM (#36529664) Journal

    Everyone who uses chrome probably did what I did and ran out to install the extension to see what happens on slashdot.

    Answer: it breaks the fuck out of slashdot whether it's in active, passive, or standby mode, pretty much all of the 2.0ish stuff like replies and opening comments ceases to work (everything opens a new page).

    Uninstalled it and now slashdot is back to the normal level of brokenness. Apparently whatever it does to "inject" all this stuff needs just a little more work to make sure it doesn't disturb the javascript that is already there.

    • forget just slashdot and web 2.0 you can't even load google's encrypted search page with this thing enabled in any form. Google: at the very least test with your own site before releasing to the entire friggin' world!

"If truth is beauty, how come no one has their hair done in the library?" -- Lily Tomlin

Working...