Google's Browser Interception Plugin For Chrome 26
An anonymous reader writes "Google has released a passive in-the-browser reconnaissance plugin, called the 'DOM Snitch'. By intercepting JavaScript calls to the browser infrastructure, it detects common cross-site scripting, mixed content and insecure DOM changes. The plugin displays the DOM modifications in real time so developers don't have to pause the application to run an outside debugger. It exports traces for easier collaboration and analysis."
Re: (Score:3)
Herp derp. I don't understand DOM debugging tools so I am gonna assume it is malicious.
Protip: if you're so concerned about Chrome(ium) having backdoors for Google, don't use it. There are many other browsers to choose from.
Hint: this is a service similar to what Noscript provides, except Noscript stops them while this feature highlights where it may be possible.
Re: (Score:2)
This is the great thing about 2011, after all. Back a decade or so ago, saying "Concerned about IE? Don't use it." was just unrealistic for many web apps.
I, for one, welcome our new open, competitive overlords.
Plug-in is going to be very popular. (Score:2)
Re: (Score:1)
Re: (Score:1)
Please, no. (Score:2)
Writting complex webpages is already complex enough withouth having to check against any type of antivirus, "protection" plugin, etc...
And what protection is a system so one user is not afected, wen all others that use the same page will be afected? Is better to fix the page first.
Re: (Score:2)
Re: (Score:2)
Oh... you are right. Seems a extension for the existing panels on the browser.
It'd be interesting to have a security audit (Score:2)
This is a tool for website designers! (Score:1)
Congrats (Score:1)
Congrats Radi! Looks awesome, and perchance a suitable replacement for that *other* DOM based testing tool that I still use to this day even though the code base is wicked old and uber-outdated. :-)
Interceptions... (Score:3, Funny)
Only 18 comments? (Score:4, Interesting)
Everyone who uses chrome probably did what I did and ran out to install the extension to see what happens on slashdot.
Answer: it breaks the fuck out of slashdot whether it's in active, passive, or standby mode, pretty much all of the 2.0ish stuff like replies and opening comments ceases to work (everything opens a new page).
Uninstalled it and now slashdot is back to the normal level of brokenness. Apparently whatever it does to "inject" all this stuff needs just a little more work to make sure it doesn't disturb the javascript that is already there.
Re: (Score:2)