Security/Plug-n-hack: Difference between revisions
< Security
Jump to navigation
Jump to search
(Created page with "Current Documentation can be found [https://developer.mozilla.org/en-US/docs/Plug-n-Hack here]") |
(Added content on pnh plans) |
||
| Line 1: | Line 1: | ||
Plug-n-hack is an effort to make your browser play nicely with the security tools you use. | |||
Current Documentation can be found [https://developer.mozilla.org/en-US/docs/Plug-n-Hack here] | Current Documentation can be found [https://developer.mozilla.org/en-US/docs/Plug-n-Hack here] | ||
'''Plans''' | |||
Plug-n-hack is an ongoing effort. | |||
* Phase 1 (q2/3 2013): | |||
** Allow a browser to be configured to use a security tool with minimal effort | |||
** Allow tool configurations to be managed | |||
** Allow tool functionality to be exposed via browser UI | |||
* Phase 2 (q3/q4 2013): | |||
** Provide some access to the DOM from external security tools via a probe (e.g. injected via bookmarklet or by a security proxy) | |||
*** PostMessage interception / replay | |||
*** Event inspection | |||
* Phase 3 (q4 2013): | |||
** Define configurations and interfaces for browser analogs of the existing probe functionality | |||
** Provide an example implementation | |||
'''Tool support''' | |||
Browser support for PnH is provided by the Ringleader Firefox extension which can be found [https://github.com/mozmark/ringleader here]. | |||
A (fairly rudimentary) implementation of the DOM probe for external applications exists [https://github.com/mozmark/Plug-n-Hack here] | |||
A number of tools make use of Plug-n-hack, notably: | |||
* [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP ZAP] (Phase 1 support complete, partial support for phase 2 and 3) | |||
* [http://blog.portswigger.net/2013/09/burp-support-for-firefox-plug-n-hack.html BURP] (Phase 1 support) | |||
* [http://blog.tunnelshade.in/2013/08/plug-n-hack-support-in-owtf-d.html OWTF] (Phase 1 support) | |||
Revision as of 16:03, 7 January 2014
Plug-n-hack is an effort to make your browser play nicely with the security tools you use.
Current Documentation can be found here
Plans
Plug-n-hack is an ongoing effort.
- Phase 1 (q2/3 2013):
- Allow a browser to be configured to use a security tool with minimal effort
- Allow tool configurations to be managed
- Allow tool functionality to be exposed via browser UI
- Phase 2 (q3/q4 2013):
- Provide some access to the DOM from external security tools via a probe (e.g. injected via bookmarklet or by a security proxy)
- PostMessage interception / replay
- Event inspection
- Provide some access to the DOM from external security tools via a probe (e.g. injected via bookmarklet or by a security proxy)
- Phase 3 (q4 2013):
- Define configurations and interfaces for browser analogs of the existing probe functionality
- Provide an example implementation
Tool support
Browser support for PnH is provided by the Ringleader Firefox extension which can be found here.
A (fairly rudimentary) implementation of the DOM probe for external applications exists here
A number of tools make use of Plug-n-hack, notably: