Security/Plug-n-hack

From MozillaWiki
< Security
Revision as of 16:03, 7 January 2014 by Mgoodwin (talk | contribs) (Added content on pnh plans)
Jump to navigation Jump to search

Plug-n-hack is an effort to make your browser play nicely with the security tools you use.

Current Documentation can be found here

Plans

Plug-n-hack is an ongoing effort.

  • Phase 1 (q2/3 2013):
    • Allow a browser to be configured to use a security tool with minimal effort
    • Allow tool configurations to be managed
    • Allow tool functionality to be exposed via browser UI
  • Phase 2 (q3/q4 2013):
    • Provide some access to the DOM from external security tools via a probe (e.g. injected via bookmarklet or by a security proxy)
      • PostMessage interception / replay
      • Event inspection
  • Phase 3 (q4 2013):
    • Define configurations and interfaces for browser analogs of the existing probe functionality
    • Provide an example implementation

Tool support

Browser support for PnH is provided by the Ringleader Firefox extension which can be found here.

A (fairly rudimentary) implementation of the DOM probe for external applications exists here

A number of tools make use of Plug-n-hack, notably:

  • OWASP ZAP (Phase 1 support complete, partial support for phase 2 and 3)
  • BURP (Phase 1 support)
  • OWTF (Phase 1 support)
Retrieved from "https://wiki.allizom.org/index.php?title=Security/Plug-n-hack&oldid=867871"