I\'m developing a browser(firefox) plug-in which essentially checks for maliciou

Question

I'm developing a browser(firefox) plug-in which essentially checks for malicious input. My current approach is to store all input fields sent in GET/POST requests, try to heuristically determine potential attack vectors and drop requests in case true positives are detected.

For data retrieval I've been thinking of implementing the functionality of tamper data. However, I cannot find a similar open source plug-in and developing one from scratch seems rather difficult(the only suggestions I've found refer to standalone proxies such as burpsuite and webscarab).

Any help would be greatly appreciated.

Explanation / Answer

This is a pretty scary thing to be doing, as by definition, you are wanting to look at sensitive, user-submitted data on those computers. Sure, you might catch the occasional wrongdoer, but you're going to be capturing quite a lot of normal people's passwords, emails, etc.

Which is probably opening a whole slew of liability to whoever owns the computer lab.

I'd contact your local legal department for advice here - its most likely better to go down the path of becoming a common carrier, and legally shielded from random user's activities, then it is to try and prevent them. Likewise, your plugin may become the target for a malicious actor, who can skip breaking into websites, and just capture the data from your tool.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.