New top story on Hacker News: Show HN: Firefox addon to quarantine a tab to use offline with private data
Show HN: Firefox addon to quarantine a tab to use offline with private data
16 by matusfaro | 4 comments on Hacker News.
Introducing QuaranTab: Companion extension to quarantine tabs so you can safely use them offline with private data I find myself wanting to use online format parsers to quickly decode that production JWT or decode a base64 Authorization header but cannot trust these websites to not leak my information. I thought to myself if only I could cut-off network access to this site, use it offline, and then throw away all browsing data. So I created an extension just for that. It uses Firefox contextual identities API (Containers) to isolate browsing data and inter-tab communication. Once the site is fully loaded, I then inject bogus proxy settings for any requests leaving that container to effectively cut-off network access. And once I'm done, I simply delete the Container. Use Cases: * Parse a live JWT token * Convert a Base64 Authorization header * Hash a password * Parse a Protobuf message * Submit my name and birthdate to estimate my date of death Check out the MIT source code on GitHub [1] and install QuaranTab from the Firefox store [2]. If anyone is interested in a discussion, I'd love to chat about: 1. Any ideas on how we could implement this in Chromium? Using private window as a "Container"? 2. Can you come up with an exploit? I posted a 100usd bug bounty [3] if you find one! 3. Is there any way to prove an extension in the store was built from source in GitHub? I am imagining some kind of third-party escrow service managing the Firefox store account and building from specific public git repository. 1. https://ift.tt/gXB4Hqb 2. https://ift.tt/Eg4jYS8 3. https://ift.tt/fwZnuhK
Introducing QuaranTab: Companion extension to quarantine tabs so you can safely use them offline with private data I find myself wanting to use online format parsers to quickly decode that production JWT or decode a base64 Authorization header but cannot trust these websites to not leak my information. I thought to myself if only I could cut-off network access to this site, use it offline, and then throw away all browsing data. So I created an extension just for that. It uses Firefox contextual identities API (Containers) to isolate browsing data and inter-tab communication. Once the site is fully loaded, I then inject bogus proxy settings for any requests leaving that container to effectively cut-off network access. And once I'm done, I simply delete the Container. Use Cases: * Parse a live JWT token * Convert a Base64 Authorization header * Hash a password * Parse a Protobuf message * Submit my name and birthdate to estimate my date of death Check out the MIT source code on GitHub [1] and install QuaranTab from the Firefox store [2]. If anyone is interested in a discussion, I'd love to chat about: 1. Any ideas on how we could implement this in Chromium? Using private window as a "Container"? 2. Can you come up with an exploit? I posted a 100usd bug bounty [3] if you find one! 3. Is there any way to prove an extension in the store was built from source in GitHub? I am imagining some kind of third-party escrow service managing the Firefox store account and building from specific public git repository. 1. https://ift.tt/gXB4Hqb 2. https://ift.tt/Eg4jYS8 3. https://ift.tt/fwZnuhK 4 https://ift.tt/ZLuE3rP 16 Show HN: Firefox addon to quarantine a tab to use offline with private data
16 by matusfaro | 4 comments on Hacker News.
Introducing QuaranTab: Companion extension to quarantine tabs so you can safely use them offline with private data I find myself wanting to use online format parsers to quickly decode that production JWT or decode a base64 Authorization header but cannot trust these websites to not leak my information. I thought to myself if only I could cut-off network access to this site, use it offline, and then throw away all browsing data. So I created an extension just for that. It uses Firefox contextual identities API (Containers) to isolate browsing data and inter-tab communication. Once the site is fully loaded, I then inject bogus proxy settings for any requests leaving that container to effectively cut-off network access. And once I'm done, I simply delete the Container. Use Cases: * Parse a live JWT token * Convert a Base64 Authorization header * Hash a password * Parse a Protobuf message * Submit my name and birthdate to estimate my date of death Check out the MIT source code on GitHub [1] and install QuaranTab from the Firefox store [2]. If anyone is interested in a discussion, I'd love to chat about: 1. Any ideas on how we could implement this in Chromium? Using private window as a "Container"? 2. Can you come up with an exploit? I posted a 100usd bug bounty [3] if you find one! 3. Is there any way to prove an extension in the store was built from source in GitHub? I am imagining some kind of third-party escrow service managing the Firefox store account and building from specific public git repository. 1. https://ift.tt/gXB4Hqb 2. https://ift.tt/Eg4jYS8 3. https://ift.tt/fwZnuhK
Introducing QuaranTab: Companion extension to quarantine tabs so you can safely use them offline with private data I find myself wanting to use online format parsers to quickly decode that production JWT or decode a base64 Authorization header but cannot trust these websites to not leak my information. I thought to myself if only I could cut-off network access to this site, use it offline, and then throw away all browsing data. So I created an extension just for that. It uses Firefox contextual identities API (Containers) to isolate browsing data and inter-tab communication. Once the site is fully loaded, I then inject bogus proxy settings for any requests leaving that container to effectively cut-off network access. And once I'm done, I simply delete the Container. Use Cases: * Parse a live JWT token * Convert a Base64 Authorization header * Hash a password * Parse a Protobuf message * Submit my name and birthdate to estimate my date of death Check out the MIT source code on GitHub [1] and install QuaranTab from the Firefox store [2]. If anyone is interested in a discussion, I'd love to chat about: 1. Any ideas on how we could implement this in Chromium? Using private window as a "Container"? 2. Can you come up with an exploit? I posted a 100usd bug bounty [3] if you find one! 3. Is there any way to prove an extension in the store was built from source in GitHub? I am imagining some kind of third-party escrow service managing the Firefox store account and building from specific public git repository. 1. https://ift.tt/gXB4Hqb 2. https://ift.tt/Eg4jYS8 3. https://ift.tt/fwZnuhK 4 https://ift.tt/ZLuE3rP 16 Show HN: Firefox addon to quarantine a tab to use offline with private data
Comments
Post a Comment