Protecting Browser Extensions from Probing and Revelation Attacks
Download Protecting Browser Extensions from Probing and Revelation Attacks
Preview text
Latex Gloves:
Protecting Browser Extensions from Probing and Revelation
Attacks
Alexander Sjösten, Steven Van Acker, Pablo Picazo-Sanchez, Andrei Sabelfeld
Browser extensions
● Allows users to modify browser behaviour
○ Block advertisement & tracking scripts ○ Password managers
● Written in a combination of JavaScript, HTML and CSS
○ Content scripts ○ Background scripts
● User grants permissions
● Can inject content
○ One way through “web accessible resources” ○ chrome-extension:// and moz-extension://
Google Cast example
Detect google cast extension
chrome-extension://boadgeojelhgndaghljhdicfkmllpafd/cast_sender.js
Discover Chromecast on the network
Probing attack
1) Web page makes request to
chrome-extension://boadgeojelhgndaghljhdicfkmllpafd/cast_sender.js
Sjösten et al., CODASPY 2017 Gulyás et al., WPES 2018 (demo web page: https://extensions.inrialpes.fr/) Sanchez-Rola et al., USENIX 2017
Probing attack
1) Web page makes request to
chrome-extension://boadgeojelhgndaghljhdicfkmllpafd/cast_sender.js
2) If extension is installed, resource is returned.
Sjösten et al., CODASPY 2017 Gulyás et al., WPES 2018 (demo web page: https://extensions.inrialpes.fr/) Sanchez-Rola et al., USENIX 2017
Mozilla’s solution
moz-extension://actual-extension-id/resource.js
Randomized
moz-extension://30bb95e6-4208-4633-ab7b-5623c0b09483/resource.js
Mozilla’s solution
moz-extension://actual-extension-id/resource.js
Randomized
moz-extension://30bb95e6-4208-4633-ab7b-5623c0b09483/resource.js
“It is randomly generated for every browser instance. This prevents websites from fingerprinting a browser by examining the extensions it has installed.” - Mozilla documentation
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/web_accessible_resources
Mozilla’s solution
moz-extension://actual-extension-id/resource.js
Randomized
moz-extension://30bb95e6-4208-4633-ab7b-5623c0b09483/resource.js
“It is randomly generated for every browser instance. This prevents websites from fingerprinting a browser by examining the extensions it has installed.” - Mozilla documentation
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/web_accessible_resources
“This is something we'd like to do when we have the opportunity to make a breaking change.” - Chrome developer forum
https://bugs.chromium.org/p/chromium/issues/detail?id=611420#c19
Revelation attack
1) Extension injects content
moz-extension://30bb95e6-4208-4633-ab7b-5623c0b09483/resource.js
Revelation attack
1) Extension injects content
moz-extension://30bb95e6-4208-4633-ab7b-5623c0b09483/resource.js
2) Use the recently acquired random ID to probe for a unique resource in an extension.
Protecting Browser Extensions from Probing and Revelation
Attacks
Alexander Sjösten, Steven Van Acker, Pablo Picazo-Sanchez, Andrei Sabelfeld
Browser extensions
● Allows users to modify browser behaviour
○ Block advertisement & tracking scripts ○ Password managers
● Written in a combination of JavaScript, HTML and CSS
○ Content scripts ○ Background scripts
● User grants permissions
● Can inject content
○ One way through “web accessible resources” ○ chrome-extension:// and moz-extension://
Google Cast example
Detect google cast extension
chrome-extension://boadgeojelhgndaghljhdicfkmllpafd/cast_sender.js
Discover Chromecast on the network
Probing attack
1) Web page makes request to
chrome-extension://boadgeojelhgndaghljhdicfkmllpafd/cast_sender.js
Sjösten et al., CODASPY 2017 Gulyás et al., WPES 2018 (demo web page: https://extensions.inrialpes.fr/) Sanchez-Rola et al., USENIX 2017
Probing attack
1) Web page makes request to
chrome-extension://boadgeojelhgndaghljhdicfkmllpafd/cast_sender.js
2) If extension is installed, resource is returned.
Sjösten et al., CODASPY 2017 Gulyás et al., WPES 2018 (demo web page: https://extensions.inrialpes.fr/) Sanchez-Rola et al., USENIX 2017
Mozilla’s solution
moz-extension://actual-extension-id/resource.js
Randomized
moz-extension://30bb95e6-4208-4633-ab7b-5623c0b09483/resource.js
Mozilla’s solution
moz-extension://actual-extension-id/resource.js
Randomized
moz-extension://30bb95e6-4208-4633-ab7b-5623c0b09483/resource.js
“It is randomly generated for every browser instance. This prevents websites from fingerprinting a browser by examining the extensions it has installed.” - Mozilla documentation
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/web_accessible_resources
Mozilla’s solution
moz-extension://actual-extension-id/resource.js
Randomized
moz-extension://30bb95e6-4208-4633-ab7b-5623c0b09483/resource.js
“It is randomly generated for every browser instance. This prevents websites from fingerprinting a browser by examining the extensions it has installed.” - Mozilla documentation
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/web_accessible_resources
“This is something we'd like to do when we have the opportunity to make a breaking change.” - Chrome developer forum
https://bugs.chromium.org/p/chromium/issues/detail?id=611420#c19
Revelation attack
1) Extension injects content
moz-extension://30bb95e6-4208-4633-ab7b-5623c0b09483/resource.js
Revelation attack
1) Extension injects content
moz-extension://30bb95e6-4208-4633-ab7b-5623c0b09483/resource.js
2) Use the recently acquired random ID to probe for a unique resource in an extension.
Categories
You my also like
Implementing OWL Defaults
110.3 KB25.9K9.1KAssessing Usability and Accessibility of Indian Tourism
837.5 KB39.4K3.9KWebometric Analysis of Deemed University Websites in India
342.5 KB14.1K3.5KMahakal Web Technologies
174.1 KB1.5K226An Enhancement Of Association Classification Algorithm For
329 KB2.8K786Lycée Saint Paul Lille Tarifs coal
100.5 KB43.4K9.5KModern techniques of web scraping for data scientists
990.1 KB16137Clearing A Browser’s Cache, Cookies & History
80.7 KB35.6K11.4KUsing Respondus LockDown Browser (Windows/Mac)
2.3 MB77.5K25.6K
