[WEB SECURITY] HPP Finder

Elias Athanasopoulos elias.athanasopoulos at gmail.com
Thu May 12 05:39:34 EDT 2011


Hello!

I have created a Google Chrome extension for detecting HPP vulnerabilities
purely at the client-side. The idea is to use jQuery for parsing all
hyperlinks and HTML forms that may include the same parameter multiple
times. HPP Finder marks all suspicious hyperlinks and forms in a dashed
frame and reports all of them in a pop-up, which is triggered upon clicking
on the extension's icon.

HPP Finder is not a complete solution for HPP attacks. It can only spot
hyperlinks and forms that include parameters that mask one each other. It is
also still in a very beta stage, since it's my first Chrome extension. You
can find a demo page at:

http://www.ics.forth.gr/~elathan/extra/hpp/index.html

Any comments and suggestions are welcome.

Regards,
Elias

-- 
I bet the human brain is a kludge.  --Marvin Minsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110512/54604e26/attachment-0003.html>


More information about the websecurity mailing list