Elias Athanasopoulos elias.athanasopoulos at gmail.com
Wed May 18 05:20:54 EDT 2011


On Sun, May 15, 2011 at 8:57 PM, Marco Balduzzi
<marco.balduzzi at iseclab.org>wrote:

> Hi Elias,
> > I have created a Google Chrome extension for detecting HPP
> > vulnerabilities purely at the client-side. The idea is to use jQuery
> > for parsing all hyperlinks and HTML forms that may include the same
> > parameter multiple times. HPP Finder marks all suspicious hyperlinks
> > and forms in a dashed frame and reports all of them in a pop-up,
> > which is triggered upon clicking on the extension's icon.
> I like the idea to have a client-side protection to HPP.
> By the way, I'm confident that the plug-in you propose may raise more
> false positives (e.g. form's checkbox) than protecting their users.

Yes, I am aware of that. This is why I stated that HPP Finder marks all
*suspicious* links.

> I propose you to enhance the plug-in with a couple of ideas we can
> discuss offline.

Feel free to contact me in person.

I bet the human brain is a kludge.  --Marvin Minsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110518/e604d021/attachment-0003.html>

More information about the websecurity mailing list