[WEB SECURITY] HPP Finder

Elias Athanasopoulos elias.athanasopoulos at gmail.com
Wed May 18 05:20:54 EDT 2011


Hello!

On Sun, May 15, 2011 at 8:57 PM, Marco Balduzzi
<marco.balduzzi at iseclab.org>wrote:

> Hi Elias,
>
> > I have created a Google Chrome extension for detecting HPP
> > vulnerabilities purely at the client-side. The idea is to use jQuery
> > for parsing all hyperlinks and HTML forms that may include the same
> > parameter multiple times. HPP Finder marks all suspicious hyperlinks
> > and forms in a dashed frame and reports all of them in a pop-up,
> > which is triggered upon clicking on the extension's icon.
>
> I like the idea to have a client-side protection to HPP.
> By the way, I'm confident that the plug-in you propose may raise more
> false positives (e.g. form's checkbox) than protecting their users.
>

Yes, I am aware of that. This is why I stated that HPP Finder marks all
*suspicious* links.


> I propose you to enhance the plug-in with a couple of ideas we can
> discuss offline.


Feel free to contact me in person.

Regards,
-- 
I bet the human brain is a kludge.  --Marvin Minsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110518/e604d021/attachment-0003.html>


More information about the websecurity mailing list