[WEB SECURITY] HPP Finder
elias.athanasopoulos at gmail.com
Wed May 18 05:20:54 EDT 2011
On Sun, May 15, 2011 at 8:57 PM, Marco Balduzzi
<marco.balduzzi at iseclab.org>wrote:
> Hi Elias,
> > I have created a Google Chrome extension for detecting HPP
> > vulnerabilities purely at the client-side. The idea is to use jQuery
> > for parsing all hyperlinks and HTML forms that may include the same
> > parameter multiple times. HPP Finder marks all suspicious hyperlinks
> > and forms in a dashed frame and reports all of them in a pop-up,
> > which is triggered upon clicking on the extension's icon.
> I like the idea to have a client-side protection to HPP.
> By the way, I'm confident that the plug-in you propose may raise more
> false positives (e.g. form's checkbox) than protecting their users.
Yes, I am aware of that. This is why I stated that HPP Finder marks all
> I propose you to enhance the plug-in with a couple of ideas we can
> discuss offline.
Feel free to contact me in person.
I bet the human brain is a kludge. --Marvin Minsky
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity