A Plug-In and an XPCOM Component for Controlling Firefox Browser Requests1

A Plug-in and an XPCOM Component for Controlling Firefox Browser Requests1

Mozilla’s Firefox offers useful programming APIs to enhance or modify the behavior of browser [2]. The APIs are part of XPCOM (Cross Platform Component Object Model) which provides a set of classes and related methods to perform useful and primitive operations such as file creation and intercepting requests or responses. Most of the XPCOM components are available either through the HTML rendering engine (e.g., Gecko) or JavaScript engine (e.g., SeaMonkey). However, one of the most interesting aspects of Mozilla’s Firefox runtime environment is that it offers us to build customized plug-ins and XPCOM components [1, 4]. It also allows one to implement plug-ins and components in a number of programming languages such as JavaScript. Currently, there exist many plug-ins and XPCOM components that allow programmers to access web pages and browser requests. However, they cannot control browser requests based on HTML form-based requests. This project aims to fill this gap. The project has two parts. First, a plug-in for Firefox browser needs to be developed so that a user can control which requests should be allowed or blocked. To obtain the desired functionalities, one requires implementing a number of JavaScript methods to validate requests (or URLs). The plug-in, when enabled, should perform the following three major functionalities: (i) initialization, (ii) checking requests and HTML forms, (iii) stopping a request and conditionally allowing a request to proceed. The above functionalities will be tested using a set of test cases discussed in [3]. In the second part of the project, an XPCOM (Cross Platform Component Object Model) component needs to be developed that provides the above three functionalities so that they can be called from a plug-in. In other words, your implemented JavaScript modules (first part) need to be called through XPCOM interfaces. As before, the exported XPCOM functionalities will be tested using the same set of test cases discussed in [3].

Deliverables A working version of the plug-in and XPCOM is required. The functionalities should be developed with good modularity. The plug-in and component should be implemented in JavaScript for Windows XP/VISTA/7.

A technical report should be submitted including the followings: description of the implemented modules along with their functionalities, analysis on the accuracy of stopping/allowing requests, discussions on the initial and final set of white listed HTML tags, attributes, and expected content types, overhead measured as average response time of a webpage, description of the interface file along with the functionalities of the implemented modules of the XPCOM, installation procedure, development environment, troubleshooting experiences (lessons learned).

References [1] Creating a Mozilla Extension – MDC, https://developer.mozilla.org/en/Creating_a_Mozilla_Extension [2] XPCOM API Reference – MDC, https://developer.mozilla.org/en/xpcom_api_reference [3] H. Shahriar and M. Zulkernine, “Client Side Detection of Cross Site Request Forgery Attacks,” Proceedings of the 21st IEEE International Symposium on Software Reliability and Engineering (to appear), San Jose, California, November 2010. [4] https://developer.mozilla.org/en/How_to_Build_an_XPCOM_Component_in_Javascript

1 In this project, one or two CISC 499 students may work with a PhD student under the supervision of Dr. Zulkernine ([email protected]).