Hi forum folks,
I tested the working of Malware Script Detector extension installed on Google Chrome for this particular POC -http://security.onofri.org/xss_location.html?#
for the following threat, anti DOM-XSS filter bypass on a previous Google Chrome version/
The existing DOM Based Cross Site Scripting or XSS filter for Google Chrome is currently very experimental.
How the extension detected the POC attempt can be seen from the attached GIF image,
polonus
Seems to be a good extension,have you tested this one?>http://www.chromeextensions.org/appearance-functioning/flashblock/
Give it a shot,it’s awesome
Hi Left123,
I have that installed. From emerging threat rules I also tested several for instance this one (see first attached gif, second see attached alert gif…
polonus
Here I tested against the well known Regex for “<img src” CSS attack, and attached you will see how it is being detected by Malware Script Detector extension in the Google Chrome browser,
polonus
Hi users of Google chrome browser,
I have been testing this Google Chrome user script extension by d0ubl3_h3lix now rather thorougly.
It will not only flag malware script on sites but also flag when a user visits sites that discuss XSS scripting exploits even, and have these exploits there on site, etc.
For testing it’s detection rate I used examples from Emerging Threats, Snort code, firekeeper rules and others.
Despite of this being a static coded small extension seen to the source code, it will alert to an enormous amount of issues. Personally I like it very much, but you have to follow up the alerts to know in howfar what it flags is dangerous.
Then you have to decide to block or allow site inside the browser (depending on what is in the source code of the site you visit, it also alerts issues other detections fail and are completely going on in the user’s web browser client, that is why it is so valuable to have).
It is a nice addition to the protection of NotScripts extension and also to the avast shields that will come in first with an alert, also nice additional extension next to the Flash blocker, Better Pop Up Blocker, and Prevent Clickjacking version 1 Google Chrome extensions.
For users that want to know somewhat more about this MSD browser IDS extension, here is a nice introduction txt link:
http://www.slideshare.net/guest31a5be/introducing-malware-script-detector#text-version
link source provided by: guest31a5be (on slideshare)
polonus