Skip to content
/ checker-extension Public

Firefox extension to check the presence of HTTP Security Headers and the implementation of the Subresource Integrity (SRI).

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pascal-sun/checker-extension

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
icons
icons
 
 
popup
popup
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
background.js
background.js
 
 
content-script.js
content-script.js
 
 
manifest.json
manifest.json
 
 

Repository files navigation

Checker extension

Firefox extension to check the presence of HTTP Security Headers and the implementation of the Subresource Integrity (SRI).

Demo

Development

How to develop with web-ext, in command line

web-ext is a command line tool, to help build, run and test WebExtensions: https://extensionworkshop.com/documentation/develop/getting-started-with-web-ext/.

How to install it

$ sudo apt install npm
$ sudo npm install --global web-ext
$ web-ext --version

How to use it

$ cd check-extension
$ web-ext run --firefox-profile=../test-profile --profile-create-if-missing --keep-profile-changes
  • --firefox-profile, -p: Specify a base Firefox profile to run the extension in.
  • --profile-create-if-missing: With this option, the profile directory will be created if it does not exist yet.
  • --keep-profile-changes: With this option, any changes made to the profile directory are saved.

Make sure to have test-profile folder outside of the extension, for reload issue:

.
├── checker-extension
│   ├── background.js
│   ├── content-script.js
│   ├── icons
│   ├── LICENSE
│   ├── manifest.json
│   ├── popup
│   └── README.md
└── test-profile

Documentation

Storage area

{
	"example.com":{
		"headers-all":{
			"URL1":{
				"header1":"value1",
				"header2":"value2"
			},
			"URL2":{
				"header1":"value1",
				"header2":"value2"
			},
		},
		"headers-security":{
			"strict-transport-security": ["URL1", "URL2"],
			"x-xss-protection": ["URL1"],
			"content-security-policy": ["URL2"],
			"x-frame-options": [],
			"x-content-type-options": [],
			"cache-control": [],
			"server": [],
			"x-powered-by": []
		},
		"linkTags":{
			"allURLs":{
				"hrefURL1":{
					"integrity":"xxxxxxx",
					"crossorigin":"xxxx"
				},
				"hrefURL2":{
					"integrity":"xxxxxxx",
					"crossorigin":"xxxx"
				},
			},
			"example.com/1":{
				"srcURL1":{
					"integrity":"xxxxxxx",
					"crossorigin":"xxxx"
				},
				"srcURL2":{
					"integrity":"xxxxxxx",
					"crossorigin":"xxxx"
				}
			}
			"example.com/2":{},
			"example.com/3":{}
				},
				"scriptTags":{
						"allURLs":{},
						"example.com/1":{},
						"example.com/2":{},
						"example.com/3":{}
				}
		},
		"www.example.com":{
				"linkTags":{
						"allURLs":{},
						"www.example.com/1":{},
						"www.example.com/2":{},
						"www.example.com/3":{}
				},
				"scriptTags":{
						"allURLs":{},
						"www.example.com/1":{},
						"www.example.com/2":{},
						"www.example.com/3":{}
				}
		},
		"google.com":{
				"linkTags":{
						"allURLs":{},
						"google.com/1":{},
						"google.com/2":{},
						"google.com/3":{}
				},
				"scriptTags":{
						"allURLs":{},
						"google.com/1":{},
						"google.com/2":{},
						"google.com/3":{}
				}
		},
}

About

Firefox extension to check the presence of HTTP Security Headers and the implementation of the Subresource Integrity (SRI).

Topics

extension http-header pentest sri subresource-integrity extension-firefox security-header

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages