|
|
Native Code Web Browser Extensions
Vítek, Vojtěch ; Očenášek, Pavel (referee) ; Burget, Radek (advisor)
Nowadays, web applications and browsers are undergoing rapid development - we can say that the progress of Internet technologies is unstoppable phenomenon of the last decade. The need for the best-possible CPU performance in web applications to achieve a smooth user experience is enormous - besides the continuous improvements of existing technologies, we can see several new technologies arising every year. This thesis deals with development of native code web browser extensions whose primary purpose is to use maximum CPU performance as well as efforts to improve the user experience when viewing web pages.
|
|
|
Tracker Blocking in WebKitGTK-Based Browsers
Dudík, Samuel ; Koutenský, Michal (referee) ; Polčák, Libor (advisor)
This thesis deals with creating an extension for WebKitGTK based browsers that allows users to block advertisements, trackers and other undesirable elements. The extension is implemented in the C programming language. It communicates with a server written in Rust that decides which requests to block and which to allow. The server uses the adblock-rust library that was developed for the Brave browser. Communication between the server and the client uses the Unix domain socket mechanism. The outcome of the thesis is a full-featured content filtering extension that in addition to network filtering also supports dynamic cosmetic filtering. There is also a minimalistic GUI for easy configuration and interaction with the extension.
|
|
|
Browser Fingerprinting Detection
Saloň, Marek ; Burget, Radek (referee) ; Polčák, Libor (advisor)
The main goal of this thesis is to design and implement a mechanism that provides protection against stateless tracking with browser fingerprint. Implemented tool has a form of module that takes part of JavaScript Restrictor extension. The module allows to specify heuristics used for evaluation of visited sites that may contain browser fingerprint extraction. If suspicious activity is detected, all subsequent HTTP requests from that site are blocked to prevent the extracted fingerprint from being sent to the server. The implementation and defined heuristics were tested. The resulting module represents an effective tool against stateless tracking. The main limitation of the implementation is possible corruption of sites by blocking HTTP requests.
|
|
|
Detecting JavaScript Code with Known Vulnerabilites
Randýsek, Vojtěch ; Jeřábek, Kamil (referee) ; Polčák, Libor (advisor)
This thesis deals with the detection of vulnerable JavaScript libraries and NPM packages. Based on existing studies, it summarizes the technological core of the Node.js platform and further focuses on selected vulnerabilities of the NPM system and existing means of protection. A Chrome browser extension able to detect and fix JavaScript code with known vulnerabilities on the web browser had been introduced. The tool was tested in a crawl of 50 000 websites. 8 129 vulnerable scripts were detected. The extension has been published to the Chrome Web Store as JS Vulnerability Detector .
|
|
|
Optimizing JShelter Performance
Zmitko, Martin ; Polčák, Libor (referee) ; Hranický, Radek (advisor)
This thesis aims to lessen the impact of JShelter on the browsing experience. The goal was accomplished by measuring the performance of JShelter and analyzing the hotspots that impacted browsing performance the most. Finally, optimizations based on analysis results while leaving the high provided level of protection uncompromised were proposed and implemented. JShelter's fingerprinting protections based on image and audio data processing were optimized by extending them with a more efficient implementation using WebAssembly, which, in some cases, was faster by up to 50 times. The performance while loading web pages was increased with changes in configuration loading and injection mechanisms, on average by 13.5 %.
|
|
|
Web API Blocking
Frandel, Martin ; Hranický, Radek (referee) ; Polčák, Libor (advisor)
The aim of this work is to obtain the web APIs used in the top 1 000 000 pages of the Tranco ranking along with their subpages using the Web API Manager extension, then analyze and categorize the obtained data. Design a mechanism for the JShelter extension supporting blocking of individual web APIs that have been evaluated as tracking or advertising, implement the solution and then test it. In total, 2 973 276 web pages were analyzed. The captured data was aggregated with respect to web API insecurity, analyzed and the results described in the paper, with some API calls being blocked up to 93.33 % of the time. I was able to develop a method for identifying problematic APIs. Using polynomial regression, I found polynomials that describe the blocking behavior towards individual web APIs and their methods. I implemented the blocking functionality in the JShelter extension and successfully tested the solution.
|
|
|
Detecting JavaScript Code with Known Vulnerabilites
Randýsek, Vojtěch ; Jeřábek, Kamil (referee) ; Polčák, Libor (advisor)
This thesis deals with the detection of vulnerable JavaScript libraries and NPM packages. Based on existing studies, it summarizes the technological core of the Node.js platform and further focuses on selected vulnerabilities of the NPM system and existing means of protection. A Chrome browser extension able to detect and fix JavaScript code with known vulnerabilities on the web browser had been introduced. The tool was tested in a crawl of 50 000 websites. 8 129 vulnerable scripts were detected. The extension has been published to the Chrome Web Store as JS Vulnerability Detector .
|
|
|
Browser Fingerprinting Detection
Saloň, Marek ; Burget, Radek (referee) ; Polčák, Libor (advisor)
The main goal of this thesis is to design and implement a mechanism that provides protection against stateless tracking with browser fingerprint. Implemented tool has a form of module that takes part of JavaScript Restrictor extension. The module allows to specify heuristics used for evaluation of visited sites that may contain browser fingerprint extraction. If suspicious activity is detected, all subsequent HTTP requests from that site are blocked to prevent the extracted fingerprint from being sent to the server. The implementation and defined heuristics were tested. The resulting module represents an effective tool against stateless tracking. The main limitation of the implementation is possible corruption of sites by blocking HTTP requests.
|
|
|
Tracker Blocking in WebKitGTK-Based Browsers
Dudík, Samuel ; Koutenský, Michal (referee) ; Polčák, Libor (advisor)
This thesis deals with creating an extension for WebKitGTK based browsers that allows users to block advertisements, trackers and other undesirable elements. The extension is implemented in the C programming language. It communicates with a server written in Rust that decides which requests to block and which to allow. The server uses the adblock-rust library that was developed for the Brave browser. Communication between the server and the client uses the Unix domain socket mechanism. The outcome of the thesis is a full-featured content filtering extension that in addition to network filtering also supports dynamic cosmetic filtering. There is also a minimalistic GUI for easy configuration and interaction with the extension.
|
|
|
Native Code Web Browser Extensions
Vítek, Vojtěch ; Očenášek, Pavel (referee) ; Burget, Radek (advisor)
Nowadays, web applications and browsers are undergoing rapid development - we can say that the progress of Internet technologies is unstoppable phenomenon of the last decade. The need for the best-possible CPU performance in web applications to achieve a smooth user experience is enormous - besides the continuous improvements of existing technologies, we can see several new technologies arising every year. This thesis deals with development of native code web browser extensions whose primary purpose is to use maximum CPU performance as well as efforts to improve the user experience when viewing web pages.
|
guest ::
