|
|
Computer Identification Using JavaScript Timestamps
Jireš, Michal ; Večeřa, Vojtěch (referee) ; Polčák, Libor (advisor)
This thesis deals with remote computer identification based on its internal clock skew. This clock skew will be determined using JavaScript timestamps. The goal of this thesis is to create web page, that will use clock skew to identify computer. This web page will also be used to test time distortion capabilities of browser extension JavaScript Restrictor. Web page will try to identify computer using different security presents thus testing their efficiency.
|
|
|
Detection of Suspicious Requests Made by Web Pages
Pohner, Pavel ; Burget, Radek (referee) ; Polčák, Libor (advisor)
The purpose of this thesis is to prevent websites located in public internet from accessing user's internal network through web browser. Acquired knowdledge about modern browser's security mechanism - same-origin policy and options of implementing the web browser extensions using WebExtensions, was used in the solution. Proposed solution is based on WebRequest API, which intercepts and modifies HTTP requests, and extends functionality of existing browser extension JavaScript Restrictor with the ability to detect and prevent the browser to be abused as a proxy for scanning and accessing user's internal network. The implemented solution was tested and accepted as a part of JavaScript Restrictor. The main benefit of this thesis is the protection from possible abusement of a web browser as a proxy, which is not present in existing extensions.
|
|
|
JavaScript Restricting Web Extension
Timko, Martin ; Matoušek, Petr (referee) ; Polčák, Libor (advisor)
The purpose of this thesis is to functionally expand the browser extension prototype created by Ing. Zbyněk Červinka, focused on the privacy protection of the user during his web browsing. Acquired facts about the function of existing tools for safety and privacy protection, such as technology JavaScript Zero, were used in the solution, which was created by employing a technique of encapsulating JavaScript objects and functions. This allows greater anonymity and safety for users during web browsing. The extension was tested and published under the title JavaScript Restrictor. The main benefit of this thesis is the increase of safety from attacks and increase of anonymity linked to the user data harvesting.
|
|
|
Porting of Chrome Zero Functionality to JavaScript Restrictor
Horňák, Peter ; Večeřa, Vojtěch (referee) ; Polčák, Libor (advisor)
This thesis deals with improvements of security and privacy protection of web browser users by enhancing functionality of web browser extension called JavaScript Restrictor, which prototype was created in order to protect users on web. Within this thesis are analyzed security measures realized by tool Chrome Zero, which implements measures against microarchitectural attacks, attacks abusing high resolution timers and abuse of JavaScript engine. Thesis evaulates topicality of measures and integrates selected into JavaScript Restrictor. Measures are tested and evaluated from every day use point of view.
|
|
|
FormLock for JavaScript Restrictor
Szabó, Matyáš ; Bednář, Martin (referee) ; Polčák, Libor (advisor)
This thesis focuses on protecting personally identifiable information (PII) during filling and submitting of web forms. Formlock, a prototype trying to resolve the PII leakage caused by forms by warning the user about the potentially malicious web forms and giving them an option to try and prevent the leak, is tested and then it's defensive capabilities are improved and integrated into Javascript Restrictor. Lastly, the new and integrated measures are tested and their possible future improvements are evaluated.
|
|
|
Browser Fingerprinting Detection
Saloň, Marek ; Burget, Radek (referee) ; Polčák, Libor (advisor)
The main goal of this thesis is to design and implement a mechanism that provides protection against stateless tracking with browser fingerprint. Implemented tool has a form of module that takes part of JavaScript Restrictor extension. The module allows to specify heuristics used for evaluation of visited sites that may contain browser fingerprint extraction. If suspicious activity is detected, all subsequent HTTP requests from that site are blocked to prevent the extracted fingerprint from being sent to the server. The implementation and defined heuristics were tested. The resulting module represents an effective tool against stateless tracking. The main limitation of the implementation is possible corruption of sites by blocking HTTP requests.
|
|
|
Porting of Brave Fingerprinting Protection to JavaScript Restrictor
Švancár, Matúš ; Zobal, Lukáš (referee) ; Polčák, Libor (advisor)
Users of internet browsers are constantly monitored, without their consent. By using the JavaScript APIs, it is possible to obtain various information about the browser, which together form a browser fingerprint, which can then be misused. Therefore, the goal of this work is to use a robust fingerprint protection solution of Brave browser and port it to the JavaScript Restrictor extension. In this work, the problematics of obtaining an fingerprint and countermeasures in the Brave browser are analyzed and then compared with the current protection in the JSR extension. The method of porting of Brave's countermeasures is presented and subsequently the procedure of implementation of these defense elements into the browser extension is described. The resulting implementation has been tested and evaluated, with the new protection appearing to be effective.
|
|
|
Browser Fingerprinting Detection
Saloň, Marek ; Burget, Radek (referee) ; Polčák, Libor (advisor)
The main goal of this thesis is to design and implement a mechanism that provides protection against stateless tracking with browser fingerprint. Implemented tool has a form of module that takes part of JavaScript Restrictor extension. The module allows to specify heuristics used for evaluation of visited sites that may contain browser fingerprint extraction. If suspicious activity is detected, all subsequent HTTP requests from that site are blocked to prevent the extracted fingerprint from being sent to the server. The implementation and defined heuristics were tested. The resulting module represents an effective tool against stateless tracking. The main limitation of the implementation is possible corruption of sites by blocking HTTP requests.
|
|
|
Porting of Brave Fingerprinting Protection to JavaScript Restrictor
Švancár, Matúš ; Zobal, Lukáš (referee) ; Polčák, Libor (advisor)
Users of internet browsers are constantly monitored, without their consent. By using the JavaScript APIs, it is possible to obtain various information about the browser, which together form a browser fingerprint, which can then be misused. Therefore, the goal of this work is to use a robust fingerprint protection solution of Brave browser and port it to the JavaScript Restrictor extension. In this work, the problematics of obtaining an fingerprint and countermeasures in the Brave browser are analyzed and then compared with the current protection in the JSR extension. The method of porting of Brave's countermeasures is presented and subsequently the procedure of implementation of these defense elements into the browser extension is described. The resulting implementation has been tested and evaluated, with the new protection appearing to be effective.
|
|
|
FormLock for JavaScript Restrictor
Szabó, Matyáš ; Bednář, Martin (referee) ; Polčák, Libor (advisor)
This thesis focuses on protecting personally identifiable information (PII) during filling and submitting of web forms. Formlock, a prototype trying to resolve the PII leakage caused by forms by warning the user about the potentially malicious web forms and giving them an option to try and prevent the leak, is tested and then it's defensive capabilities are improved and integrated into Javascript Restrictor. Lastly, the new and integrated measures are tested and their possible future improvements are evaluated.
|
guest ::
