CsFire Autonomously protects you against dangerous or malicious cross-domain requests
Download

CsFire Ranking & Summary

CsFire Tags

Firefox extension dangerous requests malicious requests dangerous requests malicious

CsFire Description

Autonomously protects you against dangerous or malicious cross-domain requests When a website makes requests to another site, all kinds of malicious effects can occur. For instance, the information included in the request can be used to track the sites you visit. The request can also trigger certain undesired actions, an attack which is called Cross-Site Request Forgery (CSRF).CSRF is considered very dangerous, as indicated by its ranking in the OWASP top 10 and the CWE/SANS top 25. The problem with a CSRF attack is that it makes requests on behalf of the user, without his/her knowledge. For instance, if a site (e.g. example.com) makes hidden requests to another site (e.g. myonlinebank.com), it can potentially cause harmful effects (transfer funds, create accounts, ...).CsFire is a Firefox extension that protects you against malicious cross-domain requests, by rendering them harmless. This means that CsFire will remove authentication information (cookies and authentication headers), which ensures that a cross-domain request can not have harmful or undesired side-effects.CsFire provides a secure-by-default policy, which can be extended with fine-grained remote policies as well as fine-grained local policies. The remote policies are obtained from a policy server, to selectively allow certain harmless cross-domain requests (e.g. sharing items on facebook). The local policies allow you to specify certain cross-domain requests that should be treated differently, should you wish to do so (this is not required in normal surfing scenarios).CsFire is the result of an academic research paper titled CsFire: Transparent client-side mitigation of malicious cross-domain requests, published at the International Symposium on Engineering Secure Software and Systems 2010. The paper discusses the research behind this implementation, as well as the technical details of CsFire. Requirements: · Mozilla Firefox What's New in This Release: · Added help feature for local policy rules · Removed the undefined option for stripping cookies or HTTP authentication headers · Added button to clear log message display buffer · Corrected problem with version number of policy file · Extended IP address filter to include obscure notations (secure-by-default policy is applied)

CsFire Related Software