Security/Meetings/Automation/2013-11-12
From MozillaWiki
< Security | Meetings | Automation
Agenda
- pnh demo
- personal updates
- add your items to the agenda
PnH Demo
Mark demoes the content injection he added to Plug'n'Hack and Zap including capabilities to intercept, change and re-send postMessages in the browser
- discussing other relevant scripts
- https://github.com/qll/autoCSP (for identifying outgoing requests)
- https://www.sprymedia.co.uk/VisualEvent/ (to visualize event handlers)
Status Updates
- Frederik
- lazy automation week, mostly done websec reviews
- Jeff
- fought through instantiating a test environment (python 2.6..RHEL4, no make,yuck)
- basic elastic search interface in meteor grabbing bunker status
- Next step; injesting actual logs from syslog1 to test elastic search
- Tinfoil
- internet stormcenter like website for mozilla/opsec
- Psiinon
- preparations for appsec usa
- talk
- ZAP hackathon
- mgoodwin
- I've been working on the clients functionality for Plug-n-hack. Progress this week:
- The 'probe' (content injection) client can now intercept, modify and resend postMessage for on and off origin iframes.punkt
- This works on Chrome and Firefox. Should (in theory) work in recent webkits (so probably web views on android / iOS too).
- Started work on the addEventListener proxies for intercept / resend events.
- I've got an (experimental) ringleader with the postMessage hook built in. No off-origin hackery required but since this is fx only it's not useful for all zap users.
- I've been working on the clients functionality for Plug-n-hack. Progress this week:
- ulfr
- MongoDB storage in MIG. Action completion ratio (% of commands that finished, handle termination, etc..). https://github.com/mozilla/mig/commits/master
- IOC format discussion in MIG: tight json integration vs accepting any type of IOC format in modules without understanding them. Will be discussed in Q1 2014.
- stefan
- https://github.com/st3fan/minion-webcompat-icon-plugin
- https://basement.sateh.com/tmp/flask/ (try it with bug 935701 or 545760 or 544543 or 542391 (give it a few secondds))