Mozilla Plug-n-Hack Adds Browsers and Security Tools
New standards implicated by Mozilla will hopefully help the researchers. According to security experts from Mozilla the goal of those changes is to ease the integration of tools, used by researchers, to Firefox or any other internet browser. This newly developed standard is called Plug-n-Hack. It is an open project, and Mozilla hopes that it will attract the attention of toolmakers and the researchers.
Most of the researches concerning security is done using internet browsers, that is why integrating custom testing tools to latter applications is very important. Plug-n-Hack was developed in order to make the integration process fast and easy, because until now, it was a task which required a lot of effort. Plug-n-Hack acts as a go-between for security tools and internet browsers.
Simon Bennetts, a representative of Mozilla, explained why Plug-n-Hack is a necessity. According to him, due to lack of integration between the internet browsers and security tools, researchers had to switch between the internet browser and the tool very often in order to accomplish even the easiest tasks e.g. intercepting an HTTP(S) request. Bennett also added that Plug-n-Hack allows security tools to declare the functionality that they support which is suitable for invoking directly from the internet browser.
The Mozilla representative explained that researchers, which are using browsers compatible with Pick-n-Hack won’t have to switch from the tool to the internet browser so often in order to invoke the desired functionality. Although some of the Pick-n-Hack capabilities have a fixed meaning, most of which are associated with proxy configuration, the majority of the capabilities are generic. As a result, the tools can expose all the functionalities they want.
The newest release of the Plug-n-Hack protocol is only compatible with Firefox, but Mozilla hopes that it is just a start. The company expects that Plug-n-Hack will be integrated to other internet browsers and security tools, and most importantly, valued by the researchers. These claims are proving to be right because OWASP Zed Attack Proxy, which is a pen-testing framework, has already integrated the protocol, and Mozilla is not planning to stop here. They are thinking about next phase of Pick-n-Hack, which will allow the tools to gather information directly from the internet browser. The internet browser itself could be used an extension of the used tool, in the future.
Mozilla is inviting everyone to join the development of Pick-n-Hack as it is a completely open project. Having in mind Mozilla’s plans to implicate this protocol to other internet browsers, contribution from researchers who are working with Chrome, IE or other browsers is extremely valuable for the project.