Thesis Details
Detekce podezřelých síťových požadavků webových stránek
The purpose of this thesis is to prevent websites located in public internet from accessing user's internal network through web browser. Acquired knowdledge about modern browser's security mechanism - same-origin policy and options of implementing the web browser extensions using WebExtensions, was used in the solution. Proposed solution is based on WebRequest API, which intercepts and modifies HTTP requests, and extends functionality of existing browser extension JavaScript Restrictor with the ability to detect and prevent the browser to be abused as a proxy for scanning and accessing user's internal network. The implemented solution was tested and accepted as a part of JavaScript Restrictor. The main benefit of this thesis is the protection from possible abusement of a web browser as a proxy, which is not present in existing extensions.
WebExtensions, WebRequest API, web browser security, same-origin policy, JavaScript, JavaScript Restrictor, abusement of the web browser as proxy
Grégr Matěj, Ing., Ph.D. (DIFS FIT BUT), člen
Holík Lukáš, doc. Mgr., Ph.D. (DITS FIT BUT), člen
Kořenek Jan, doc. Ing., Ph.D. (DCSY FIT BUT), člen
Malinka Kamil, Mgr., Ph.D. (DITS FIT BUT), člen
Polčák Libor, Ing., Ph.D. (DIFS FIT BUT), člen
@mastersthesis{FITMT22377, author = "Pavel Pohner", type = "Master's thesis", title = "Detekce podez\v{r}el\'{y}ch s\'{i}\v{t}ov\'{y}ch po\v{z}adavk\r{u} webov\'{y}ch str\'{a}nek", school = "Brno University of Technology, Faculty of Information Technology", year = 2020, location = "Brno, CZ", language = "czech", url = "https://www.fit.vut.cz/study/thesis/22377/" }