Data

Tools

Indexes

Applications

Experiments

Open Source Science

webstore-dl-and-analysis

Master's Thesis in Computer Systems and Networks at Chalmers University of Technology

https://github.com/bionicriddle/webstore-dl-and-analysis

Science Score: 44.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (3.3%) to scientific vocabulary
Last synced: 7 months ago · JSON representation ·

Repository

Master's Thesis in Computer Systems and Networks at Chalmers University of Technology

Basic Info
  • Host: GitHub
  • Owner: BionicRiddle
  • Language: Python
  • Default Branch: master
  • Homepage:
  • Size: 563 KB
Statistics
  • Stars: 0
  • Watchers: 2
  • Forks: 0
  • Open Issues: 0
  • Releases: 0
Created about 2 years ago · Last pushed over 1 year ago
Metadata Files
Readme Citation

README.md

Needs updating

webstore-dl-and-analysis

Download extensions by running: (You can ctrl+c or kill at process at any time and restart without losing progress) You can also increase number of threads around line 219

python3 main.py

To analyze the extensions run: (currently just looking for the word "http")

python3 keyword_search.py

Owner

  • Login: BionicRiddle
  • Kind: user
  • Location: Sweden

Computer Science and Engineering student at Chalmers and certified madman.

Citation (CITATION.cff) 

title: Investigating the prevalent risks with residual trust within browser extensions
abstract: Browser extensions aim to improve user experience. There are around 127 000 extensions are available in the Chrome Web Store for users to install and ensuring these are not vulnerable to attacks is crucial. A possible attack vector originates through domain hijacking. Known as residual trust, an extension may place trust in an outside source to process data and reply to requests. Should that trusted source change ownership, security issues may arise. This thesis examines the dangers of residual trust within browser extensions. A framework was developed to extract data from extensions to determine how likely they are to be vulnerable to attacks originating from domain hijacking. Results include domain status, actions (FETCH, POST, GET etc) associated with domains, domain frequency and more. The results reveal an alarming amount of actively used domains for sale, indicating a widespread issue. These types of domains are most commonly found in smaller extensions which have either been abandoned or not received updates recently. While it may sound insignificant that most domains reside in smaller extensions, a large portion of extensions available are small, thus raising the scale of this issue. While difficult, measures must be put in place to reduce the dangers of domain hijacking in conjunction with residual trust. The framework in its current status may be used by individual extension owners and extension store owners to analyze their extensions. Potential future work exists in both code analysis and further development of the framework which is provided as open source.
repository-code: https://github.com/BionicRiddle/webstore-dl-and-analysis
date-released: 2024-06-30
authors:
  - given-names: Albin
    family-names: Karlsson
    affiliation: Department of Computer Science & Engineering Chalmers University of Technology
  - affiliation: Department of Computer Science & Engineering Chalmers University of Technology
    given-names: Samuel
    family-names: Bach
cff-version: 1.2.0

GitHub Events

Total
Last Year

Dependencies

Dockerfile docker
  • python 3.12-slim build
docker-compose.yml docker
node/Dockerfile docker
  • node latest build
node/package-lock.json npm
  • 116 dependencies
node/package.json npm
  • ast-eval ^0.8.0
  • cjs ^0.0.11
  • dfatool ^0.1.1
  • escodegen ^2.1.0
  • escope ^4.0.0
  • esprima ^4.0.1
  • estraverse ^5.3.0
  • express ^4.18.3
requirements.txt pypi
  • alive-progress ==3.1.5
  • argparse ==1.4.0
  • colorama ==0.4.6
  • dnspython ==2.5.0
  • psutil ==5.9.4
  • punycode ==0.2.1
  • requests ==2.31.0
  • selenium ==4.19.0
  • tldextract ==5.1.1
  • tqdm ==4.66.1