When Firefox acts like an IDS !!

by

In: FireCAT , Firefox , IDS

8 March 2007

Firekeeper is an Intrusion Detection and Prevention System for Firefox. It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts. Rules can also be used to effectively filter different kinds of unwanted content.

Here is a pretty good extension we’ve found out during Tracking New Firefox Extensions releases. An update of "Turning Firefox to an Ethical Hacking Platform" should be released soon with a new bunch of exciting extensions.

Features of Firekeeper include:

  • Ability to scan incoming Firefox traffic - HTTP(S) response headers, body and URL and to cancel processing of suspicious responses.
  • HTTPS and compressed responses are scanned after decryption/decompression.
  • Very fast pattern matching algorithm (taken directly from Snort).
  • Interactive alerts that give an ability to choose a response to detected attack attempt.
  • Ability to use any number of files with rules and to automatically load files from remote locations.

See FireCAT Framework for a complete map of security auditing extensions.

Post scriptum

Compliance Mandates

  • IDS :

    PCI DSS 10.6, 11.4, SOX A13.2, DS5.10, GLBA 16CFR Part 314.4(b) and (3), HIPAA 164.306(a)(2), 164.308(a)(1) 164.308(a)(6)42, FISMA SI-4, AC-2, ISO 27001/27002 10.6.2,
    10.10.1, 10.10.2, 10.10.4, 15.1.5


Related Articles

FireCAT
Firefox
IDS