Mozilla's security team is developing a proposed open standard for "defining how security tools can interact with browsers in a more useful and usable way".
In a blog, a member of Mozilla's security team, Simon Bennetts, says the standard, called Plug-n-Hack (PnH), will make it easier for researchers to integrate some of their tools with Firefox and other browsers.
He adds that although security researchers use security tools in conjunction with browsers all the time, until now, direct integration has required writing platform- and browser-specific extensions.
It adds that configuring a browser to work with a security tool can be an onerous process that would deter those with less experience from using such tools. "This can include application developers and testers, exactly the sort of people we would like to use these tools more," Bennetts says.
He says that in order to configure a browser to use an intercepting proxy that can handle HTTPS traffic, the user must typically configure their browser to proxy via the tool, configure the tool to proxy via their corporate proxy and import the tool's SSL certificate into their browser.
However, should any of these steps not be done correctly, the browser will fail to connect to any Web site, and debugging such problems can be frustrating and time-consuming.
"Without integration between security tools and browsers, a user must often switch between the tool and their browser several times to perform a simple task, such as intercepting an HTTP(S) request," he explains.
"PnH allows security tools to declare the functionality they support which is suitable for invoking directly from the browser. A browser that supports PnH can then allow the user to invoke such functionality without having to switch to and from the tool."
He says currently, the Plug-n-Hack protocol has been implemented in Firefox, and Mozilla hopes other browser vendors and security researchers will start using it in their tools and applications too.
With this in mind, Bennetts said the PnH protocol was developed to be both browser and tool independent, and the current protocol has been released under the Mozilla Public Licence 2.0.
Share