HTTP Switchboard for Chrome/Chromium:

Discussion in 'other software & services' started by apathy, Nov 25, 2013.

  1. gorhill

    gorhill Guest

    About this... These are not cookies, I have no way to remove these. They are used to securely send cookies:

    http://www.browserauth.net/channel-bound-cookies
     
  2. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Interesting, I had no idea what those were.
     
  3. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
    To the Developer; Just want to say what a fantastic app you have made, its about time someone implemented something like this and i cant wait to see how it evolves.

    I do have a question though, at some stage or is there a way to remove the red boxes that are present where something has been blocked? Something like adblock style would be fantastic where it reorganizes the page to remove ads and the like and not show the spaces in red where things should have been?

    Regards,
     
  4. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I already asked about that on github.

    His reply;

     
  5. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    The current matrix lay-out/GUI with a user-option to either see the full list of blocked domains on sites which have been configured in HSb, or close that blacklist/resize the matrix popup, by clicking the tiny arrow on the dotted line between whitelisted/blacklisted domains, works fine for me.
    A limited number of user settings and the simple matrix GUI, are some of the reasons this add-on rules imao.
    I don't mind the extensive options like f.i Noscript offers, but a lot of users will likely be like 'Bleh, 10 million different possible combinations of settings, to secure my browsing habits. No, thanks.'
     
  6. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    556
    Location:
    Sonoran Desert
    Love this extension. Chrome is much faster now than it was with ScriptSafe.

    I do have a problem, it doesn't update automatically. Is that normal?
     
  7. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Make sure you don't have: Process behind-the-scene HTTP requests, checked.
    It updates for me but generally I manually update the extensions as soon as I see a new version available via github.

    You can manually update extensions by clicking the developer mode on the extensions page.
     
  8. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    556
    Location:
    Sonoran Desert
    Thanks for the reply, I'll try both.
     
  9. luxi

    luxi Registered Member

    Joined:
    Aug 31, 2013
    Posts:
    74
    Add this line to your hosts file: 127.0.0.1 google-analytics.com

    That will completely block the site itself and from setting cookies anywhere.
     
  10. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
  11. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
    Best Extension Ever!!!
     
  12. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    For me it's the best software discovery of 2013 :thumb: :)
     
  13. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Agreed, I wouldn't use Google Chrome without it!
     
  14. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    thanks gorhill for the great addon. Its interface is inituitive. Its a definite alternative to noscript in firefox.

    I am just wondering if there is an option to allow scripts from top domain by default. This way i would not be needed to whitelist the scripts for the sites i visit.

    This is how i configured in noscript to allow top level domains by default and all the third party sites are blocked.

    Again, thanks for the great contribution! a keeper definitely!! :thumb:

    Also, i am wondering if there is easy way to compare myself between sites (number of requests) loaded between firefox (Noscript & ABP+) and chrome (HTTPSB and ABP) after properly configured. I wanted to see what were the requests allowed per site between my browsers. Something like extracts the requests (i use abp+ console in firefox, but not sure for chrome) performed b/w the browsers and use comparison tools to find the difference.

    After initial comparing for 2 or 3 sites (after allowing to execute top level domain scripts), i see there are more requests performed in chrome compared to sites loaded in firefox. But not able to figure out what were they with out manually looking at the network panel in the debugging tools.
     
    Last edited: Dec 19, 2013
  15. gorhill

    gorhill Guest

    Auto-whitelisting (temporarily) the whole domain of a web page is on my todo list: https://github.com/gorhill/httpswitchboard/issues/23

    The problem I apprehend with auto-whitelisting is that existing opened pages in other tab could also be affected by the whitelisting of a particular domain, which I see as a bad surprise. This potential side-effect will have to be explained clearly to users. I ponder the idea of mitigating this potential side-effect by auto-creating temporary per-site scope + auto-whitelisting top domain, so as to minimize the whitelisting to bleed onto other existing pages. I wonder about NoScript's handling (if any) of this, I might have to give it a look today.


    For Chromium, I wrote an online tool to parse "HAR as JSON":

    - For the tab of the page you want to analyze, open "Developer console"
    - Select "Network" tab
    - Right-click and select "Copy All as HAR"

    Paste the result at:
    http://raymondhill.net/httpsb/har-parser.html

    I was hoping Firefox also supported this export format, but it didn't. That would have made comparison a breeze. I used this tool to compare with other blockers on Chromium.

    In Chromium, the blocked requests will also be reported as errors in the console output. Also, be sure to clear the browser cache each time you collect the requests which were made (again, right-click and select "Clear Browser Cache"in "Network" tab), as cached data will always succeeds and never block (not a big deal since no request reached the remote host in such case.)

    I am interested in your findings re. NoScript vs. HTTPSB.
     
  16. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    thanks gorhill for quick reply. Good to see you already have it in your todo lists :)

    Not sure what is the potential side effect in temporary whitelisting of the top-level domains.
    For Noscript, in its option panel, we simply allow top-level domains by default, no more extra clicks needed. I have set another option in noscript, which would disable auto-reload of pages in other tabs opened.

    re. Comparision of request b/w Noscript and HTTPSB, i wish HAR format is supported natively in firefox. I think firebug does that. Will take a look at it later and update you.

    Thanks, Harsha.
     
    Last edited: Dec 19, 2013
  17. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    Thanks gorhill for the link..
    I was able to use your HAR parser to generate the lists.

    Please see the excel document uploaded at filedropper.com to see the difference between firefox (noscript, abp+) and chrome (httpsb, abp). In the document i was referring simply as firefox and chrome when comparing for simplicity purpose.

    Conclusion,
    + A very Good addon, similar to noscript, abp in firefox.
    - needed to be configured to almost all the sites for it to work properly (this should not be a problem, once my wishlist is done :))

    Are there are any good file sharing sites with out needing for registration? Above i simply googled and used filedropper.com after quick virustotal scan...
     
    Last edited: Dec 20, 2013
  18. gorhill

    gorhill Guest

    I suppose using pastebin.com and pasting as plain csv would do the job.

    Regarding businessinsider.com, I didn't need to whitelist anything else than "*.businessinsider.com" and "code.jquery.com" to have the top menu work. Result is 214 requests for me, not 250.

    business-insider.png

    (I didn't use ABP+ above, as on Chromium it is quite a bloat for no gain since HTTPSB blocks all requests blocked by ABP+ and more.)

    This is also true for Firefox, so I don't understand how this could work on Firefox without allowing the script from "code.jquery.com".

    Also, I do believe that HTTPSB is the only one of the three here (ADP+ Chrome/Firefox and NoScript) to prevent non-whitelisted cookies from leaving the browser. I made a tool to check this: http://www.raymondhill.net/httpsb/httpsb-test-cookie-1.php (reloading the page will confirm the server is receiving the cookies).
     
  19. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    thanks for the tip. will use it next time!

    hmmm..strange. Perhaps i am doing something wrong here. I am not seeing the entries in the httpsb matrix as <*.sitename.com>, instead each domain is listed individually.
    Also, after little tinkering here and there in the matrix, i see the count seems to be increased now! Please see the attached screenshot.

    Good to know, i will remove abp in chrome.
    ABP+ in firefox has nice interface to add block filters. I use it to block the domains as 3rd party if i allow sth in noscript for a particular site.
    Also, Noscript and ABP+ is lot better and efficient for me than using either Ghostery and/or Disconnect. I feel sluggishness with the later two!
    "code.jquery.com" is already whitelisted in noscript.

    Yes, as of now Firefox (nos,abp+) does not prevent the cookies.
    Well done:thumb:
    Also, looking fwd to your port for firefox :)
     

    Attached Files:

  20. gorhill

    gorhill Guest

    The count in the badge is the total number of distinct requests, blocked or allowed, the page did or did try since it was opened: this count is cumulative, meaning whatever change is done in the matrix, the count will keep going up so long as new distinct requests are seen.

    I see you are going very granular. Even myself I don't go that far, unless I really really want the minimum number of requests for sites I will visit often (youtube.com, github.com for examples). I usually just click the domain name of the page to whitelist only if I want interactvity. In the current example, <www.businessinsider.com>, I don't even need to whitelist more than the default, since I can read the articles just fine without javascript, but for test purpose I did whitelist "businessinsider.com" (whole domain) and "code.jquery.com" (subdomain) and the number of requests which were made it to their respective host was 214.
     
  21. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    Works as advertised :thumb: Wonderful feature, thanks :)
     
  22. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,121
    Hello, I started using this extension and its interface is a lot better than NoScript in Firefox. I have a request though, add option to remove the right click context menu.
     
    Last edited: Dec 22, 2013
  23. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Very cool and actually quite user friendly, despite the large number of configurations possible.

    I'll be writing a post about this in a week or so. It gets my recommendation.
     
  24. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    thanks Gorhill.
    Can you tell me how to list domains as
    *.domainname1.com
    *.domainname2.com
    in the matrix instead if
    1.domainname1.com
    2.domainname1.com
    1.domainname2.com
    2.domainname2.com

    I do not want each and every subdomain to be listed. Instead *.domainname.com would be enough as shown in your screenshot earlier.

    just saw 0.7.1 changelog at github. this takes care of above question. thanks!!
    Waiting for this version to be live..:)
    Thanks, Harsha.
     
    Last edited: Dec 23, 2013
  25. gorhill

    gorhill Guest

    Actually this feature is already in your version, this was introduced in v0.5.9, issue 55. I didn't want the visual to be cluttered so the button to collapse/expand is quite subtil. But you should be able to find it if you look carefully at the cell containing the top domain of a group. Hover the mouse over and it appears completely.

    Note that the ability to collapse won't be available if there are explicit rules at lower level for a specific domain (because these rules would end up hidden and misleading users.)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.