My friend Ronald has a excellent post where he uses XML to gather entities from the various extensions to check if they are installed. Awesome stuff! The problem though is that it requires Javascript to be successful. I wanted a way to check any extension even if they had Javascript disabled or noscript installed. The following POC detects noscript even when you have a site as untrusted.
Check the POC here (detects just noscript at the moment):-
Total Recall noscript
kuza55 (Alex) also did a great POC with CSS:-
CSS extension detect
Comments 4
The link to the source doesn’t seem to be working atm…
I’m not sure if it’s working or not since when I disable NoScript, it still detects it, even though the referenced entity is no longer valid, and when i tried the detection code locally the meta refresh fires even when the extension is disabled :S
I hope this is just on my end, since some extensions don’t have css files, though I’m not sure how many extensions have dtd files but no css files….
Here’s to hoping for more non-JS based recon
Posted 15 Feb 2008 at 6:40 am ¶Oooops sorry the source should work now
Posted 15 Feb 2008 at 8:30 am ¶I dont think its working properly. It states that the only extension I have installed is noscript, but in this FF instance, I do not have noscript installed. false positive.
Posted 15 Feb 2008 at 4:19 pm ¶@tenest
I did test this successfully maybe a slight bug in the code somewhere I’ll double check this
Posted 15 Feb 2008 at 4:41 pm ¶Post a Comment