Outbound Rules 0.1 alpha 3 CRX for Chrome
A Free Productivity Extension
Published By Hraban Luyat
Outbound Rules (jpkboijeielcdcjhjfokoielfjchipeo): Protect against XSS by restricting access to outbound resources if a page defines a rule list... Read More > or Download Now >
Outbound Rules for Chrome
12.8 KBChrome Store
- • Type: Browser Extension
- • Latest Version: 0.1 alpha 3
- • Price: Freeware
- • Offline: No
- • Developer: Hraban Luyat
- • Rating Average
- 4 out of 5
- • Rating Users
- • Total Downloads
- • Current Version Downloads
- • Updated: December 17, 2016
Outbound Rules is a free Productivity Extension for Chrome. You could download the latest version crx file or old version crx files and install it.
More About Outbound Rules
It requires two parts to work:
* A browser with the Outbound-Rules plugin (this plugin)
* A webserver that supports the Outbound-Rules protocol (VERY simple to implement)
A common type of XSS attack works in two phases:
Step 2: use that malicious code to send private data from that trusted site (e.g. login details, cookies, ...) to an untrusted server.
Current XSS mitigation techniques focus purely on Step 1: they try to avoid XSS from happening. This is noble, but very hard to get right. It's an uphill battle and attackers keep finding loopholes.
The Outbound-Rules plugin, instead, focuses on Step 2: in the unfortunate event an XSS attack was successful, quarantine it. It will still be part of the Outbound-Rules cage, which only allows communication with an explicit list of trusted hosts. The attacker won't be able to send the sensitive data from the browser to himself.
Since you need both the server and the browser to support the protocol, this plugin is currently useful for environments where someone controls both the browsers and the servers. E.g.: a company with an admin dashboard, which is only accessible by employees. All employees can be asked to install the plugin, and the page can be configured to send the appropriate header.
On any site that does not support the Outbound-Rules protocol, this plugin should have no effect at all. It is therefore safe to install regardless of which sites you visit.
Full source code, license and further details available at https://github.com/hraban/outbound-rules
More Extensions to Consider (Similar or Related)
DuckDuckGo Privacy Essentials 2023.5.23
Malwarebytes Browser Guard 2.6.3
IDM Integration Module 6.40.12