Our great sponsors
-
CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
We have our first bug bounty!
Thank you "dz2742" for finding out [1] existing connections including websockets are not terminated and has won 100 USD! This is exactly the type of exploit I was hoping to catch.
Now I have to figure out how to fix that :) And also think about refilling the bug bounty pool without becoming very poor very soon.
https://github.com/matusfaro/quarantab/issues/2
Many of the use cases mentioned are available through a single tool called CyberChef.
There is an online version [1] but it doesn't submit any data to any servers. It only loads JS for the operations it needs to perform.
You can also download it and run it offline [2]. This is what I do.
I'll leave it up to you to decide if this makes QuaranTab unnecessary or if it's the perfect reason to use QuaranTab.
[1] https://gchq.github.io/CyberChef/
[2] https://github.com/gchq/CyberChef/releases/
On extensions, for example, I use LanguageTool [1], which is similar to Grammarly. It could be configured with a local server, although I have a “premium” account which sends data to a 3rd party server. I trust this extension to verify my messages on HN, but I can't trust it to have access to my banking account. This is an example of a really useful extension that I'll never be able to fully trust because it has access to all websites, and it sends all that I write to another server.
In fairness, Firefox's advantage has been that Mozilla has a trustworthy manual review process for the “recommended” extensions.
[1] https://languagetool.org/