Our great sponsors
-
CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
We have our first bug bounty!
Thank you "dz2742" for finding out [1] existing connections including websockets are not terminated and has won 100 USD! This is exactly the type of exploit I was hoping to catch.
Now I have to figure out how to fix that :) And also think about refilling the bug bounty pool without becoming very poor very soon.
https://github.com/matusfaro/quarantab/issues/2
Many of the use cases mentioned are available through a single tool called CyberChef.
There is an online version [1] but it doesn't submit any data to any servers. It only loads JS for the operations it needs to perform.
You can also download it and run it offline [2]. This is what I do.
I'll leave it up to you to decide if this makes QuaranTab unnecessary or if it's the perfect reason to use QuaranTab.
[1] https://gchq.github.io/CyberChef/
[2] https://github.com/gchq/CyberChef/releases/
On extensions, for example, I use LanguageTool [1], which is similar to Grammarly. It could be configured with a local server, although I have a “premium” account which sends data to a 3rd party server. I trust this extension to verify my messages on HN, but I can't trust it to have access to my banking account. This is an example of a really useful extension that I'll never be able to fully trust because it has access to all websites, and it sends all that I write to another server.
In fairness, Firefox's advantage has been that Mozilla has a trustworthy manual review process for the “recommended” extensions.
[1] https://languagetool.org/