Shulou(Shulou.com)06/01 Report--

Translated into https://blog.mozilla.org/security/2013/08/22/plug-n-hack/

Overview of plug-n-Hack

Plug-n-Hack (pnH) is a standard proposed by the Mozilla security team to illustrate how security tools interact with browsers in a more efficient and useful way.

Security researchers used to use security tools to connect to browsers, but now direct integration tools require the security platform to be writable and browsers to have specific plug-ins.

Configuring the connection interaction between security tools and browsers is a difficult process. While this can prevent inexperienced people from using these tools indiscriminately, they may include application developers and testers who need them more.

For example, in order to configure an interception agent that controls HTTPS traffic, the user must complete the following steps:

(1) configure browser proxy through tools

(2) the traffic of the configuration tool passes through their common agent

(3) Import the SSL certificate of the tool into the browser

If any of the above steps go wrong, the browser will not be able to connect to all networks-and debugging such a problem is a very unpleasant and time-consuming task.

If the browser and security tools are not interactively integrated, the user must switch the tool and the browser several times to complete a very simple task, even if the task is to intercept a HTTPS request.

PnH allows security tools to call directly from browsers to implement the functions they support without switching.

PnH does have some specific uses, especially in terms of proxy configuration. Most of the functions of PnH are generic, allowing tools to implement the functionality they need.

The implementation of the above features between Firefox and common tools gives our team a lead, but we also know that only applying this approach to all browsers and all security tools will be more beneficial to security researchers, developers, and testers. So we designed and developed this PnH protocol, which is independent of browsers and tools. The current version of the PnH protocol and the PnH Firefox distribution have been released in Mozilla Public Certificate 2.0, which means that PnH has the flexibility to incorporate some commercial tools without having to pay a fee.

Https://renouncedthoughts.wordpress.com/2014/11/19/plug-n-hack-and-zap-manually-changed-proxy-settings-after-initial-pnh-configuration/

Https://blog.mozilla.org/security/2013/08/22/plug-n-hack/

Http://blog.portswigger.net/2013/09/burp-support-for-firefox-plug-n-hack.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.