JavaScript Restrictor
Browser extension that improves privacy and security
|
Fingerprinting detection (FPD) tests for web browser extension Javascript Restrictor verify that required JavaScript APIs are wrapped and all specified accesses to them are properly logged according to evaluating heuristics.
These programs and tools are required to be installed:
fpd_tests
and run command: .\start_fpd_tests.sh
(do not close the terminal, testing server is running).about:debugging
in the URL bar.This Firefox
.Load Temporary Add-on
.Import the firefox_JSR.zip
archive.
chrome://extensions
.Load unpacked
.chrome_JSR/
directory.Visit localhost:8000
and choose test from menu.
The test is focused on verifying how FPD module wraps browser APIs and counts accesses to them. It uses FPD configuration files (located in /common/fp_config
folder) to enumerate all supposedly wrapped APIs. Afterwards, the test creates local page that tries to access all APIs from previous enumeration. Number of accesses to each API is compared to number of logged accesses by the extension. Test results are shown in the form of statistics about mentioned comparison and can be used to discover wrongly wrapped or unsupported APIs. You can also change protection levels of the extension during test to try different FPD configurations.
The default behaviour is set to use files from /common/fp_config
folder to enumerate APIs. You can also use different files with the same syntax and naming convention (etc. custom wrappers-lvl_X.json
files). Just copy these files to fpd_tests
folder to use them for testing instead of default ones.
The results consist of these stats:
Below these stats are all tested APIs with type of access (get, set, call) and comparison numbers. Left number represents number of accesses from page to given API and right number represents number of accesses logged by the extension. Not wrapped and unsupported APIs are grayed out and crossed.
You can add custom test scripts to describe more complex scenarios with these simple steps:
fpd_tests/tests
folder ("resources.js"
is reserved name, do not use it).test_
and contain wrappers
as first parameter.addWrapper(wrappers, *api_name_string*, *access_type_string*, *access_number_int*)
at the end of the function test body for every accessed API that should be wrapped and counted for testing.Example of custom test script is available in tests/fpd_tests/tests/custom.js.