No-CSRF

Prevent cookies from being client-side sent cross-origin.

What is No-CSRF?

No-CSRF is a Chrome extension developed by brandonio21, and its main feature is "Prevent cookies from being client-side sent cross-origin.".

Extension Screenshots

screenshot

Download No-CSRF Extension CRX File

Download No-CSRF extension files in crx format, manually install Chrome extensions in the browser, or share the crx files with friends to easily install Chrome extensions.

Extension Usage Instructions

                        Cross-Site Request Forgery is a major problem when it comes to browsing the web. If an attacker were to craft a request toward a server that performs an action, the request would contain any identifying cookies you have. As pointed out in academic literature, this can be used to empty bank accounts, change passwords, or anything in between.

This extension attempts to prevent Cross-Site Request Forgery by stripping cookies from any (non-GET) request that does not follow the same-origin policy. In this way, normal browsing remains uninterrupted while any possible CRSF attacks are blocked!

The extension is easily disabled and contains a small report of all requests which had cookies stripped. 

This extension is open source and the source code is viewable at https://github.com/brandonio21/no-csrf

This extension is based on a similar extension by avlidienbrunn                    

Extension Basic Information

Name No-CSRF No-CSRF
ID amababajdpoioajiapncbkhcbpkncepk
Official URL https://chromewebstore.google.com/detail/no-csrf/amababajdpoioajiapncbkhcbpkncepk
Description Prevent cookies from being client-side sent cross-origin.
File Size 9.58 KB
Installation Count 392
Current Version 0.42
Last Updated 2016-07-05
Publish Date 2016-07-04
Rating 5.00/5 Total 1 Ratings
Developer brandonio21
Email [email protected]
Payment Type free
Extension Website https://github.com/brandonio21/no-csrf
Help Page URL https://github.com/brandonio21/no-csrf
Supported Languages en
manifest.json
{
    "update_url": "https:\/\/clients2.google.com\/service\/update2\/crx",
    "manifest_version": 2,
    "name": "No-CSRF",
    "version": "0.42",
    "description": "Prevent cookies from being client-side sent cross-origin.",
    "icons": {
        "128": "badge.png"
    },
    "permissions": [
        "webRequest",
        "webRequestBlocking",
        "tabs",
        "webNavigation",
        ""
    ],
    "background": {
        "scripts": [
            "background.js"
        ]
    },
    "browser_action": {
        "default_icon": "badge.png",
        "default_popup": "popup.html"
    }
}