No-CSRF

Prevent cookies from being client-side sent cross-origin.

No-CSRFとは何ですか?

No-CSRFはbrandonio21によって開発されたChromeの拡張機能で、その主な機能は「Prevent cookies from being client-side sent cross-origin.」です。

拡張機能のスクリーンショット

screenshot

No-CSRF拡張機能のCRXファイルをダウンロード

No-CSRF拡張子のファイルをcrx形式でダウンロードし、ブラウザにChrome拡張機能を手動でインストールするか、crxファイルを友達と共有して簡単にChrome拡張機能をインストールします。

拡張機能の使用方法

                        Cross-Site Request Forgery is a major problem when it comes to browsing the web. If an attacker were to craft a request toward a server that performs an action, the request would contain any identifying cookies you have. As pointed out in academic literature, this can be used to empty bank accounts, change passwords, or anything in between.

This extension attempts to prevent Cross-Site Request Forgery by stripping cookies from any (non-GET) request that does not follow the same-origin policy. In this way, normal browsing remains uninterrupted while any possible CRSF attacks are blocked!

The extension is easily disabled and contains a small report of all requests which had cookies stripped. 

This extension is open source and the source code is viewable at https://github.com/brandonio21/no-csrf

This extension is based on a similar extension by avlidienbrunn

拡張機能の基本情報

名前 No-CSRF No-CSRF
ID amababajdpoioajiapncbkhcbpkncepk
公式URL https://chromewebstore.google.com/detail/no-csrf/amababajdpoioajiapncbkhcbpkncepk
説明 Prevent cookies from being client-side sent cross-origin.
ファイルサイズ 9.58 KB
インストール数 392
現在のバージョン 0.42
最終更新日 2016-07-05
公開日 2016-07-04
評価 5.00/5 合計 1 レビュー
開発者 brandonio21
Eメール [email protected]
支払い方法 free
拡張機能のウェブサイト https://github.com/brandonio21/no-csrf
ヘルプページのURL https://github.com/brandonio21/no-csrf
対応言語 en
manifest.json 
{
    "update_url": "https:\/\/clients2.google.com\/service\/update2\/crx",
    "manifest_version": 2,
    "name": "No-CSRF",
    "version": "0.42",
    "description": "Prevent cookies from being client-side sent cross-origin.",
    "icons": {
        "128": "badge.png"
    },
    "permissions": [
        "webRequest",
        "webRequestBlocking",
        "tabs",
        "webNavigation",
        ""
    ],
    "background": {
        "scripts": [
            "background.js"
        ]
    },
    "browser_action": {
        "default_icon": "badge.png",
        "default_popup": "popup.html"
    }
}

関連する拡張機能

Ignore Google Scripts
Ignore Google Scripts
Xframe Assassin
Xframe Assassin
Disable Content-Security-Policy
Disable Content-Security-Policy
Block Cross Domain protection
Block Cross Domain protection
Cross Domain - CORS
Cross Domain - CORS
No Opener, No Phishers
No Opener, No Phishers
Policy Control - JavaScript and Flash blocker
Policy Control - JavaScript and Flash blocker
Origin Requests Only (Firewall)
Origin Requests Only (Firewall)
Policy Control
Policy Control
Cacao CORS Proxy
Cacao CORS Proxy
Block Unreachable Scripts
Block Unreachable Scripts
CounterXSS
CounterXSS