Tuesday, February 26, 2008


Turn FireFox into an Intrustion Detection System

Firekeeper is an Intrusion Detection and Prevention System for Firefox. It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts. Rules can also be used to effectively filter different kinds of unwanted content.Features of Firekeeper include:
  • Ability to scan HTTP(S) request URL, response headers and body, and to cancel processing of suspicious requests

  • Encrypted and compressed responses are scanned after decryption/decompression

  • Privacy friendly - no data is send to external servers, all scanning is done on the local computer

  • Very fast pattern matching algorithm (taken directly from Snort).

  • Interactive, verbose alerts that give an ability to choose a response to detected attack attempt.

  • A detailed view of suspicious response headers and body

  • Event logging

  • Ability to use any number of files with rules and to automatically load files from remote locations

Download the newest Firekeeper release. Note: This is an alpha release which main purpose is to get feedback from users about Firekeeper's functionality and to test if Firekeeper works well on various different systems.

After installing visit a page with some tests, Firekeeper should display an alert for every link on this page.

1 comment:

Anonymous said...

Dang, no OS X?