Ladok Browser Extension : An Evaluation of Browser Extension API:s

Rahman, Mukti Flora

January 2022

Syftet med denna studie har varit att undersöka ifall det är möjligt att utveckla ett användargränssnitt i form av ett webbläsartillägg för Ladok som är ett resultatsystem för universitet och högskolor i Sverige. En del av studien har också varit att kunna utvärdera minst ett sätt att skapa webbläsartillägg. Enkätundersökningar samt intervjuer gjordes för att kunna förstå vilka typer av funktioner som skulle kunna vara till nytta för studenter samt lärare i ett sådant användargränssnitt. Det gjordes även GUI prototyper i designverktyget Figma som det gjordes användartester på. Den största utmaningen under arbetet har varit att kunna dra en slutsats om det är möjligt att kunna få tillgång till data från Ladok med hjälp av webbskrapning och API-förfrågningar. Datat på Ladok är sekretessbelagt eftersom Ladok innehåller konfidentiell information. Det har därför varit svårt att få tillgång till data under projektets gång. Olika typer av metoder testades under projektets gång för att se om det skulle kunna gå att få tillgång till data för att kunna utveckla ett användargränssnitt för Ladok. Slutsatsen som kan dras för detta projekt är det krävs mer forskning och tid samt att det inte finns någon lösning på detta än. Framtida arbete som är värt att nämna är kunna implementera användarskript som endast körs när studenter är inloggade på Ladok. Ett exempel på ett verktyg som kan användas för detta ändamål är TamperMonkey som är kompatibelt med Google Chrome. GreaseMonkey är motsvarar TamperMonkey, men är kompatibelt med Mozilla Firefox. / The objective of this study has been to examine if it is possible to develop a user interface as a browser extension for Ladok which is a result system that is used by higher education institutions such as colleges and universities in Sweden. A part of the study has also been to be able to evaluate at least one method of developing browser extensions. Interviews and surveys were conducted in order to understand what types of functions that would be beneficial for both students and teachers in such a user interface. GUI mockups were created in the design tool Figma and were later measured through usability tests. The main challenge during the study has been to be able to determine if it is possible to access data from Ladok through web scraping and API requests. As Ladok consists of confidential information about students, the data is private. Due to this it has been very difficult to be able to gather data. Different types of methods and approaches were used in order to determine if it would be possible to develop a user interface for Ladok. The conclusion that can be drawn is that more research and time are needed and that there is no clear solution for this yet. Future work could be to develop user scripts that would only run when Ladok would be used. An example of a tool for user scripts is TamperMonkey, which is compatible with Google Chrome. GreaseMonkey is equivalent to TamperMonkey, but is compatible with Mozilla Firefox.

Browser extension

Web Scraping

API

JavaScript

TamperMonkey

GreaseMonke

Browser extension

Web Scraping

API

JavaScript

TamperMonkey

GreaseMonke

Software Engineering

Programvaruteknik

Feeding Phishers

Lynch, Nicholas J

01 July 2009

Phishing campaigns continue to deceive users into revealing their credentials, despite advancing spam filters, browser and toolbar warnings, and educational efforts. Recently, researchers have begun investigating how fake credentials --- or honeytokens --- can be used to detect phishing sites and protect users. BogusBiter, one such work, creates sets of honeytokens based on users' real credentials and sends them alongside real user submissions to phishing sites. In this paper, we present Phish Feeder, an anti-phishing tool which extends the BogusBiter honeytoken generation algorithm in order to create more realistic and authentic-looking credentials. Phish Feeder also employs a ``honeytoken repository'' which stores generated credentials and provides a lookup service for legitimate sites that encounter invalid credentials. The Phish Feeder client is implemented as a Firefox extension and the repository is implemented as a Java web application. We compare the effectiveness of the Phish Feeder generation algorithm to that of the previous work and find that it is up to four times as effective at hiding real users' credentials within a set. Furthermore, we find that Phish Feeder introduces only negligible overhead during normal browsing, and a low overhead during credential creation and submission.

phishing

identity theft

honeytokens

fake credentials

browser extension

Other Computer Sciences

An analysis of the Privacy Policy of Browser Extensions

Zachariah, Susan Sarah

January 2024

Technological advancement has transformed our lives by bringing unparalleled convenience and efficiency. Data, particularly consumer data, essential for influencing businesses and developing personalized experiences, is at the heart of this transition. Companies may improve consumer satisfaction and loyalty by using data analysis to customize their products and services. However, the collection and utilization of consumer data raise privacy concerns. Protecting customers’ personal information is essential to maintaining trust, respecting individual autonomy, and preventing unauthorized access or misuse. Along with the protection of data, transparency is also another essential factor. When companies or organizations deal with users’ data, they are liable to inform these users of anything and everything that happens with their data. Our study focuses on the online privacy policies of Google Chrome browser extensions. We have tried to find the extensions that comply with the data protection guidelines and if all Google Chrome browser extensions are transparent enough to mention the details as per guidelines. Utilizing the power of Natural Language Processing (NLP) techniques, we have employed advanced methodologies to extract insights from these policies.

Privacy policy

Browser extension

Data privacy and management

Computer Sciences

Datavetenskap (datalogi)

Improvements of User's Security and Privacy in a Web Browser

Bishop, Douglas L.

January 2021

No description available.

Computer Science

MyWebGuard

Cross-Origin Isolation

Blocking Third-Party Cookies

Blink Runtime Enabled Features

A Novel Approach for User-Centric Privacy Protection on the Web

Oad, Satish Kumar

07 August 2023

No description available.

Artificial Intelligence

Computer Engineering

Computer Science

USER-CENTRIC PRIVACY

PROTECTION ON THE WEB

Policy engine

Modify policies

Browser Extension

Extrakce dat z webu / Web Data Extraction

Novella, Tomáš

January 2016

Creation of web wrappers (i.e programs that extract data from the web) is a subject of study in the field of web data extraction. Designing a domain-specific language for a web wrapper is a challenging task, because it introduces trade-offs between expressiveness of a wrapper's language and safety. In addition, little attention has been paid to execution of a wrapper in restricted environment. In this thesis, we present a new wrapping language -- Serrano -- that has three goals in mind. (1) Ability to run in restricted environment, such as a browser extension, (2) extensibility, to balance the tradeoffs between expressiveness of a command set and safety, and (3) processing capabilities, to eliminate the need for additional programs to clean the extracted data. Serrano has been successfully deployed in a number of projects and provided encouraging results. Powered by TCPDF (www.tcpdf.org)

Detekce metod zjišťujících otisk prohlížeče / Browser Fingerprinting Detection

Saloň, Marek

January 2021

The main goal of this thesis is to design and implement a mechanism that provides protection against stateless tracking with browser fingerprint. Implemented tool has a form of module that takes part of JavaScript Restrictor extension. The module allows to specify heuristics used for evaluation of visited sites that may contain browser fingerprint extraction. If suspicious activity is detected, all subsequent HTTP requests from that site are blocked to prevent the extracted fingerprint from being sent to the server. The implementation and defined heuristics were tested. The resulting module represents an effective tool against stateless tracking. The main limitation of the implementation is possible corruption of sites by blocking HTTP requests.