Show HN: Firefox addon to quarantine a tab to use offline with private data

166 points

3 years ago

Introducing QuaranTab: Companion extension to quarantine tabs so you can safely use them offline with private data

I find myself wanting to use online format parsers to quickly decode that production JWT or decode a base64 Authorization header but cannot trust these websites to not leak my information. I thought to myself if only I could cut-off network access to this site, use it offline, and then throw away all browsing data. So I created an extension just for that.

It uses Firefox contextual identities API (Containers) to isolate browsing data and inter-tab communication. Once the site is fully loaded, I then inject bogus proxy settings for any requests leaving that container to effectively cut-off network access. And once I'm done, I simply delete the Container.

Use Cases:

* Parse a live JWT token

* Convert a Base64 Authorization header

* Hash a password

* Parse a Protobuf message

* Submit my name and birthdate to estimate my date of death

Check out the MIT source code on GitHub [1] and install QuaranTab from the Firefox store [2]. If anyone is interested in a discussion, I'd love to chat about:

1. Any ideas on how we could implement this in Chromium? Using private window as a "Container"?

2. Can you come up with an exploit? I posted a 100usd bug bounty [3] if you find one!

3. Is there any way to prove an extension in the store was built from source in GitHub? I am imagining some kind of third-party escrow service managing the Firefox store account and building from specific public git repository.

1. https://github.com/matusfaro/quarantab

2. https://addons.mozilla.org/en-US/firefox/addon/quarantab/

3. https://github.com/matusfaro/quarantab#bug-bounty

54 comments