A Night Of Web Extensions Hackathon

mozilla web extensions

There have been some tremendous contributions around the globe and especially in Mozilla Hyderabad and this time we were back with another hackathon named ” Web Extension Hackathon “. So ideally this event was about discussing about various topics which include ” Add Ons ” and ” Web Extensions “.

_MG_5740.JPG

A mozilla representative Santosh Vishwanatham was the key speaker and organizer for the event. We have witnessed a huge crowd and all of them are techies and are hardcore programmers ( to our amazement! ). Santosh introduced himself and let everyone introduce themselves and get to know about each other before they get started with the event.

_MG_5710.JPG

We were amazed to see people from different colleges and all of them are very young and talented programmers who have come to this event from colleges like Manipal, IIIT-H, NIT, etc… Santosh spoke about Firefox Add-ons and Web extensions

Later he explained about how to build an add on in Firefox using Web Extensions. Participants were very excited about getting started with this and showed a very positive response.

Later,  topics including Anatomy of webExtensions, WebExtension API’s, Sample add-ons were discussed. According to the statistics, 1 Million+ addons are being downloaded and 70+ addons are being published everyday.

Web Extensions

Web Extensions

Developing the first Add On Browser

Here are a couple of thing to be done to get going with adding the first Add-on.

 

  • Adding a browser action
  • Adding a page action
  • Accessing DOM from content scripts
  • Using a couple of WebExtension API’s
  • Debugging your add-on

_MG_5761.JPG

Once the session was finished, we had an online Conference Call with Caitlin Neiman, Community Manager of Add-ons. It was an amazing conversation with her and took insights from her on Add-ons and also asked few queries.

After finishing the dinner, we were all set to start the hackathon. All the instructions were given and finally everyone buckled up. The hackathon started and time just flew away while we started our ice breaker session.

_MG_5946.JPG

The ice breaker was all about making a circle and calling out ” Ducky Fuzz ” everyone should keeping saying that in the clockwise direction. Whenever a guy calls out the opposite ” Fuzzy Duck “, the same should follow in the anti-clockwise direction. But the rule is, the guy next to him can’t change the words immediately and the person next to this person can change that. It was a fun filled game which increased participants energy levels.

_MG_5830.JPG

There were 14 teams who came up with different ideas about their Add-ons and showed everyone for demos. Finally we selected top three winners and awarded them for their amazing contribution towards Mozilla Add-Ons. We were surprised with the igniting ideas of theirs and the coding skills they developed over night. Lots of learning and contribution has been seen from this event.

References

 

https://developer.mozilla.org/en-US/Add-ons/WebExtensions
https://developer.chrome.com/extensions
https://github.com/mdn/webextensions-examples
https://wiki.mozilla.org/WebExtensions

IRC Channels: #webextensions, #extdev, #addons

Mailing List: https://mail.mozilla.org/listinfo/dev-addons

Telegram: @addonschat

 

 

_MG_5714.JPG

 

 

Advertisements

Future of Open Web Apps and Firefox OS TV App Dev

IMG_3047

Yesterday, I learnt a lot. I visited Collab House, as there was an event of Open Web Apps, and developing Firefox OS TV apps.  Santosh Vishwanatham, a Mozilla Representative handled the entire session. He started off by doing an ice breakerof introducing ourselves. Everybody told something about themselves, and the existing mozillians told about themselves and their mozilla journey.

IMG_3054.JPG

After that, Santosh briefed about what all the topics are going to be covered in the session.

  1. Web Apps.
  2. Web API’s
  3. WebApps in 2015 and Now
  4. Service Workers
  5. Mozilla Oghliner
  6. Firefox OS
  7. Firefox OS TV
  8. Firefox OS TV App Development.

IMG_3056.JPG

Later, Santosh discussed with us some very interesting challenges faced by the web and how Mozilla worked on to that and finally came up with Firefox OS. Firefox OS happens to be one of my favorite OS I’ve used. It’s so simple, takes little memory, yet serves the best.

IMG_3060

Giving an illustration about how Service Workers work, and how seamlessly it makes us work with the existing websites even without any network, was the best part about Service workers. He Went on to give an example of Service Workers with a website called pokedex. The Service Worker really amazed people as Santosh showed us that, the other websites, when refreshed are not able to get the information without any internet connection while Pokedex Still did.

IMG_3058

It’s very important for us to have this feature, as we have frequent power cuts here in India, believe me, I actually am writing this blog with power cut, right now at 11 pm.A small screenshot of my laptop right now, with no power supply and wifi 😦

Screenshot_1.png

 

Personally, this feature will help me a lot, infact with everyone here in India. Advancing further, he started off with Mozilla Oghliner, and how it is used to deploy Offline Web Apps to GitHub Pages. How Oghliner actually makes a Web app work without internet by generating Service Workers for it.

IMG_3061

We gained much more knowledge about Firefox OS, it’s origin and the applications right now in the market. Akshay Tiwari, RAL for Hyderabad, came and explained us about how Firefox OS was planned and made ( without any planning ) and yet it was a huge success. Especially it was being sold in the market, Akshay and Santosh claimed they happened to use Firefox OS in Panasonic LED TV’s in Singapore when they were having a Mozilla summit recently.

IMG_3069

Later, Santosh covered about what is meant by Firefox OS TV, and how different it is from others , mentioning about the power of Web Technologies. A few advantages of Firefox OS  for TV’s.

IMG_3072

  1. Large Screen displays.
  2. No Touch Events
  3. One Element should always be focused
  4. Tv remote will be used for Navigation
  5. Web API Support

Some of the things we need to know when developing an application in Firefox OS for TV. Sanjay Gouri, a Mozilla Representative, also shared his experiences and views on Firefox OS.

IMG_3066

Finally, Santosh taught us how to develop our own Web app, using web technologies. We created a Hello world Web app.

 

Here are the reference and resources:

https://serviceworke.rs/

https://hacks.mozilla.org/2015/11/offline-service-workers/

http://slides.com/santoshv225/openwebapps/fullscreen

https://github.com/elin-moco/tv-workshop-boilerplate

https://github.com/mozilla/oghliner

Some of the pictures we took during the event:

12524333_547978025379479_3142880849943763474_n IMG_3074 969120_547977878712827_2779078789536920168_n 1915022_547977848712830_5834301108469496207_n

A paper Presentation on Privacy.

As it was the privacy month, I wanted to share the knowledge about privacy and security wherever possible, So I decided to give a paper presentation on this, which was conducted by the organizing team of CSI ( Computer Society Of India ) , which was held in my college CMR Institute Of Technology.

This paper presentation happened a day before the Privacy day! Everyone gave their paper presentations, and I was very pleased with the topics they chose and the way they performed. I and my buddy FSA Sreeja Mithinti, Happened to present our paper. We covered some interesting topics in the presentation.

 

12651141_10204879032289743_2172896746153899001_n

 

I started off the Presentation, about telling what is privacy, and when  this all started, and how important privacy is in everyone’s lives, may it be individual or for a business person.

 

12661961_10204879033409771_7893316367600486615_n

 

I talked a few points about why it’s risky to be on the internet without having a proper security and privacy.

  1. Pishing
  2. Pharming
  3. Spyware
  4. Malware

Some of the key issues everyone faces when in the internet are these things.  I mentioned in brief about all these, and explain the cause and effects.

Later, emphasized about the importance of privacy with some key points.

  • Limit on Power
  • Respect for Individuals
  • Reputation Management
  • Trust
  • Control Over One’s Life
  • Freedom of Thought and Speech
  • Ability to Change and Have Second Chances.

12654643_10204879033849782_8775368151662392301_nLater, I introduced about some topics like Online Tracking, Data Brokers, shared required information to get saved from these people, and mentioned tools for security like Ghostery and Lightbeam for firefox.

 

After this, my buddy Sreeja shared much information about

  1. HTTP Vs HTTPS
  2. Cookies
  3. Digital Foot printing.
  4. Spying

She also told how to secure ourselves by securing our passwords and the use of Duck Duck Go instead of other search engines. Overall it was a very good experience to share our knowledge to the rest of the members. We were awarded with the first prize for our Paper Presentation. It was our proud moment as well as enthusiastic as we shared something very useful to the rest of them. The judges were impressed by our presentation, and thanked us for sharing some crucial information.

Mozilla Privacy Month.

12651141_10204879032289743_2172896746153899001_n

I was really excited as the privacy month, i.e., January has started, I was enthusiastic, as all of the mozillians actively participating in the Privacy Campaign, I too thought to do something. I gave a paper presentation at my college CMR Institute of Technology, conducted by CSI. I, with my buddy FSA Sreeja Mithinti shared a lot of information about Privacy And Security.

I started off with a brief introduction about what is privacy and what are the risks related to internet privacy. I explained something about

  1. Pishing
  2. Pharming
  3. Spyware
  4. Malware

12661961_10204879033409771_7893316367600486615_n

Later covered some points about why privacy matters in everyone’s lives, including:

  • Limit on Power
  • Respect for Individuals
  • Reputation Management
  • Trust
  • Control Over One’s Life
  • Freedom of Thought and Speech
  • Ability to Change and Have Second Chances.

12687853_10204879032369745_3328465744137990078_n

I also covered some interesting topics including Online Tracking, Data Brokers, tools for security like Ghostery and Lightbeam for firefox.

After this, my buddy Sreeja shared much information about

  1. HTTP Vs HTTPS
  2. Cookies
  3. Digital Foot printing.
  4. Spying

She also told how to secure ourselves by securing our passwords and the use of Duck Duck Go instead of other search engines. Overall it was a very good experience to share our knowledge to the rest of the members. We were awarded with the first prize for our Paper Presentation. It was our proud moment as well as enthusiastic as we shared something very useful to the rest of them.

Here are some of our pics during our presentation.

12592422_10204879032809756_7468085843700247073_n 12644954_10204879032769755_3465669448189125027_n 12650847_10204879033329769_2731834935833361053_n 12650970_10204879034169790_854531669396777577_n12654545_10204879032329744_6288273786056968639_n 12654643_10204879033849782_8775368151662392301_n    12645164_10204879033809781_3894905100321330234_n 12669508_10204879032849757_7276974386256080271_n

 

We have come up with another Seminar in our college which included much more information. We, the members of CMRIT Firefox club took this initiative to spread the awareness about privacy to everyone around us through this seminar. IMG_2144

Bharat Chauhan kickstarted this session by talking about Online Privacy, and history about when did Privacy become a big concern, including the early protesters, challenges faced in the 90’s. And why, Privacy is not an option to choose, and the reasons he quoted were:

  • Need to participate in community
  • Rise of social media
  • Marketing Schemes – Targeted Advertisement
  • Websites give up user data for add revenue
  • Laws cannot keep up with technology
  • People are careless
  • The web is dangerous
    (Yes even for a common person)

He also mentioned about when did India became aware of the privacy concerns, and suggested a few alternatives to be used to be secure in the internet.

  • Chrome / Safari = Firefox
  • Dropbox = Spider oak
  • iOS/Android = Silent OS
  • WhatsApp = Cryptocat

Later, I handed the session, and made it a little interactive session by asking questions about privacy and security, and how much they mean to them. Unfortunately, I happened to notice that only a handful of them actually cared about privacy. So I took the responsibility, and taught them about why does privacy matters, in each and everyone’s lives, no matter if it’s a mere individual or a business person. I mentioned about the hacking that happened earlier in 2014 on the famous website eBay getting exposed to almost 233 million eBay accounts.

I also mentioned a few security breaches that had happened in 21st Century.

Raghavendra Abhilash handed over the session from here and finally Shared some knowledge he had on Digital Foot printing, Free basics and why free basics shouldn’t be allowed to anyone, the cons of it, as well as the causes of Foot printing.

One of the important topics Abhilash spoke was about EXIF, and how the information is extracted from EXIF and sold outside. He spread awareness about this to all of us and most of them were now scared after listening to how much everyone of us are exposed and exploited. Finally, he ended the session with the privacy features that were available in Mozilla Firefox Browser, and how Mozilla is Striving to keep the user data safe and secure, as well as sharing the knowledge and keep the everyone safe from being exploited .

Abhilash had also conducted another event in his own school, you can find the blog link here : https://raghavendraabhilash.wordpress.com/2016/01/19/online-privacy-aecs/

Here are some of the pics during our seminar.

IMG_2150 IMG_2149 IMG_2148 IMG_2147 IMG_2146 IMG_2145

 

Securing The Web At ZAP Day-6

Zap Day 6 was about contribution for the ZAP tool.

zap day 6

Conrtribution areas include Internationalization, localization, ZAP projects etc.

Coming to Internationalization, it is one of the major area to contribute. ZAP is an open source tool, so people from worldwide use this tool. It may be convinient for them to use the tool with their regional language. ZAP has different languages and the names of components and all the documentation data must be translated into different regional languages. That’s a huge task!

A project on Crowdin, where we can contribute to ZAP by simply translating the content in the language we’re good at. We translated some content in our regional language Hindi.

zap day 6

We had a discussion about IRC channel of the ZAP. The channel has many officials including Simon Benett who developed ZAP. The IRC channel related to Mozilla Community will have content related to ZAP and latest updates, queries, and discussions about the same.

Securing The Web At ZAP Day-5

In the 5th Day, REMO’s Sanjay, Sudarshan and Sumanth came out with concepts on how to add extensions and add ons to ZAP. ZAP actually has a lot of potential and it’s been awarded already for the best tool for security testing in 2014. REMO’s helped us showing extensions and add ons to the stock version of the ZAP tool.

zap day 5

ZAP extensions are nothing but the java packages that extend the functionality which is already existing within the ZAP tool by OWASP Community.

By adding extensions and Addons, we can create custom features/API’s to ZAP.

Coming to the ZAP extension, things which I found new were, ZAP source like Message.properties files, these files consist of all the static text content for ZAP tool. For example, we have many options in the ZAP tool which include history, break points etc.. The text in this, is imported from this file. It actually makes much easier to use ZAP in multiple languages, so just by creating a new Message.property with different language content, that particular language message.property file is imported.

ZAP actually follows a framework which allows developers like us to understand the source code of ZAP with much ease.
We’ve been guided through a set of steps to build an extension for ZAP

Step 1: Set up the source code on Eclipse IDE

Step 2: Create a new folder with extension name in the ZAP extension folder. This folder will consist of all the Java files and Message.properties file.

Step 3: Define the Message.properties file with all the required text which is present in the extension.

Step 4: Refreshing the code and running out new extension.

We convert an Extension into an add-on in ZAP Source. After completing adding of extension, we can convert it into an add-on.
add-ons are developed according to 3 stages. They are

1. Alpha
2. Beta
3. Final

An add-on, is first considered as in Alpha stage, first development stage.

We will be needing a xml file named “ZapAddOn.xml ” which is present in the root folder of the source and consists of contents about add-on and does loading and unloading dynamically.

Later when we learnt about adding extensions and add ons, sudarshan had given a small task for us to edit any menu present in the Zap tool. We edited the Message.properties file to change it. Finally we’re done with the day.

Securing The Web At ZAP Day 4

zap day 4Sumanth Started the session of 4th day by introducing new technical terms and discussed about the previous worksheet he had given in day 3. Apparently, the worksheet is based on Web Application security as well as ZAP source code.

We faced questions related to java Classes and functions related to ZAP source. We learnt many technical terms including main function in ZAP as well as the package located in.

Sumanth also taught us new things like ZAP API functionality and we learnt how to access it. ” Curl ” , a tool which helps to transfer the data to or from a server and “HttpOnlyFlag”, which is used to prevent the malicious code from sending the data from our website to attackers website.

I also got to know about ” Saros “, which is actually an open source Collaborating tool for Eclipse IDE, It’s actually essential for a team of members who work on a single project so that they can be on sync with the modifications done during the project real-time working process.

Saros is very useful application which includes features like chat option with the team members, current view of other users who are working on the project.

Sumanth later, started sharing some knowledge about the User interface modules of ZAP tool. He explained about, the way the packages are split in the ZAP source, instead of researching for those packages from all the files. It’s a heck long procedure by the way!

I also got to know about Swing Explorer which is an open source tool used on any Swing based applications to explore swing elements like Windows, Frames, Buttons and a few other elements visually. Actually, we can browse all the hierarchy of the components. We also were taught how to add new tabs in different positions of ZAP User interface like ” Left “, ” Right ” , ” Footer “, etc..

zap day 4

Sumanth later introduced “The Bodgeit Store ” which is a vulnerable application actually developed for newbies to work on penetration testing.

Bodgeit Store is made of few vulnerabilities like :

1. Cross Site Scripting
2. SQL injection
3. Unprotected content ( hidden )
4. Cross Site Request Forgery
5. Debug Code
6. Insecure Object References
7. Application Logic vulnerabilities
We created a local host using XAMPP Server and tested the vulnerabilities using Bodgeit.

Securing The Web At ZAP Day 3

zap day 3Zap Day 3 includes installing ZAP source on Eclipse IDE. On the third day, Mozilla Representatives, also known as REMO’s Sumanth Damarla and Sudarshan Discussed about how to install ZAP source On Eclipse IDE, as well as discussing about the previous worksheet they’d given us in the previous day.

zap day 3

Discussions continued and we got to know about this ” OWASP Summer Code Sprint 2015 ” which is actually a platform to contribute to ZAP project and get some good reputation as well as recognition. ZAP project is a Core Level Java based application so Java experts were really enthusiastic to participate in this contribution.

We learned how to install ZAP source code on Eclipse IDE for development purpose, also got to know how to import built-in libraries as well as external libraries into the ZAP.

zap day 3This day was a hands on session so we got our laptops and implemented whatever was being told, and got help from REMO’s and finally understood how to install the source code of ZAP using Eclipse and for our surprise, Sumanth, as promised, introduced OWASP Snakes and Ladder Game.

This game consists of 5 players and each move the player makes will make him move forward in the game. The ladders indicate that the player is safe from the following vulnerabilities present on that ladder box by using the methods to get protected from that vulnerability , and snakes include the vulnerabilities he faced during the game play. It was very interactive and unique way to make us learn about this Web security. We also posted tweets simultaneously while playing the game.

zap day 3The game consists of a few rules and a list of methods how to protect a web application as well as the risks of a web application.zap day 3

Securing The Web At ZAP Day 2

zap  day 2Zap Day 2 started and we learnt some more technical stuff that day. We learnt how to install ZAP software and get to know a lot about the software, including the User Interface of ZAP.

As usual, Installation didn’t take much time and wasn’t too complicated too. After we members finished installing, and once it’s completed, Sumanth Started discussing about generating a Dynamic SSL certificate using the software and using Firefox and installing the generated certificate on Firefox Browser. The use of SSL certificate is to test the websites using the browser plugin tool, to manually test the vulnerabilities.

Further in the discussion, we also gained knowledge about automated modes of ZAP tool, actually used to find out the vulnerabilities, I’d rather say the attack levels of ZAP.
There are 4 levels precisely.

1. Safe Mode ( lowest level attack )

2. Protected Mode ( moderate level attack )

3. Standard Mode ( Recommended mode and attack is a little severe)

4. Attack Mode ( an improvement to the standard mode, which will severely attack the website, wow! 😀 )

Sumanth went on to teach how ZAP actually works by using the Standard mode for attack, and started attacking on a test site and we found a few vulnerabilities including XSS Cross Site scripting etc..

Coming to ZAP, it actually has many inbuilt functions, like Intercepting, Fuzzing, Spiders, Scanners to name a few. After discussing, we actually had implemented all these functions and attacked on a few test sites ( practical learning is always better yo! )

I personally tested on a few websites I’ve designed and got to know that there were a few low flag vulnerabilities as well as a few high flag vulnerabilities like SQL injection. I made sure I fortified all the issues and vulnerabilities, now I can proudly say my website is protected.

We all, also got a worksheet to work on, which had many technical questions to test our knowledge as well as discussed the previous worksheet, helped us to gain knowledge on little technical terms. On the whole, Day 2 was pretty interesting, as it was a little interactive session as well as it was hands on session.