Behave – Browser Extension for Pages Acting as “bad boi”

Behave is a monitoring browser extension for pages acting as bad boys. The browser extension will monitor all actions made to alert of any suspicious or malicious activity made by the browser. this will allow user to control and see what are the incoming connections and decide if he really need to block any of them.

Behave - Browser  Extension for Pages Acting as "bad boi"
Behave – Browser Extension for Pages Acting as “bad boi”

Behave! monitors and warn if a web page performs any of following actions:

  • Browser based Port Scan
  • Access to Private IPs
  • DNS Rebinding attacks to Private IPs

The extension will alert the user if the number of port or protocol used during a browser session exceeds a specific limit. The limit is 20 by default, but it can be changed by the user via preferences. Since Behave does not perform any DNS request.

some of the conditions that the extension will alert of when a web page tries to directly access to an IP belonging to any the following blocks:

  • Loopback addresses IPv4 127.0.0.1/8
  • Loopback addresses IPv6 ::1/128
  • Private Networks IPv4 10.0.0.0/8 – 172.16.0.0/12 – 192.168.0.0/16
  • Unique Local Addresses IPv6 fc00::/7

Another alert is when a malicious script instructs the Browser to connect to a FQDN whose authoritative DNS resolves to a private IP Behave! checks if the resolved IP is private. Anyway, the IP information of a resolved hostname is available only if the port is open.

Behave! keeps track if a hostname is resolved with multiple IPs, and will alert if there’s some mixing between public IPs and private ones.

You can read more and download the browser extension over here: https://github.com/mindedsecurity/behave

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments