firefox addon f@stestfox API sending/collecting data?
Posted
by
Richard
on Super User
See other posts from Super User
or by Richard
Published on 2013-10-27T20:30:32Z
Indexed on
2013/10/27
21:56 UTC
Read the original article
Hit count: 427
System: ubuntu64/firefox24.0 object: addon "f@stestfox". Its a nice in-browser search tool and more.
Problematic: is the way the program handles the search queries.
when I use a search shortcut, burpsuite says:
request to msgs.smarterfox.com: 80
GET /log_msg?name=popup_bubble_searched&search_engine_title=Search%20Startpage&source=FastestFox&redirect_to=https%3A%2F%2Fstartpage.com%2Fdo%2Fsearch%3Fcmd%3Dprocess_search%26cat%3Dweb%26query%3Dnginx%26language%3Denglish%26no_sugg%3D1%26ff%3D%26abp%3D-1&rand=856827465 HTTP/1.1 Host: msgs.smarterfox.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive
once I saw a unique identifier (installation time?) was send with the request to the server. Am I right, that the addon sends the website I am looking at to the server? Sometimes I only mark text(ip adress or link) and the addon send this data? seriosly?
I did: search for the url in the code, but I dont speak java. And I am not sure, if the data from the request can actually be used for tracking :)
question: I want the awesome features of the addon, without connecting to their server: marked text should be send only to the searchmachines.
what should I do next?
thank you.
© Super User or respective owner