3. How many web browsers are there?
SRWare Iron
PaleMoon.org
4. Why pick one over another?
Speed, Safety, Standards Compliant
w3.org
http://securitywatch.pcmag.com/web-browsers/325447-are-
you-using-the-most-secure-web-browser
5. Web Browser Jargon: WWW, HTML, URL, etc.
The Internet depends on a great deal of technical
detail to work. Understanding a few basic terms
will help, but many of them are inter-related to many
other bits of jargon.
Please bear with me as I show you some rigorous
definitions in order to highlight useful parts to know,
and talk about what web browsers actually do.
6. What is a Web Browser?
âA web browser (commonly referred to as a browser) is
a software application for retrieving, presenting and
traversing information resources on the World Wide
Web. An information resource is identified by a
Uniform Resource IdentifierUniform Resource Identifier ((URI/URLURI/URL)) and may be
a web page, image, video or other piece of content.[1]
Hyperlinks present in resources enable users easily to
navigate their browsers to related resources.â
http://en.wikipedia.org/wiki/Web_browser
http://en.wikipedia.org/wiki/World_Wide_Web
7. What is a URL?
âA uniform resource locator (abbreviated URL;
also known as a web address, particularly
when used with HTTP) is a specific character
string that constitutes a reference to a
resource. Most web browsers display the
URL of a web page above the page in an
address bar.â A URL is a form of a uniform resource identifier (URI).
This definition can be found at this URL:
http://en.wikipedia.org/wiki/Uniform_resource_locator
8. How does a URL work?
âA uniform resource name (URN) functions like a person's
name, while a uniform resource locator (URL) resembles
that person's street address. In other words: the URN
defines an item's identity, while the URL provides a method
for finding it.â
http://en.wikipedia.org/wiki/Uniform_resource_identifier
âThe URI syntax consists of a URI scheme name (such as
"http", "ftp", "mailto", "crid" or "file") followed by a colon
character, and then by a scheme-specific part.â
http://en.wikipedia.org/wiki/Uniform_resource_identifier
9. What are the parts of a URL? (1)
scheme://domain:port/path?query_string#fragment_id
The scheme, often referred to as protocol, defines how the resource will be obtained. Examples
include http, https, ftp, file and many others. Although schemes are case-insensitive, the canonical form
is lowercase.
The domain name or literal numeric IP address gives the destination location for the URL. A literal
numeric IPv6 address may be given, but must be enclosed in [ ] e.g. [db8:0cec::99:123a].
The domain google.com, or its numeric IP address 173.194.34.5, is the address of Google's website.
The domain name portion of a URL is not case sensitive since DNS ignores case:
http://en.example.org/ and HTTP://EN.EXAMPLE.ORG/ both open the same page.
The port number, given in decimal, is optional; if omitted, the default for the scheme is used.
For example, http://vnc.example.com:5800 connects to port 5800 of vnc.example.com, which may be
appropriate for a VNC remote control session. If the port number is omitted for an http: URL, the
browser will connect on port 80, the default HTTP port. The default port for an https: request is 443.
10. What are the parts of a URL? (2)
protocol://domain:port/path?query_string#fragment_id
The path is used to specify and perhaps find the resource requested. It is case-sensitive,
[13] though it may be treated as case-insensitive by some servers, especially those based
on Microsoft Windows.
If the server is case sensitive and http://en.example.org/wiki/URL is correct, then
http://en.example.org/WIKI/URL or http://en.example.org/wiki/url will display an HTTP 404
error page, unless these URLs point to valid resources themselves.
The query string contains data to be passed to software running on the server. It may
contain name/value pairs separated by ampersands, for example
?first_name=John&last_name=Doe.
The fragment identifier, if present, specifies a part or a position within the overall resource
or document.
When used with HTML, it usually specifies a section or location within the page, and used in
combination with Anchor Tags the browser is scrolled to display that part of the page.
http://en.wikipedia.org/wiki/Uniform_resource_locator
11. Examples using URL parts
Query String: https://www.google.com/search?q=url
ftp://username:password@hostname/dir/dir/file.ext
http://www.w3.org/TR/REC-html40/intro/intro.html#h-2.1.2
Fragment Identifier starts with #
12. Example uses for different protocols
â https: for secure encrypted connections to banks, or private
information.
â About: to display information and access (sometimes obscure)
settings of your web browser.
â File: to access a local or network file.
â Javascript: execute javascript program code.
â http: Your average ordinary web page.
For a complete list see: http://en.wikipedia.org/wiki/URI_scheme
13. https: Secure Encrypted connections
âTransport Layer Security (TLS) and its
predecessor, Secure Sockets Layer (SSL), are
cryptographic protocols designed to provide
communication security over the Internet.[1] They
use X.509 certificates and hence asymmetric
cryptography to authenticate the counterparty with
whom they are communicating, and to exchange a
symmetric key. This session key is then used to
encrypt data flowing between the parties. This
allows for data/message confidentiality, and
message authentication codes for message
integrity and as a by-product, message
authentication.â
http://en.wikipedia.org/wiki/Transport_Layer_S
ecurity
17. Javascript: Execute Program Code
javascript:alert('Hello World!');
javascript:alert(Math.PI);
http://www.landofcode.com/web-development-how-to/javascript-address-bar.php
18. More fun with Javascript
WikiHow: How to Use JavaScript Injections
http://www.wikihow.com/Use-JavaScript-Injections
Bookmarklets: http://dmcritchie.mvps.org/ie/bookmarklets.htm
Learn Javascript - W3Schools: http://www.w3schools.com/js/
The Beginnerâs Guide to Greasemonkey User Scripts in Firefox
http://www.howtogeek.com/howto/16470/replace-extensions-with-
user-scripts-in-firefox/
Chickenfoot 1.0.8 Web Automation & Customization (not supported)
https://github.com/bolinfest/chickenfoot/downloads
https://www.youtube.com/watch?v=5wXWMuYM37s
Javascript:void(document.bgColor="LightSkyBlue")
19. More fun with Javascript, etc.
http://bolinfest.com/javascript/misunderstood.html
This book is not designed to teach you JavaScript, but it does recognize that you are likely
to have taught yourself JavaScript and that there are some key concepts that you may have
missed along the way.
Source for Greasemonkey etc. scripts: https://greasyfork.org/
Contemporary Open Source Web Automation Software
Selenium 2.0 WebDriver â How to Configure Selenium Webdriver in Eclipse and execute
some simple test script.
http://www.softwaretestingclub.com/profiles/blogs/selenium-2-0-webdriver-how-to-
configure-selenium-webdriver-in
Mozilla Webmaker Tools, including X-Ray Goggles (see how the web
works), Thimble, Popcorn Maker, and Appmaker.
https://webmaker.org/tools https://goggles.webmaker.org/en-US
20. Greasy Fork, a site for user scripts.
To use user scripts you need to first install a user script manager. Which
user script manager you can use depends on which browser you use.
Chrome: Tampermonkey or Violent monkey
Firefox: Greasemonkey or Tampermonkey
Safari: Tampermonkey
Microsoft Edge: Tampermonkey
Opera: Tampermonkey
Maxthon: Violentmonkey
Dolphin: Tampermonkey
UC: Tampermonkey
Qupzilla: (no additional software required)
https://greasyfork.org/en
22. What does a Cookie Look Like?
javascript:
alert(document.cookie);
Note: We can use a javascript url
to quickly view a cookie
associated with any webpage.
Google Chrome does not let you
paste a javascript URL directly,
but you can bookmark the script
for easier execution!
Why do you suppose
Weather.com stores more than
just your zip code?
23. Cookie Concerns
Snowden says the NSA uses QuantumCookies to ID Tor users.
A corrupt or invalid cookie can prevent access to a web site.
This slideshow is a nice introduction to Cookie issues:
http://www.slideshare.net/iamit/cookies-and-browser-exploits
Cross-Site Scripting (XSS) is a type of computer security vulnerability
typically found in Web applications. XSS enables attackers to inject
client-side script into Web pages viewed by other users. [to steal
session cookies, and then private information like credit card numbers!]
âBEASTâ (âBrowser Exploit Against SSL/TLSâ), CRIME, BREACH, etc.
27. Private
Searching?
5 Alternative Search Engines That Respect Your Privacy
http://www.howtogeek.com/113513/
Most Well Known âDo Not Trackâ Search
http://duckduckgo.com/
Like a Proxy Google anonymized search
https://www.startpage.com/
Multi-Engine: https://ixquick.com/
http://www.privatesearchengine.com/ -->
Blekko deletes personally identifiable
information within 48 hours.
http://blekko.com/
28. Add Private Search Engines
easily with these links:
Firefox:
https://addons.mozilla.org/en-US/firefox/addon/privatelee-https/
https://addons.mozilla.org/en-US/firefox/addon/ixquick-ssl/
Google Chrome, Firefox and ?:
https://www.ixquick.com/eng/download-ixquick-plugin.html
29. Firefox & Chrome add on
anonymox.net
Free Proxy supporting
many Countries.
hola.org
30. VPN â Virtual Private Network
10 Reasons to Use a VPN for Private Web Browsing
http://netforbeginners.about.com/od/readerpicks/tp/Reasons-
to-Use-a-VPN-Service.htm
Why You Should Start Using a VPN (and How to Choose the
Best One for Your Needs)
http://lifehacker.com/5940565/
https://thatoneprivacysite.net/
31. Safe BrowsingâAds and toolbars are the scum and villainy of the browser worldâ
âHow to clean and secure your browser like a proâ
http://preview.tinyurl.com/pk64bvp
âSince no antivirus program can catch all the millions of infections, use a secondary scanner
such as Ad-Aware, Malwarebytes, Spybot Search & Destroy, or SuperAntiSpyware. The
scans may detect additional adware, viruses, and other malware. With luck, your antimalware
utilities can eliminate unwanted ads, browser toolbars, and browser-hijacking malware in one
go.â
http://www.techsupportalert.com/best-free-browser-protection-utility.htm
http://www.sandboxie.com/
Run programs in a sandbox to prevent rogue software, unwanted programs, spyware,
viruses, worms, and other malware from making permanent changes to your machine.
Surfing Protection Extensions? How to pick one that is trustworthy and unobtrusive?
Eric Geier, PCWorld
32. Browser Hijacking
How to Avoid Installing Junk Programs When Downloading Free Software
http://www.howtogeek.com/168691/
How to Fix Browser Settings Changed By Malware or Other Programs
http://www.howtogeek.com/172141/
Why We Hate Recommending Software Downloads To Our Readers
http://www.howtogeek.com/189176/
The Shameful Saga of Uninstalling the Terrible Ask Toolbar
http://www.howtogeek.com/138516/
Avoid Javaâs Ask Toolbar Installations With This One Weird Registry Hack
http://www.howtogeek.com/198240/
33. Avoid Javaâs Ask Toolbar Installations
With This One Weird Registry Hack
http://www.howtogeek.com/198240/
35. Always update your software from the manufactures website and never download software
from CNET, Softonic or Brothersoft, itâs always bundled with a form of malware.
http://www.fixyourbrowser.com/how-to/how-did-malware-infect-my-computer/
How to Bypass and Reset the Password on Every Operating System
www.howtogeek.com/192825/
Note your system password is not adequate to protect your browser saved passwords.
Did you know that for Google Chrome to stay updated and current, you donât need Google
Installer and Google Update and other services like them to start up? Iâve disabled those
applications and services from starting up, and Google Chrome continues to remain updated.â
http://www.makeuseof.com/tag/make-windows-start-faster-10-non-essential-startup-items-can-
safely-remove/
Guide to Most Useful Bookmarklets for Chrome, Firefox, Safari, etc.
http://www.labnol.org/internet/guide-to-useful-bookmarklets/7931/
37. âSafeâ Mode Start
How to start Firefox in Safe Mode
Click the menu button , click help and select âRestart with Add-ons Disabled...â. Firefox will
start up with the Firefox Safe Mode dialog.
Note: You can also start Firefox in Safe Mode by holding down the shift key while starting Firefox.
https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode
Google Chrome has similar features:
http://www.chromium.org/developers/how-tos/run-chromium-with-flags
38. Choose, Protect, and Store Secure Passwords
Why You Should Use a Password Manager and How to Get Started
http://www.howtogeek.com/141500/
https://lastpass.com/
Securely Store Your Passwords with KeePass
http://www.howtogeek.com/howto/4962/
http://www.wikihow.com/Choose-a-Secure-Password
How to Prevent People From Viewing Your Browserâs Saved
Passwords: http://www.howtogeek.com/169986/
How Secure are Your Saved Chrome Browser Passwords?
www.howtogeek.com/70146/
http://www.RoboForm.com/
Ask How-To Geek: Whatâs Wrong With Writing Down Your Password?
www.howtogeek.com/howto/31259/
39. System Resource Use & Performance
Most systems have a tool to monitor processes and
performance. In Windows it is the Task Manager which I
like to launch with the keyboard shortcut Ctrl-Shift-ESC.
Notice how Firefox uses the most
memory by far than any other
process, followed by Google Chrome
as a close second. Multiple tabs, too
many extensions, pages with lots of
scripts, multimedia, and memory
leaks can make this problem worse,
eventually slowing down your system
until you restart your browsers.
40. Memory use of browsers
Closing Firefox
and Google
Chrome dropped
memory use from
5.25Gb to 2.86Gb
in this example.
Restarting them
brought memory
usage back up to
3.49Gb.
41. Checking Google Chrome Memory Use
Because Chrome creates a separate process for each tab, you cannot easily see the total
usage. Typing about:memory in the address bar will take you to a report with totals.
42. Good news: Chrome Shift-ESC Task Manager shortcut
Bad news: No more totals
45. Lots More Tips & Tricks
50 tips and tricks for Chrome power users
http://www.infoworld.com/article/2610416/
15 Coolest Firefox Tricks Ever
http://www.lifehack.org/articles/technology/15-coolest-firefox-tricks-
ever.html
28 Coolest Firefox About:Config Tricks
http://www.maketecheasier.com/28-coolest-firefox-aboutconfig-tricks/
The Best About:Config Tweaks That Make Firefox Better
http://lifehacker.com/the-best-about-config-tweaks-that-make-firefox-
better-1442137111
46. Keyboard Shortcuts
47 Keyboard Shortcuts That Work in All Web Browsers
www.howtogeek.com/114518/
Google Chrome Cheat Sheet
http://chromecheat.blogspot.com/2008/09/google-chrome-shortcuts.html
Keyboard shortcuts - Perform common Firefox tasks quickly
https://support.mozilla.org/en-US/kb/keyboard-shortcuts-perform-firefox-
tasks-quickly
Top 10 Web Browser Keyboard Shortcuts
http://www.curtisjohnstone.com/?p=243
47. Keyboard Shortcuts
CTRL+F5 forces the browser to re-fetch the page from the server.
CTRL+SHIFT+DELETE brings up a form to allow you to delete the cache.
CTRL+H brings up your browsing history
CTRL+J brings up your download history (Great to see where it is!)
CTRL+F4 closes your browser window
CTRL+W closes the current tab
F11 toggles between full-screen and the regular view
CTRL+TAB switches to the next tab
CTRL + (click hyperlink) opens the link in a new tab in the background
CTRL+SHIFT+P (IE & Firefox) opens a new window in private (aka
Incognito) mode, CTRL+SHIFT+N (Chrome)
CTRL+ + / - / 0 Zoom in / out / reset zoom
CTRL + U view page source
CTRL + N / T New Window / New Tab
CTRL + F find in page search
CTRL + B toggle Bookmark search bar (Firefox)
48. Run Android Apps in your Browser
How to Run Android Apps Inside Chrome
on Any Desktop Operating System
http://lifehacker.com/1637564101/
How to Run (Some) Android Apps In Your Chrome Browser
http://www.pcmag.com/article2/0,2817,2469232,00.asp
49. Install Google Chrome extensions in Firefox
https://www.ghacks.net/2016/05/23/install-google-chrome-
extensions-firefox/
50. Questions, Comments?
What are your favorite browser features, extensions, tips or tricks?
What do you use for surfing protection?
What would you like to see demonstrated?
Bonus links: https://www.ghacks.net/best-firefox-addons/
http://www.pcgamer.com/the-secret-problem-with-4k-display-
scaling/
Editor's Notes
These are all icons for web browsers. Web browsers are a key part of the World Wide Web, which is made up of many parts, networks, server farms, protocols, etc.
The World Wide Web (abbreviated as WWW or W3,[1] commonly known as the Web) is a system of interlinked hypertext documents that are accessed via the Internet. With a web browser, one can view web pages that may contain text, images, videos, and other multimedia and navigate between them via hyperlinks.
Before the web, documents were often shared on ftp servers, not always well indexed, and not easily cross referenced.
A web browser is software that lets you access hyperlinks or URLs.
The most common form of URI is the uniform resource locator (URL)
You don't need to know that the official name for the first part of a URL is âURI scheme nameâ.
I always thought of it as the protocol, or service that provides the web resource.
Note that you can chop off the â?â or â#â symbols, and everything to the right of them and get a main page instead of a specific search or section in these examples.
Instead of telling someone to search Google for URL, you can give them a link to a search for URL.
Instead of giving someone a link to a document that describes a fragment identifier, you can give them a link to the section in the document that covers it.
This site has a number of short videos explaining commonly exploited secuirty vulnerabilities. The first gives a basic explanation of how XXS works. Notice how little code the attacker needs to place on a web site to steal your session cookie?
The CC only frees DOM [Document Object Model] objects, and the GC only frees JS objects.
These buttons don't seem to do near as much as restarting to free memory.
Interesting discussion at:
https://bugzilla.mozilla.org/show_bug.cgi?id=654041
where the ramback extension is suggested:
https://addons.mozilla.org/en-US/firefox/addon/ramback/
Q: What's a bookmark?
S: add a note about the Web of Trust extension
Todo: fix overlap of image & URL in slide 11
Slide 22 note error, not by but to steal...