Firefox version

[nukeador]

Hello,

I've automatically ported this addon to work with Firefox using this addon:

https://addons.mozilla.org/firefox/addon/chrome-store-foxified/?src=ss

Everything works perfectly since Firefox now supports webextensions. It would be great if you can upload/update it also on the Mozilla Addons site so more people can use it.

Meanwhile I've uploaded it myself here:

https://addons.mozilla.org/en-US/firefox/addon/pwdhash-port/

Let me know and I can pass you full ownership of the addon there.

Thanks!

[nukeador]

@infocris I wasn't able to get this extension published on the Mozilla Addons site, these are the reasons:

This version didn't pass review because of the following problems:

1. Your add-on includes a JavaScript library file that doesn't match any versions known to us. We require all add-ons to use unmodified release versions.

• jQuery

2. This add-on is creating DOM nodes from HTML strings containing potentially unsanitized data, by assigning to innerHTML, jQuery.html, or through similar means. Aside from being inefficient, this is a major security risk. For more information, see https://developer.mozilla.org/en/XUL_School/DOM_Building_and_HTML_Insertion . Here are some examples that were discovered:
   popup.js#L45
   test_hooker.html#L16, 21

3. stanford-pwdhash/install.js seems broken because the add-on does not use a jar file. Please remove that file.

Also, I don't know if the issues here are getting attention, since I see the last code commit was a year ago. Is this extension actively maintained?

[nukeador]

@infocris let me know so I can discard my work if this is no longer being maintained.

[infocris]

hi,

1. It is JQuery v2.1.1 without the final line "//# sourceMappingURL=jquery.min.map". I forgot the reason behind this change.

2. popup.js is currently broken in current chrome browser, the extension can work without it.
   test_hooker.html is an unused test file.

3. I've copied stanford-pwdhash full original source code and this file is currently unused.

The branch master is late. Maybe I will merge the master with one of the active branch when i remember how it may work : https://github.com/infocris/pwdhash/network

The HMAC-MD5 of the original pwdhash may be vulnerable to brute force attack (https://linuxundich.de/gnu-linux/erfolgreicher-brute-force-angriff-auf-pwdhash/), so I suggest to use alternative tools.

[heubergen]

Any news on this? In Nightly 55 the extensions seems not work without modification. Would love to work with you @infocris to fix this :)

[nukeador]

@heubergen it would be great if you can submit a PR :-)

[heubergen]

Do the extensions work from your repo in Nightly 55? If yes I'd love to do that.

[nukeador]

It is working on nightly 55 for me.

[heubergen]

Sorry if there's somehting I'm missing but I just tested it with a new clean profile and Nightly 55 x86:

The site I used was https://account.golem.de/register

I type in my email and then tried it with @@ as a password or F2 Key but there's nothing happen.

Am I might be using the Extensions wrong? :)

[nukeador]

I've created a pull request with the improved code I had working also with Firefox

#8

[nukeador]

@heubergen the extensions with the improvements has been published now https://addons.mozilla.org/firefox/addon/pwdhash-port/