Behave! is a new browser extension for Google Chrome and Mozilla Firefox that is designed to inform its users when sites misbehave by performing port scans or access private IP addresses. The extension may also work in other Chromium-based and Firefox-based browsers but I have not tested that.
Behave! should not be confused with the Firefox extension behind!, which we reviewed yesterday. The new extension reveals when sites scan local ports or access private IPs. We revealed in May 2020 that eBay and other major sites were running port scans on user systems as soon as the browser connected to these sites.
The sites checked ports used by local remote software and used for fraud detection as remote software may be used for that purpose. Users on the other hand voiced concern that the port scanning was unethical and an invasion of privacy.
The browser extension Behave! monitors web pages for certain activity, and informs the user if it notices it. One of the main features of the extension is that it detects port scanning and will reveal as much immediately.
The extension adds an icon to the toolbar of the browser and changes the color of the icon based on its findings. A click on the icon displays information about the activity of sites in the browser sorted by method.
Behave! detects browser based port scans, access to private IPs, and DNS rebinding attacks to private IPS.
The extension comes with a basic set of preferences that let you change the portscan threshold, enable or disable the monitoring, and to enable or disable Windows notifications.
The open source extension is developed by Stefano Di Paola, the co-founder and CTO of MindedSecurity.
Technically speaking, Behave! "will alert if a web page tries to directly access [...] an IP belonging to any of the following blocks":
Behave! notifies users if sites misbehave or if DNS rebinding attacks are performed. The extension comes without any options to block the site behavior. The developer plans to introduce new features in future versions of the extension. Plans are underway to integrate a whitelist in the application and an option to "track back the code performing the suspicious activity".
Now You: Do you use security or privacy extensions in your browser? (via Bleeping Computer)Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.