{"id":13462746,"url":"https://github.com/mindedsecurity/behave","last_synced_at":"2025-03-25T06:31:20.307Z","repository":{"id":142233121,"uuid":"271026138","full_name":"mindedsecurity/behave","owner":"mindedsecurity","description":"Behave! A monitoring browser extension for pages acting as \"bad boi\"","archived":false,"fork":false,"pushed_at":"2020-07-10T15:32:20.000Z","size":169,"stargazers_count":331,"open_issues_count":8,"forks_count":22,"subscribers_count":17,"default_branch":"master","last_synced_at":"2024-10-29T13:49:23.102Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mindedsecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-06-09T14:31:46.000Z","updated_at":"2024-10-18T11:09:21.000Z","dependencies_parsed_at":"2024-01-14T08:47:58.074Z","dependency_job_id":"194ee8a9-28bd-45b0-bc5f-4e80f3b09b6a","html_url":"https://github.com/mindedsecurity/behave","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mindedsecurity%2Fbehave","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mindedsecurity%2Fbehave/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mindedsecurity%2Fbehave/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mindedsecurity%2Fbehave/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mindedsecurity","download_url":"https://codeload.github.com/mindedsecurity/behave/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245413730,"owners_count":20611353,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T13:00:29.214Z","updated_at":"2025-03-25T06:31:20.046Z","avatar_url":"https://github.com/mindedsecurity.png","language":"JavaScript","readme":"# Behave!\n\u003cimg align=\"right\" src=\"https://user-images.githubusercontent.com/1196560/84408775-d7e64980-ac0c-11ea-87ed-38da5c38ffc6.png\"\u003e\n\nA *(Still in Development)* monitoring browser extension for pages acting as bad boys.\n\n**NB**: This is the code repository of the project, if you're looking for the packed extensions:\n\nFirefox: https://addons.mozilla.org/en-US/firefox/addon/behave/\n\nChrome: https://chrome.google.com/webstore/detail/mppjbkhgconmemoeagfbgilblohhcica/\n\n\n\n## Introduction.\n\n*Behave!* monitors and warn if a web page performs any of following actions:\n\n- Browser based Port Scan\n- Access to Private IPs\n- DNS Rebinding attacks to Private IPs\n\nHere's *Behave!* pointing the finger to at.tack.er page in the logs:\n\n![image](https://user-images.githubusercontent.com/1196560/84412872-277a4480-ac10-11ea-8db2-0e8eec9adc21.png)\n\n## Port Scan Monitoring\n\n*Behave!* will alert the user if the number of port or protocol used during a browser session exceeds a specific limit.\n\nThe limit is 20 by default, but it can be changed by the user via preferences.\n\nSince Behave does not perform any DNS request, \n\n\n## Direct access to Private IPs Monitoring\n\n*Behave!* will alert if a web page tries to directly access to an IP belonging to any the following blocks:\n\n- Loopback addresses IPv4 **127.0.0.1/8**\n- Loopback addresses IPv6 **::1/128**\n- Private Networks IPv4 **10.0.0.0/8** - **172.16.0.0/12** - **192.168.0.0/16**\n- Unique Local Addresses IPv6 **fc00::/7**\n\n\n### DNS Resolution to Private IPs\n\nIf a malicious script instructs the Browser to connect to a FQDN whose authoritative DNS resolves to a private IP\n*Behave!* checks if the resolved IP is private.\nAnyway, the IP information of a resolved hostname is available only if the port is open.\n\nSince *Behave!*, in order to prevent TOCTOU issues, does not perform any external DNS request, if the port is closed there will be no IP resolution available and therefore, no alert.\n\n\n### DNS Rebinding Bypasses\n\n*Behave!* does not perform any direct DNS request, and the IP is taken from the intercepted response. \n\nThat means that it's not exposed to any TOCTOU attack like DNS Rebinding.\n\n## DNS Rebinding Monitoring\n\n*Behave!* keeps track if a hostname is resolved with multiple IPs, and will alert if there's some mixing between public IPs\nand private ones.\n\n\n# Install\n\n*Behave!* is available as packed extension on:\n\nFirefox Extension: https://addons.mozilla.org/en-US/firefox/addon/behave/\n\nChrome Extension: https://chrome.google.com/webstore/detail/mppjbkhgconmemoeagfbgilblohhcica/\n\nHowever, if like you want to play a bit with the code you can:\n\n* Clone it OR download the zip and unzip\n* Open Google Chrome/Chromium go to chrome://extension \n* Activate Developer Mode\n* Push \"Load Unpacked\" and choose the Behave directory.\n* Enjoy *Behave!*\n\n# Wanna Test Behave! ?\n\nSee what happens when you go to one of the following:\n\nSingularity of Origin DNS Rebinding Attack:\nhttp://rebind.it:8080/manager.html\n\nJavaScript Port Scan:\nhttp://jsscan.sourceforge.net/jsscan2.html\n\n**Nota Bene:**\nAt the moment it won't alert if DNS Rebinding attack is performed on non private IPs such as:\nhttps://www.alf.nu/BrowserCacheAndDnsRebinding\n\n# Wanna Help? \n\nYou are welcome to help! \nFeel free to create an Issue or fork the project and make a PR.\n","funding_links":[],"categories":["Disclaimer","JavaScript","JavaScript (485)"],"sub_categories":["Ad Blockers"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmindedsecurity%2Fbehave","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmindedsecurity%2Fbehave","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmindedsecurity%2Fbehave/lists"}