New Update JShelter - JavaScript Restrictor

Add-on/Extension Page
https://jshelter.org/

SpiderWeb

Level 10
Thread author
Verified
Well-known
Aug 21, 2020
462

Screen Shot 2021-10-03 at 2.57.31 AM.png

JavaScript Restrictor​

JS Restrictor is an anti-malware Web browser extension to mitigate potential threats from JavaScript, including fingerprinting, tracking, and data collection. JShelter is a browser extension to give back control over what your browser is doing. A JavaScript-enabled web page can access much of the browser's functionality, with little control over this process available to the user: malicious websites can uniquely identify you through fingerprinting and use other tactics for tracking your activity. JShelter aims to improve the privacy and security of your web browsing.

Extension is available for Firefox, Chrome and Opera:
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,455
The UI is a little confusing. Which profile is activated when i chose "Default" and Profile 2 in the settings? Will it make profile two the default profile for all pages that I access?

General settings:
Unbenannt.PNG

Domain specific settings:
Screenshot 2021-10-03 160823.png

I think when setting it to profile 2 in general settings for example, and setting it to default in domain specific settings, then profile 2 will be the default profile for every website you gonna visit. At least thats how I get it.
 
Last edited:
F

ForgottenSeer 92963

@SecureKongo

Could you post what the options are for Domain Specific settings.

What I can see is that it reduces the geo and time accuracy, provides a blank canvas fingerprint and pretends to act as a firewall for javascript and xmlhttprequest (and fetches and Ajax also hopefully). But there is no info on what sort of checks and balances this extension does when acting as a firewall.
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,455
@SecureKongo

Could you post what the options are for Domain Specific settings.

What I can see is that it reduces the geo and time accuracy, provides a blank canvas fingerprint and pretends to act as a firewall for javascript and xmlhttprequest (and fetches and Ajax also hopefully). But there is no info on what sort of checks and balances this extension does when acting as a firewall.
Edited my post.

Here are more details about the protection layers: JShelter: Protection levels

I deleted it again as I just wanted to check out the settings. Not sure if it's trustworthy... I will take a deeper look at it later.
 
Last edited:

oldschool

Level 80
Verified
Top Poster
Well-known
Mar 29, 2018
6,964
But there is no info on what sort of checks and balances this extension does when acting as a firewall.
It's seems more for protection from fingerprinting than firewall for malware. Their home page is interesting but my initial impression upon installation is that the extension is the work of some students' science project.

Edit: drop-down UI is broken here on Edge. Issue #11
Edit #2: Removed extension since it appears to be useless junk.
 
Last edited:
F

ForgottenSeer 92963

Well, XMLHttprequest could be easily misused by downloading Javascript and executing it with Eval. So when they block these types of attacks, it would protect against obscufated third-party javascript execution.

You are right, it seems like a sponsored students project (but the nozzle and sozzle Micosoft javascript sanatizing studies started in the same way and led to major JIT-javascript compilation improvements)
 
F

ForgottenSeer 92963

Edited my post.

Here are more details about the protection layers: JShelter: Protection levels

I deleted it again as I just wanted to check out the settings. Not sure if it's trustworthy... I will take a deeper look at it later.
Thanks,

It seems trustworthy (considering the sponsor). I am now on travel, without private laptop, will certainly check this out when back.

Thanks for sharing.
 
F

ForgottenSeer 69673

It's seems more for protection from fingerprinting than firewall for malware. Their home page is interesting but my initial impression upon installation is that the extension is the work of some students' science project.

Edit: drop-down UI is broken here on Edge. Issue #11
Edit #2: Removed extension since it appears to be useless junk.
There is 3 installer files. One for Firefox, one for Chrome and one for Opera. Which one did you install for Edge?
 

The_King

Level 12
Verified
Top Poster
Well-known
Aug 2, 2020
539
The full list of protections of the levels is found on the project's GitHub page. Network Boundary Shield is enabled by default. It prevents web pages from using the browser "as a proxy between local network and the public Internet".

The protection encapsulates the WebRequest API, so it captures all outgoing requests including all elements created by JavaScript.

Closing words​

JavaScript Restrictor works in most modern web browsers. It improves user privacy by limiting access to certain browser APIs, which may be abused by sites for tracking and other forms of attacks. Check out the project's website to find out more about it.
 

eonline

Level 21
Verified
Well-known
Nov 15, 2017
1,064

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top