ABE Learning Mode

[bchurchill]

I was thinking about how what a neat idea ABE is, and also thinking it would be nice to build ABE rulesets semi-automatically. A simple way to do this would be to have a 'learning mode' for a particular domain. In the learning mode, ABE would record all the domains that GET/POST requests are sent to. Then, it can use this data to build a generic policy for the site which the user could enable (and optionally edit). This is similar to how apparmor works on linux by intercepting system calls and learning which ones are valid and which ones aren't.

The common use case would be when a user wants special protection for a particular site. For example, if I want protection for my bank, I could (1) set ABE into learning mode for bank.com; (2) do several transactions on my banking website; (3) review the generated ABE policy and edit as needed; and (4) start enforcing the ABE policy.

I took a glance at the source code, and it doesn't seem like it would be too hard to do this. Does this sound like something that we would like to have a feature? Would anyone be interested in developing this?

[bege]

Unfortunately I am not able to develop this, but I want to second this idea.
There are quite a few web sites I have to view either with disabled NS or with IE. Allowing all scripts is sometimes not enough because that feature doesn't disable ABE. On sites with scripts from many domains configuring NS and ABE is sometimes very difficult and time consuming.

[Thrawn]

Hmm...this is a really interesting idea. ABE already logs the details of requests it blocks, so it could certainly record the traffic it sees. You'd just need some logic to merge duplicates.

Perhaps there could be a new ABE action, Log, that would not modify requests, but would still participate in the usual rule-precedence.

[bchurchill]

I'm glad to see there's some interest in this!

Perhaps there could be a new ABE action, Log, that would not modify requests, but would still participate in the usual rule-precedence.

I think this is a good way of doing it. This is how similar systems (apparmor, firewalls) seem to go about this sort of thing. Then the logs are parsed to make a profile.

I'm new to this community, so I don't know how features are selected for inclusion, or what discussion is important to have. I might be willing to implement this myself if the contribution would be welcome. How would I go about contributing? Is there a repository to work off of? Any development guidelines I should be aware of? Or maybe I'll leave this here and find someone already familar with noscript to work on it

[Thrawn]

I'm new to this community, so I don't know how features are selected for inclusion, or what discussion is important to have.

It's a benevolent dictatorship by Giorgio.

I might be willing to implement this myself if the contribution would be welcome. How would I go about contributing? Is there a repository to work off of? Any development guidelines I should be aware of? Or maybe I'll leave this here and find someone already familar with noscript to work on it

Well, there's no repository, but the addon is open-source; you can just unzip it and work on it. I suggest creating a local Git repository to track your work.

If Giorgio likes it, he'll probably accept it; he has before. Just try to read up on ABE and understand what it was designed for. First and foremost, it is for CSRF protection. (On the other hand, this idea actually feeds very well into that purpose.)