Web Tripwire Plugin

Overview
Welcome to the WordPress Web Tripwire Plugin. This plugin is based upon public code and research released by the University of Washington. I am in no way affiliated with that work, or the University, but the link is provided for traceability, research and appropriate kudos.

Visit the support forums
Download the plugin from the WordPress Plugin Directory

What is a Web Tripwire?
A Web Tripwire is a mechanism which compares the web server’s view of a web-site, with the client’s view of the web-site, if the two are different, then the page has possibly been altered in transit. The alteration may have occurred at any point in the transit of the page, sometimes with the user’s consent, sometimes without. Web Tripwires should not be thought of as a security control, but as a feedback mechanism to assist users in making informed choices about their Internet connectivity and their security process.

What does this plugin do?
This plugin will apply additional stress to your WordPress blog’s resources, as additional transfers, and database queries are made. You should be aware of the potential additional load this will place on your hosting resources. To assist you in making a decision on whether to use this plugin, or fine tune some of the options. Here is a brief run down of how a web tripwire functions:

  • The client request the object. The server responds, and embeds a local view of the object in a JavaScript component.
  • The client executes the JavaScript, and requests the object once more. Both the embdedded server view, and client view are compared for differences.
  • If differences are found the modified version is sent back to a Notifier component on the web server.
  • The Notifier then performs logging of differences, and performs regex comparisons against the client view, using a signature database in order to attempt to determine the cause of the alteration.
  • If the Notifier determines the client should be alerted, the response triggers the client JavaScript to notify the user, and present a summary report.

Pros
The upshot of the process, is that a comparison between transmitted and received version of the page can be compared, and the user can be alerted to anomalous data. This will detect various invasive technologies which may be messing with the traffic for various purposes, including injection of advertisements.

Cons
As you can see from the list above, the transfer of each web page now results in three additional transfers of the page, and a handful of back-end database queries. So the whole process adds additional load to the web-server.

Also, WordPress blogs are dynamic in content, and so change frequently, and also contextually. For example, a logged in user or administrator will receive additional elements, that a server’s web view will not. So, web tripwires lend themselves to static web pages more easily, but that’s of no use in the real world.

This can be mitigated slightly by creating signatures for dynamic elements that suppress notifications.

Feel free to buy me a drink:


To do
Warning Bar:

  • Negative and positive feedback in the warning bar, without necessarily clicking for a full report. For example, a RED bar for a recognised signature.
  • Customisable text for the warning bar.
  • A different way of presenting the diagnosis, perhaps a slide-out panel.

Notifier:

  • Themed report page, or some alternate report presentation mechanism.

Administration:

  • Provide an administration page for adding, modifying, and deleting signatures.
  • Graphs, reports, ETC. of trends.
  • A mechanism to submit log entries to a central source (me) for possible development of new signatures.
  • Subscribe to signature updates from a central source.

General:

  • Use gettext to support translation throughout the entire plugin.
Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • email
  • Technorati
  • Reddit
  • StumbleUpon
  • TwitThis

Comments are now closed.