Tag: Firefox

Categories
News

Hide Complete Orkut Profile! [New Orkut Bug]

Important Update: This is fixed NOW. So I am closing comments for this post

Long time back I wrote about hiding your profile name on orkut. Yes it was something to write about as by default you can not left your orkut profiles’ first and last name field empty.

Now comes a simple bug which hides complete orkut profile as shown below…

invisible orkut profile

# Steps To Hide:

  1. Go to Orkuts manage stuff page or click here.
  2. You will see a URL field on that page. Enter http://oa.addons.googlepages.com/hideme.xml in that field.
  3. Press Add button. That it!

Here comes screenshot…

Hide Orkut Profile

# Steps To UnHide: (works in firefox 2.x only)

  1. Go to Orkuts manage stuff page or click here.
  2. You will see a My Feeds section at the bottom of that page.
  3. Click the remove button next to feed we have added above!

Here comes screenshot…

UnHide Orkut Profile

# Technical Details

If you look at source of hideme.xml you can see title field have a script tag!

ADVERTISEMENT

<title><script>prompt(‘Hi’,’Hello’)</script></title>

ADVERTISEMENT

Next all contents are there if you look at source code of hidden profile pages, then…

ADVERTISEMENT

>> Here is what exactly went wrong:

ADVERTISEMENT
  • First thing feeds have no restriction on their title length.
  • On profile pages orkut shows feeds added to that account in left sidebar.
  • Now left sidebar is of fixed width so orkut has to truncate long feed titles. So if feed title is longer than 13 character, then only first 13 character is displayed from feed title followed by ellipsis […]
  • So in hideme.xml case first 13 characters are – <script>promp
  • Now while parsing browser encounters a <script> tag but no matching </script> tag and thus HTML source rendering stops in left sidebar only. Thus main portion of profile is not parsed at all!

>> Solution:

  • A very simple but highly costly solution is too validate feeds when user adds them! This I guess will not be acceptable by user as well due to delay caused by validations. Also while working at orkutfeeds I see today’s valid feed may become invalid tomorrow and so vice-versa!
  • So next solution is to do HTML entity escape on selected feed title portion as there is nothing wrong is truncating long feed title.
  • In PHP this can be easily achieved using a function htmlspecialchars. I hope there must be an equivalent in ASP also.

>> Implications

  • As you can manage your stuff only this is not serious as of now!
  • But use of script tag in title field suggest somebody discovered this bug while trying to find a XSS hole.
  • Now I guess orkut is lucky this time as truncation saved them. Otherwise this could have been ground for a perfect XSS attack! May be it is… 😉

Credits: Orkut Addons blog by Bean!

Categories
Reviews

Portable Applications for Windows User – Download & Run without Installation!

Portable Apps Logo If you…

  • access computer from more than one physical location like home & college
  • have flash/pen/USB  drive, iPod or any sort of portable storage device
  • using storage device to carry data like bookmarks and other setting which is common to various computers

Then using a portable application is right solution for you!

As defined on wikipedia,

ADVERTISEMENT

A portable application, or portable app for short, is a software program that does not require any kind of formal installation onto a computer’s permanent storage device to be executed, and can be stored on a removable storage device such as a CD-ROM, USB flash drive, flash card, or even a floppy disk, enabling it to be used on multiple computers

Now after going through many alternatives & directories the most impressive solution in this genre we found is PortableApps.com!

Below are link to few apps hosted on PortableApps.com. Complete list is here…

Portable Apps Directory

Portable Apps Suite MenuBeside this you may consider using PortableApps Suite – a program which will make you fall in love with your USB Drives! 😉

PortableApps.com Suite™ is a collection of portable apps including a web browser, email client, office suite, calendar/scheduler, instant messaging client, antivirus, sudoku game, backup utility and integrated menu, all preconfigured to work portably. Most impressive is backup/restore feature so that you can synchronize settings, bookmarks, data across various computers! Read support page for more information and usage guide.

Please note that applications are portable between various windows PC and in some cases on Linux if used with Wine. Check application compatibility page for most accurate information.

 

PortableApps.com LinksHomepage | Apps Directory | PortableApps Suite

Categories
Tips

Subscribe to Orkut Scrapbook, Community & Topic RSS Feeds With Just One-Click!

This GreaseMonkey Script for Orkut users adds a RSS feed link on most orkut pages like profile, album, scrapbook, community, topics, etc! The RSS feed links uses our OrkutFeeds service in the background.

Most important aspect of this script is that the way it integrates OrkutFeeds service and Orkut! All feeds are just one-click away. This means you will never need to visit OrkutFeeds homepage or do any kind of URL copy-pasting! 🙂

 

The RSS feed link will point to…

ADVERTISEMENT
  • Scrapbook of the user whose profile, album, scrapbook or any other page related to the user you are checking
  • Community if you are at any communities homepage, forum, polls & members list
  • Topic if you are browsing any community topic!

The above covers most orkut pages indeed. Let us know if you want something is missing… 🙂

 

The RSS feed link will appear…

ADVERTISEMENT
  • Orkut main menu on topside… (see screenshot 1) 
  • Firefox’s RSS indicator in URL bar… (see screenshot 2)

Screenshots:

 orkut feeds RSS link

Firefox RSS Feed Indicator

 

Now whenever you will click on links/icons highlighted in above screenshots you will be redirected to relevant RSS feed pages!

If you are good at math then you can realize all you need is one-click to reach any Orkut users scrapbook, community or topic! 😉

Installation:

 

Links: Install Orkut RSS Linker script | Download Firefox | OrkutFeeds

Categories
Tips

View Passwords Stored by Internet Explorer, Yahoo, Google Talk Messengers & Email Clients!

We are covering few small utilities by NirSoft which will expose lack of security in worlds top browser (as per stats) Internet Explorer, famous email client Outlook Express and my favorite GoogleTalk, Pidgin.

Google Talk, Pidgin & Live Messenger Password

In total four programs tested which are presented below. All these utilities are free, small zip files (around 30-60KB in size) and requires no installation. Just download, unzip and run! Also these are only for Windows Platform (tested on Windows XP).

Please note each of following utility claimed to work with many programs. Program names highlighted in bold are tested successfully by us. We could not test rest of the programs due to technical limitations.

ADVERTISEMENT

 

#1. PSPV (Protected Storage Password Viewer)

This utility can show passwords from following programs:

  • Internet Explorer 6.0
  • Outlook Express
  • MSN Explore
ADVERTISEMENT

Some antivirus notably Quick-Heal & McAfee detects pspv as its popularity grew over the time. I am using this for more than a year. In earlier days it never got caught! 😉

PSPV Links: Download | Homepage

 

#2. IEPV (Internet Explorer Password Viewer)

This utility can show passwords from following programs:

ADVERTISEMENT
  • Internet Explorer 6.0
  • Internet Explorer 7.0

If you are Internet Explorer user please consider switching to better and secure browser like Firefox! 🙂

IEPV Links: Download | Homepage

 

#3. MSPASS (Messenger Password Viewer)

ADVERTISEMENT

This utility can show passwords from following messenger:

  • MSN Messenger
  • Windows Messenger (In Windows XP)
  • Windows Live Messenger (In Windows XP And Vista)
  • Yahoo Messenger (Versions 5.x and 6.x)
  • Google Talk
  • ICQ Lite 4.x/5.x/2003
  • AOL Instant Messenger v4.6 or below, AIM 6.x, and AIM Pro.
  • Trillian
  • Miranda
  • GAIM/Pidgin (more about pidgin)
  • MySpace IM

MSPASS Links: Download | Homepage

 

#4. MAILPV (Mail Password Viewer)

ADVERTISEMENT

This utility can show passwords from following Email clients:

  • Outlook Express
  • Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
  • Microsoft Outlook 2002/2003/2007 (POP3, IMAP, HTTP and SMTP Accounts)
  • Windows Mail
  • IncrediMail
  • Eudora
  • Netscape 6.x/7.x (If the password is not encrypted with master password)
  • Mozilla Thunderbird (If the password is not encrypted with master password)
  • Group Mail Free
  • Yahoo! Mail – If the password is saved in Yahoo! Messenger application.
  • Hotmail/MSN mail – If the password is saved in MSN/Windows/Live Messenger application.
  • Gmail – If the password is saved by Gmail Notifier application, Google Desktop, or by Google Talk.

MAILPV Links: Download | Homepage

 

All these programs can be accessed via command-line. Command-line options and other usage details explained in chm help file which you will find after unzipping above utilities.

Geeks may like to use command-line versions with batch scripting from @&^#@%^$!%^$! Hey do not expect me to reveal more… I am not running school for script kiddies! 😛

More NirSoft Links: Top 10 Tools | Password Tools | Source Code Samples 

 

(Disclaimer: Information presented in this article is purely to educate user about security vulnerabilities in some top products used by us in day to day life. Any misuse of this information may subject you to legal actions. Devils Workshop will not be liable for any damage as per our ToS.)

Categories
Tips

OrkutFeeds – Get RSS Feeds for Orkut Scrapbook!

Orkut Feeds

Today we have launched a new service OrkutFeeds! It lets you subscribe to any Orkut Scrapbook using your favorite feed reader.

Best part of this service is that you do not need to give your orkut login details. So I guess this should not affect your orkut account in anyway!

Also we have options which will help you subscribe in only one-click, without ever visiting OrkutFeeds homepage! 🙂

#Bookmarklet Option: You can either drag-n-drop following bookmarklet on your browsers bookmark toolbar

Orkut Feeds

#Greasemonkey Script Option : You will need firefox and greasemonkey extension for this. If you don’t have these get them first.

Then  install OrkutFeeds greasemonkey script. The greasemonkey script will automatically add feed link on all orkut scrapbook pages.

ADVERTISEMENT

Actually Vikas created a service like this in past, but he is selling his script now. I found its too easy to create one of my own as I myself and few other friend specially Oscar wanted this feature.

ADVERTISEMENT

As of now, this service can not read private scrapbook. But its limitation by orkut itself! 🙁

I launched this one in hurry so it may contain some bugs. Please let me know if you find one so we can correct it.

Links: OrkutFeeds

 

Credits: RSS Writer Class by Snipplr made job a lot easier although some modifications were needed to make fees valid. Also thanks to CURL library. It turn out to be much more powerful than I ever imagined! 🙂

Categories
Tutorial

Setting Up Firefox as IDE for Firefox Extension Development! [Firefox Developers]

This article is intended for all geeks who are working on firefox extension development! If you are new to this then you may want to start with shortest tutorial for firefox extension development!

This is small but important tutorial for those who seriously want to develop firefox extensions. As there is no good IDE for developing firefox extension you have to change your firefox itself so that it can act like IDE! With proper settings and few extensions you can really reduce extension development time and get a nice debugging environment.

Following points have been covered in this article:

  • Setup a different profile for extension development
  • Development Preferences
  • Development Extensions
  • Live Extension Development
  • Things to skip
ADVERTISEMENT

 

#Setup a different profile for extension development

This is first thing to do. Creating separate profiles for extension development saves you from personal data loss which may result from accidental crashes. Also points explained below will make your firefox slow and bulky which is not desirable for day-2-day browsing specially when you use sites based on AJAX like Gmail!

If you know how to use multiple profiles in firefox then create a new profile right now for extension development. If you are new then you can read our earlier article to do this. Also as always there is an official doc which explains this topic.

ADVERTISEMENT

If you are interested in my extension development profile then you can download it from here! (Size: ~4.0 MB)

 

#Development Preferences

These are basically settings which you can change by visiting about:config page. Just type about:config in address bar and hit enter. You will see lots of settings there. Now use search feature to find following settings and change their values if needed. If a search returns no result right click in windows to create a new setting. If you need help regarding this, please refer official Mozilla doc – Editing Configuration Files.

ADVERTISEMENT

Following is list of setting = value pair. If you are new, just do it without bothering too much.

  • javascript.options.showInConsole = true. Logs errors in chrome files to the Error Console.
  • nglayout.debug.disable_xul_cache = true. Disables the XUL cache so that changes to windows and dialogs do not require a restart.
  • browser.dom.window.dump.enabled = true. Enables the use of the dump() statement to print to the standard console. See window.dump for more info.
  • javascript.options.strict = true. Enables strict JavaScript warnings in the Error Console.
  • browser.cache.memory.enable = false. Disables caching in main memory i.e. RAM.
  • browser.cache.disk.enable = false. Disables caching on secondary storage i.e. hard-drive in most cases.

Last two are not present in official doc. They reduce performance but better to do them for live extension development as explained later. Also the performance hit can be and must be offset by creating a new profile for extension development as explained above.

 

ADVERTISEMENT

#Development Extensions

There are lots of extensions which can make extension development process pretty easy! Complied below is list from official docs and my experience over the time!

>> From official doc

>> Recommendations

ADVERTISEMENT

This is by no mean a complete list. You may find some of these useless at this point but what you really need is mainly depend on goals of your extensions. You may like to bookmark official developers extension listing. Alternately you can add it to your search toolbar.

 

#Live Extension Development

Do you follow following sequence?

  1. Edit Extension.
  2. Package it into XPI.
  3. Install edited extension.
  4. Restart Firefox.

If yes, then you can’t go far!

At this point you must switch to live extension development. This way you can skip packaging/installation steps always and restarting step most of the time!

To do this, first navigate to folder named extensions where all installed extensions are stored. extensions folder can be found in path like <profiles_folder>/<profile_name>/extensions. (Help on finding profile folder)

Once in extensions folder, you will find many subfolders. Each of these corresponds to one extension and folder names indicate extensions guid. Now if your extension is already installed then you will see a folder with its guid name. Jump in it. Or just create a new folder with its name equal to guid under extensions folder for new extension and start developing right in that folder.

Now important point is, changes made to files under extension folders are reflected instantly without packaging or installation. Still you may need to restart firefox depending on change you have made! A slightly different approach is taken by Jonah Bishop at borngeek.

 

#Things to skip

This is little unrelated to this topic but nevertheless important as a beginner. Many articles including official talks about deploying extensions into JAR files. I personally against it as JAR files complicates the process of development as well as maintenance with no considerable benefit.

Also there is a complicated process called signing XPI which is really not essential at beginners level!

While surfing, you will come across many topics which can be skipped without any problem to save your time as well as confusion.

 

Finally there is no as such hardware requirement but consider having atleast 1 GB RAM as extensions like Venkman are memory hungry.

That’s it! If you have any query regarding this or any other problem feel free to use comments form below. Please avoid contacting via email/chat for generic problem as open discussion here can help others too.

 

Credits: Mozilla’s official article – Setting up extension development environment & many other docs are used while writing this.

Categories
Reviews

IE7Pro – The Best Add-On for Worst Browser!

image IE7Pro is an add-on for Internet Explorer which(IE) adds a lot of extra features to IE. It claims to make your browsing faster, more responsive and sleek.

First let me clear two misleading things, which may confuse you, from its 6 letters name…

  • Number 7 in the name does not mean this requires IE7. I successfully installed it on IE6.
  • Pro doesn’t mean you have to pay some bucks for it. Its completely free! No trail, No Demo!

Now comes its massive list of features… yeah its really something appreciable!

ADVERTISEMENT
  • Tabbed Browsing with Tab History Browser
  • AD Blocker
  • Flash Block
  • Super Drag Drop
  • Crash Recovery
  • Save Page to Image
  • Proxy Switcher
  • Mouse Gesture
  • Inline Search
  • User Agent Switcher
  • Webpage Capture
  • GreaseMonkey like User Scripts platform
  • Spell Checker
  • Need more? Request it!

Beyond add-on it acts like a platform on which user can run there own scripts (like GreaseMonkey), styles like UserStyles) and plugins (like firefox extensions)

It also have a separate sister site named IE7Scripts which have maintains repository of IE scripts, styles & plugins!

Download Links:

It requires IE 6.0 & above. Works with Windows NT/2000/XP/2003/Vista.

IE7Pro Useful Links: Homepage | Forum | IE7Scripts

Categories
News

Orkuts New Bulk Photo Uploader Feature!

If you are new on orkut then you might have reserved coming Sunday to fill up your orkut album as uploading 100 pics takes some time! Well you can save your Sunday by using orkuts new bulk photo uploader which let you upload multiple pics at once. Strangely orkut implemented this feature using ActiveX control which means this will work with Internet Explorer(IE) only. So no donut for firefox & non-IE users including me! 🙁

Anyway IE user can read on…

When you will go to your album to upload pics, you will see a new link as shown in following screenshot…

Orkut Bulk Photo Uploader

 

Click on it will lead you to ActiveX Installation page. This is one-time procedure only!

Orkut Bulk Photo Uploader2

 

After installation you will see a new add photos button in albums. Clicking on will open windows standard open file box. You can select multiple files at once. You need to click save button (not shown in following screenshot). Do not try drag-n-drop! It won’t work…

Orkut Add Photos

 

Once you done with adding photos, click upload photo button!

 Orkut Uploading Pics Progress

 

Thats it… All pics will be uploaded at once!

ADVERTISEMENT

The feature is nice but orkut could have done this using Java applets instead of ActiveX. Its strange to see orkuts parent company Google actively endorses firefox but a nice feature like this disappoints firefox user community big time!

Links: Orkuts Official Post

[Disclaimer: For the purpose of this post I had to use Internet Explorer. I logged in using a test account created on Orkut. I DONT use Internet Explorer. So please do not assume falsely that I use IE or encourage its usage in any way! I am firefox addict! 🙂 ]

Categories
News

Facebook AutoPoke Script – Poke Back All at Once!

Facebook_auto_poke_warFacebook_poke_war 

One of Devils Workshop reader mailed me this screenshot (at the right) of her facebook account! Being user of our Facebooks anti-apps Ignore ALL & Block ALL scripts she requests a way so that she can "poke back" all pokers at once. 

Thanks to GreaseMonkey, we can use a auto poke script!

When installed this script will automatically check if somebody had poked you whenever you go to your facebooks homepage. If it sees any pending pokes, it will automatically poke back the poker. (Check following screenshot!)

Facebook_auto_poke_back

Installation:

OR

 

Credits: Mike Soh – Author of this script!

Related:  Ignore ALL or Block ALL facebook apps with one-click

Categories
Tips

Searching Search-plugin from Search-bar! [Firefox Trick]

FirefoxSearchBar

I know the title is quite confusing! So let me quickly define terms in it…

  • Search-plugin – It provides the ability to access a search engine from a web browser, without having to go to the engine’s website first.
  • Search-bar – A browser toolbar which uses collection of search-plugins. (As shown in above screenshot)

 

ADVERTISEMENT

Now if you use search bar at the top right side in your firefox then you might have used Manage Search Engines option atleast once for adding a search engine for sites like YouTube, wikipedia, etc.

The above option also gives link to the page where you can get more few search engines! That page contains link to a project called Mycroft. The Mycroft project provides a collection of  around 14377 (and counting) Search Engine Plugins for your web browser.

At Mycroft project you can browse/search the search-plugins of your choice. Virtually it has a search plugin for each famous website.

But wait, the real trick isn’t out yet! Does it make any sense to visit Mycroft project page to search search-plugins? NO. So I have added Mycroft search-plugin directly in my search-bar! Look screenshot below…

FirefoxSearchBar_mycroft

 

#So To ADD Mycroft search-plugin…

  • Go to this page
  • You will see a link "Mycroft Project – All" on that page. Just click on it! …OR…
  • Click on small arrow notch at search bar, and you will see "add Mycroft Project" option.

FirefoxSearchBar_mycroft_add

 

Links: Mycroft Project