Didier Stevens

Tuesday 3 July 2007

The BlockSite Firefox Add-on

Filed under: Reverse Engineering — Didier Stevens @ 8:00

The Firefox add-on BlockSite by Erik van Kempen allows you to maintain a blacklist of sites you want to block for surfing. I extended his add-on with a whitelist: in stead of specifying the sites you want to block, you can decide to specify the sites you want to allow, and all other sites will be blocked. Erik has integrated my code in his add-on:

Version 0.5 — December 30, 2006 — 34 KB

[+] Whitelist/Blacklist feature (by Didier Stevens): Choose if the list is a blacklist or a whitelist.
[~] Password protection still pending (unfortunately), most probably in next major release

Reverse engineering a Firefox add-on is really simple. The file format for add-ons, XPI, is in fact a ZIP file. After unzipping the XPI file, you’ll find a JAR file (again, this is also based on ZIP). Unzip the JAR file and then you can analyze the JavaScript and XUL files.

You can also load an unpacked Firefox add-on in Firefox to test and debug it, how is explained here.


  1. BlackList and WhiteList both use the same list of sites, Therefore, we can’t use this add-on for allowing a not blocked site without giving the notice “This website, or elements thereof, are on the Blocksite blacklist (or not on the whitelist) and have not been loaded.” It seem to be impossible to use both lists simultaneously. So, it is very effective if you need to block sites, but the withleist is not usable.

    Comment by Mentiroso — Sunday 28 August 2011 @ 19:23

  2. @Mentiroso You should address your comment to Erik van Kempen, the author of the add-on. The purpose of my post was to show how one can extend an existing add-on.

    Comment by Didier Stevens — Sunday 28 August 2011 @ 20:52

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.