Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Setting to prevent auto-visit of URLs #137

Open
TedDriggs opened this issue Nov 29, 2022 · 0 comments
Open

Setting to prevent auto-visit of URLs #137

TedDriggs opened this issue Nov 29, 2022 · 0 comments

Comments

@TedDriggs
Copy link

In cybersecurity data, URLs are likely to be adversary-controlled. Visiting them is therefore very bad, for two reasons:

  1. They could attempt to infect your machine
  2. Your visit could tip the adversary off that the URL has been found, causing them to take it down and denying investigators evidence of what the adversary was up to.

This tool looks really great, and I'd love to use it, but unfortunately I can't until there's a global setting that guarantees no requests could possibly go to untrusted/adversary-controlled systems.

An in-between setting might be allowing it only after explicit approval per-URL. An even fancier variation would be to do what VSCode and others do, and allow the user to say "trust this domain" so someone could use the app in this restricted mode while still allowing auto-resolution of their company's own APIs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant