Groundspeed is an open source firefox add-on that allows you to manipulate the interface of web applications to adapt it to the penetration test needs. Find more about groundspeed here:

Last Friday Groundspeed passed the Mozilla review to become a ‘public’ add-on. This basically means there will be no more install ‘malware danger’ warnings and users with older versions should be prompted to update to the most recent version.

I am impressed with the speed of the review by the Add-on Editors team, it took less than a week to complete. I am sure they have a lot of work so it’s great that they can be able to move things with so much efficiency. I am seriously thinking about volunteering some time to the review process.

I just uploaded a new version of Groundspeed to the Mozilla Add-on (AMO) site. The new version, 1.2, has some small updates to increase stability and to correct some bugs. I also submited this version to ‘full review’ by Mozilla, what should give Groundspeed access to all functionality in the add-ons site (no more warnings that the add-on might not be safe when installing!).

For security reasons, all add-ons hosted by Mozilla have to undergo a review by an AMO editor. This review covers things like namespase pollution, memory leaks, possible conflicts with other add-ons, malicious content and security vulnerabilities, like arbitrary privileged JavaScript execution in chrome space.

Once the review is passed, people using older versions of Groundspeed will be automatically prompted to update as part of the browser update process.

Here are the slides from the talk I gave yesterday at the OWASP NY/NJ chapter meeting. You can download the PDF slides from slideshare. Thanks to everyone who attended!