Dave Ferguson's Blog : FireBug

Block Firebug on your site

Mar 31

posted by Dave in ColdFusion, FireBug | 10 Comments

So, you want to stop people from using Firebug when visiting your site? Well, it is just about as easy as you think. All you have to do is basically just see if the firebug console is active. If so display a warning and relocate. The one thing to remember is that you want to prevent this from running when doing cfc calls. This is also true for any other call that does a non standard return.

view plain print about

1<cfsavecontent variable="firebugTxt">
2<cfoutput><script>
3    if( window.console && window.console.firebug ){
4        alert("Sorry! This system does not support Firebug.\nClick OK to log out.");
5        window.location='/login_out';
6    }
7</script></cfoutput>
8</cfsavecontent>
9<cfhtmlhead text="#firebugTxt#">

till next time...

--Dave

This entry was posted on March 31, 2009 at 8:29 AM and has received 4263 views. There are currently 10 comments. Print this entry.

TweetBacks

Comments

[Add Comment] [Subscribe to Comments]

#1 by Ted Wise on 5/18/09 - 12:14 PM

Why would you want to?
#2 by dan on 5/18/09 - 1:24 PM

why? because maybe the person doesn't want the hacker to easily view the http ajax requests, etc. etc.

then again, i think this is a cheap hack for the ordinary people. Since we all know...we can just download the whole webpage and rip out the solution described in the blog.
#3 by Mike Heath on 5/18/09 - 2:30 PM

Right... because firebug is the only way to see the ajax requests?

I feel dumber for reading this blog.
#4 by Rodrigo Urubatan on 5/18/09 - 2:43 PM

This will not help against a hacker,
because you can easily enable firebug after the page is rendered. Or if you are a hacker, download firebug and change the name (making your code not work) should not be that hard.
#5 by vm on 5/18/09 - 2:56 PM

This actually really good. Sometimes you forget firebug is on and sites like gmail are very slow. A friendly reminder to disable it is very useful.
#6 by Toolman on 5/18/09 - 4:50 PM

Its foolish to try and disable via this technique - anyone interested in dissecting will easily get around. As VM pointed out, it might be nice to be aware of firebug, and warn the user of potential problems (performance, double ajax submits etc.), but to kick them out is not going to work.
#7 by Dave Ferguson on 5/18/09 - 5:52 PM

@Ted w. To attempt to deter people from seeing your AJAX requests.

@Mike H I never stated that firebug was the only way to see AJAX requests. Also, I am sorry that my blog, in someway, reduced your mental capacity.

@RU @Toolman I never stated that this will prevent all hackers or any malicious person. If someone wants in they will get in, period. My post was merely to point out a way to detect that firebug is running when a user visits a site. What you do or don't do with that knowledge is up to you.

--Dave
#8 by Jan Jarfalk on 5/19/09 - 1:01 AM

I dont think you should disable your visitors Firebug, but that javascript snippet is still useful.

I think you should use it to notify your visitors that Firebug can slow down your web page and that they probably shoyld disable it.

Like this: http://www.unwrongest.com/blog/if-firebug-slows-do...
#9 by Kris Hofmans on 5/19/09 - 2:07 AM

If this is your best security measure than I believe you have bigger problems.

to me it feels like a right-click script that when you right click says something like: "don't steal my images" ... yeah, like that will stop the person from doing it.

I think the time spent on this should have rather been spent on making things secure on the server-side and that no matter which hacker "steals" your precious ajax request, you'il still be secure.
#10 by Bogdan Dimitrov on 4/30/10 - 11:52 AM

Nice try to block Firebug.
But what if I use IE Developer toolbox!?!
I see every thing! Just like Firebug. :-))

[Add Comment] [Subscribe to Comments]

Dave Ferguson's Blog

Block Firebug on your site

TweetBacks

Comments

Links

Subscribe

Recent Comments

Recent Entries

Archives by Subject