Glenn Faden's Blog

  • July 23, 2006

Safe Browsing and URL Forwarding

Guest Author
Trusted Extensions makes it possible to separate network traffic
into labeled zones which provide robust isolation. As I mentioned in the previous posting, this
isolation provides an environment for safe browsing. The ability to automatically redirect web pages to the
appropriate browser prevents a variety of threats such as spyware,
viruses, and similar web-based attacks. I use the internal zone for all
of my activity on Sun's Wide Area Network (SWAN). I use the public zone
for browsing the external web.

Here is the data flow:


  1. The internal browser executes its proxy.pac script for a selected URL. The
    script specifies that a non-resolvable URL (outside of SWAN) should be forwarded to the url.xfer proxy on port 8080.
  2. The url.xfer proxy, listening on the multilevel port 8080 receives a proxy request, and calls getpeerucred(2)
    to determine the label and user ID of the request. It validates the
    request by checking the label of the requestor, and whether it has been
  3.  For an initial request  it replies with a page
    containing a JavaScript confirmer, asking the user for permission to
    forward the specified URL to the public zone.
  4. The browser executes the JavaScript and gets the user's reply.
  5. If confirmed, the browser encapsulates the original URL as a
    parameter and sends it back to the url.xfer proxy using the special
    hostname url.xfer. In either case, the internal browser is directed to return to the original page.
  6. The url.xfer proxy receives a request with the special hostname url.xfer. It starts a child process with the requestor's ID, and executes the Mozilla remote protocol to send the original URL to the Firefox instance which is running in the public zone with the specified user's ID.
  7. The Mozilla remote helper process finds the matching X11 property ( with the correct label and user ID) and signals the Firefox instance
    to open another JavaSript file which takes the focus, pops to the
    front, and requests the orignal URL to be loaded into the current
  8. The public Firefox instance executes its own proxy.pac file to determine how to handle this request.

Here is a sample confirmer dialog that is discussed in steps 3 and 4.

Join the discussion

Comments ( 1 )
  • grace Friday, June 25, 2010


    Great ifno!!

    I am so very glad that I found your blog post and that I read it.

    You have some very useful and helpful tips on here.

    We can never be to safe with this kind of stuff. Our computers are the best spot for someone to get into.

    Thanks for the great post.

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.