Analyzing Extension Effectiveness with Burp

Jordan Drysdale //

tl;dr

uBlock Origin appears, based on non-scientific testing, to be fairly effective at keeping trackers from making outbound HTTP GET requests.

Tested Extensions: No Add-ons v Ghostery v uBlock Origin v AdBlock Plus
Analyzed Website homepages: CNN v FoxNews v MSNBC

I ran all of the following tests about the same. I clear my browser cache, start a new Burp session and disable the proxy intercept. Via Kali Linux, the following Firefox version:

First up, CNN.

I started this analysis with a straight and clean load of CNN.com with no extensions or add-ons enabled. CNN’s site generated 335 HTTP GET requests in 60 seconds.

The next run is against CNN with the Ghostery extension. This combination generated 132 requests in 60 seconds.

The third test against CNN with the uBlock Origin extension finally choked on “You’re running an AdBlocker” and asked to be whitelisted. 102 GET requests and a soft adblock wall.

The last test for CNN was with the AdBlock Plus extension. In all, 99 GET requests and no adblock wall, weird.

Next up: FoxNews.

I cleared the browser cache, launched a new Burp session, and disabled intercept. At first run, with no extensions or add-ons running, there were 265 GET requests in 60 seconds. 

Certain elements of Fox’s site absolutely broke with Ghostery enabled. I entered the URL a second time and only got about 67 HTTP GET requests through the proxy. So, they are running something in the background that is reliant, possibly on a CDN that the Ghostery crew has deemed “irresponsible.”

The second extension test against Foxnews.com was with uBlock origin, and I ended up with 170 GET requests.

AdBlock Plus was ineffective against the trackers and ad-network scripts on Foxnews.com. We were back up to 229 GET requests with the AdBlock Plus extension.

Last on the list: MSNBC.

As usual, I cleared the browser cache, started a new Burp session and disabled intercept. A clean load of msnbc.com generated 301 requests in 60 seconds with no extensions or add-ons running.

The first extension test, with Ghostery enabled, generated 136 GET requests in 60 seconds.

With uBlock enabled, we were down to 85 requests.

Finally, and the last extension tested, AdBlock was basically ineffective against MSNBC’s tracking networks. We were back up to 140 GET requests.

It looks like most ad and tracking networks have adjusted to the methods used by the AdBlock Plus extensions to squelch their noise. Ghostery performed fairly well and included some interesting data about the trackers. Overall, uBlock Origin did the best at halting the dissemination of information about my browser, browsing habits, operating system, installed extensions, and browser fingerprint.

Panopticlick confirmed that things looked pretty reasonable from a tracking perspective running just uBlock:

My opinions are mine and may not align directly with BHIS. I support the EFF, DuckDuckGo, the uBlock team, PrivacyBadger, and the Ghostery crew.



Want to learn more mad skills from the person who wrote this blog?

Check out these classes from Kent and Jordan:

Applied Purple Teaming

Defending the Enterprise

Available live/virtual and on-demand!