I recently posted about how to create a sandboxed firefox profile to compartmentalize (and shred) your firefox browsing history in an Ephemeral Firefox session. But so far I’ve only covered how to create a simple vanilla firefox profile. What if you want your Ephemeral Firefox to include a few basic extensions?
This post will cover how to add extensions to your Ephemeral Firefox profile.
- Part 1/3: Ephemeral Firefox in Ubuntu
- Part 2/3: Ephemeral Firefox with Extensions
- Part 3/3: Ephemeral Firefox as a Site-Specific Browser
Prereqs
Before proceeding, you must first execute the following prerequsites, which are detailed in my first post on setting up an Ephemeral Firefox.
sudo apt-get -y install firejail secure-delete sudo firecfg --clean
Create Skeleton Directory
Because we build the Ephemeral Firefox profile directory on-the-fly, we need to build a base skeleton directory with the extensions we want and a few configuration files.
The commands below will create the skeleton directory, download a few basic extensions, rename them as needed for installation, and change the config to allow for automatic installation of extensions.
SKEL_PATH="$HOME/.mozilla/firefox/ephemeralFirefoxSkel"
# create skeleton directory for extensions, if necessary
[ ! -d "${SKEL_PATH}/extensions" ] && mkdir -p "${SKEL_PATH}/extensions"
# the name of the extensions found in this list must match the unique "slug" id
# of the extension as found in the URL. For example:
# * https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/
extensions="https-everywhere ublock-origin cookie-autodelete privacy-badger17 chameleon-ext decentraleyes"
# for every extension, download it and rename it. For more info, see:
# * https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Distribution_options/Sideloading_add-ons
cd "${SKEL_PATH}/extensions"
for slug in $extensions; do
# download the file
downloadFileName="addon-${slug}-latest.xpi"
wget "https://addons.mozilla.org/firefox/downloads/latest/${slug}/${downloadFileName}"
# rename the file; the required new name is found in the manifest.json file
unzip -o "${downloadFileName}" manifest.json
newFileName="`cat manifest.json | python -c "import sys, json; print json.load(sys.stdin)['applications']['gecko']['id']"`.xpi"
rm manifest.json
mv "${downloadFileName}" "${newFileName}"
done
# allow extensions to be installed without human confirmation for faster startup
cat > "${SKEL_PATH}/user.js" <<'EOF'
user_pref("extensions.autoDisableScopes", 0);
EOF
Create Ephemeral Firefox Script
Copy the following script into '$HOME/bin/ephemeralFirefox.sh', make it executable, and make sure '$HOME/bin' is in your $PATH
[ ! -d $HOME/bin/ ] && mkdir $HOME/bin
cat > $HOME/bin/ephemeralFirefox.sh <<'EOF'
#!/bin/bash
################################################################################
# Author: Michael Altfield <michael@michaelaltfield.net>
# Created: 2019-03-03
# Updated: 2019-03-06
# Version: 0.2
# Purpose: Start an Ephemeral Firefox session with basic extensions
################################################################################
############
# SETTINGS #
############
TMP_PATH="$HOME/tmp/ephemeralFirefox"
SKEL_PATH="$HOME/.mozilla/firefox/ephemeralFirefoxSkel"
###############################
# CLEANUP OLD ORPHAN TMP DATA #
###############################
# loop through all the Ephemeral Firefox temp dirs
for tmpDir in $(find "${TMP_PATH}" -mindepth 1 -maxdepth 1 -type d); do
# is this temp dir for an Ephemeral Firefox that's still running? Or is it no longer needed?
if [[ -z `firejail --list | grep "${tmpDir}"` ]]; then
# this temp dir is no longer needed; delete it
echo "INFO: shredding data from old Ephemeral Firefox temp dir = ${tmpDir}"
srm -rfll "${tmpDir}"
fi
done
###################
# CREATE TEMP DIR #
###################
# first create a temp dir in our (hopefully encrypted) $HOME dir, if first run
[ ! -d "${TMP_PATH}" ] && mkdir -p "${TMP_PATH}"
# create temp dir for ephemeral session
tmpDir=`/bin/mktemp -p "$TMP_PATH" -d`
tmpProfileDir="${tmpDir}/firefoxProfile"
mkdir -p "${tmpProfileDir}"
echo "INFO: created Ephemeral Firefox temp profile dir = ${tmpProfileDir}"
###########################
# START EPHEMERAL FIREFOX #
###########################
# what should the homepage be?
url="${1}"
if [[ -z ${url} ]]; then
url="https://start.duckduckgo.com"
fi
# prepare extensions
cp -r "${SKEL_PATH}/extensions" "${tmpProfileDir}/extensions"
cp -r "${SKEL_PATH}/browser-extension-data" ${tmpProfileDir}/
cp "${SKEL_PATH}/user.js" "${tmpProfileDir}/"
cp "${SKEL_PATH}/extensions.json" "${tmpProfileDir}/"
# try disabling 'seccomp' if you encounter issues
#firejail --ignore=seccomp --whitelist="${tmpProfileDir}" firefox -no-remote -new-instance -profile "${tmpProfileDir}" "${url}"
firejail --whitelist="${tmpProfileDir}" firefox -no-remote -new-instance -profile "${tmpProfileDir}" "${url}"
###########
# CLEANUP #
###########
# fast (secure enough) wipe of tmp dir
srm -vrfll "${tmpDir}"
# clean exit
exit 0
EOF
chmod +x $HOME/bin/ephemeralFirefox.sh
PATH=$PATH:$HOME/bin
First Run Bootstrap
At this point you should be able to run `ephemeralFirefox.sh` in your shell, and it you’ll get a Ephemeral Firefox session with all your extensions installed. But [a] your extensions won’t be configured and [b] firefox will probably annoyingly start with a tab for each of the plugins’ latest release notes.
We can clean this up a bit by copying a few items from the first run’s temporary profile directory and permanently storing it to the skeleton directory created above like so:
First, delete any orphaned temp profile dirs that may be lingering around. Then kick-off the first-run Ephemeral Firefox.
srm -vrfll $HOME/tmp/ephemeralFirefox/* ephemeralFirefox.sh ...
Then, in another terminal, copy the following items from the first-run Ephemeral Firefox’s profile dir into the skeleton dir:
cp -r $HOME/tmp/ephemeralFirefox/tmp.*/firefoxProfile/browser-extension-data $HOME/.mozilla/firefox/ephemeralFirefoxSkel/ cp $HOME/tmp/ephemeralFirefox/tmp.*/firefoxProfile/extensions.json $HOME/.mozilla/firefox/ephemeralFirefoxSkel/
Now close the first-run Epheremal Firefox, and start a new one
user@host:~$ ephemeralFirefox.sh ...
Congratulations! Your Ephemeral Firefox session will now start with your basic extensions and user.js config.
Further Reading
This articles is part 2 of a 3-part series on Ephemeral Firefox. The other parts can be found here:
- Part 1/3: Ephemeral Firefox in Ubuntu
- Part 2/3: Ephemeral Firefox with Extensions
- Part 3/3: Ephemeral Firefox as a Site-Specific Browser
Related Posts
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
> TMP_PATH=”$HOME/tmp/ephemeralFirefox”
I tried to change this directory to /dev/shm and it doesn’t work 🙁 , I receive this error.
Child process initialized in 70.95 ms
libGL error: MESA-LOADER: failed to retrieve device information
libGL error: MESA-LOADER: failed to open amdgpu (search paths /usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri)
libGL error: failed to load driver: amdgpu
libGL error: failed to open drm device: No such file or directory
libGL error: failed to load driver: radeonsi
ExceptionHandler::GenerateDump cloned child 27
ExceptionHandler::SendContinueSignalToChild sent continue signal to child
ExceptionHandler::WaitForContinueSignal waiting for continue signal…
Gtk-Message: 20:30:10.157: GtkDialog mapped without a transient parent. This is discouraged.
@Max see my reply to your comment here
Please do let me know if you get tmpfs working with this Ephemeral Firefox script 🙂