Browser Extension

Blockade uses a browser Extension in order to perform blocking inside of the browser. Hashed intelligence[1] from the cloud node is sent down to the browser and stored inside of local storage. In order to inspect web traffic, Blockade uses the browser.webRequestAPIs and places a hook onBeforeRequest, so that all web requests are analyzed prior to leaving the browser.

If Blockade identifies a malicious web request, an event will be generated and stored inside of an events section within local storage. Events contain all the details of the request with some additional properties about the browser itself. On a regular schedule, events will get synced to the cloud node in order for analysts to process the events.

[1] Indicators are hashed using MD5. While not secure, this algorithm greatly reduces the key size and allows us to store well over a million indicators inside of local storage.