Application Security Testing: An Integral Part of DevOps
Click here for larger image
Environment: Win2000, IE 5.0 and later
This article is about a technique that allows you to write your own Internet Explorer Extensions. In other words it allows you to launch your own applications from the toolbar of Internet Explorer in the way messenger or yahoo or scores of other commercial applications can be launched.
What are Extensions?
For those who are still dazed by all this talk of "Extensions" in Internet Explorer, I will recommend that you have a good look at the browser that you are using for veiwing this page. Chances are that you are using Internet Explorer and chances are that icons of some other applications that you have installed in your machine e.g. MSN messenger, Yahoo etc. are comfortably seated there in the toolbar of Internet Explorer. These are "Extensions" to Internet Explorer.
This is a particularly powerful feature of Internet Explorer and opens up a new resource for application developers to tap into. However, I will like to center this article around plugging custom applications into the IE.
How can Extensions be useful to me?
This is not exactly a technical question but a practical question none the less. As an application developer I found this feature particularly useful to buy my applications some real estate on the users desktop. If you are designing some internet centric application , and are concerned about your target users not finding it when needed, then there is nothing better then make it stare right at the users face from the browser toolbar. The other reason that I find no less compelling is the kick that you get from buying your application some space amongst supremos like messenger and yahoo :) . Any developer who loves the application that he designs will agree with me.
Ok, I am interested, so how do I do it?
Before we delve into code, let us look into the some particularly interesting registry entries.
As you can see in the status bar of regedit.exe in the image there is an Extensions entry in the Internet Explorer. Believe it or not, this is all that you need to peek in to plug your application into Internet Explorer. Let us drill down a little further and see the extension pertaining to some CMM Automation applications that we have in our company.
Now let me try to introduce all this gibberish to you formally.
The huge number selected on the left pane is a guid that I made with guidgen.exe that has been installed on my machine by Visual Studio. It uniquely identifies my application and separates it from the multitude of other IE extensions that might be made by others.
The keys shown on the right pane are mostly self explanatory, but I will provide one liners
- CLSID : The number shown in the picture signifies that this extension will run an exe. It is dictated by Microsoft and hence there is not much to think about this one. Different numbers are used to indicate different kind of extensions but I will refrain from talking about them.
- Default Visible : The value yes signifies that the icon is to be shown by default. If the value is 'no' then user will have to customize his IE toolbar by right clicking on it to see this icon.
- Exec : Path of the executable to be executed on clicking the icon.
- Icon : Path of the icon file to be shown in the toolbar.
- Hot Icon : Path of icon that is to be shown when mouse is brought over it.
- Menu Text : This is the text you will see in IE under Tools menu. Clicking on this text will launch the application.
- Menu Status Bar : The text shown in the status bar of IE when mouse is moved over the Menu described above.
Believe it or not guys, this is all that you do to put your application up there in the esteemed toolbar! Use any language/script that allows you to write onto the registry and find some jazzy icons and you are done.
So let us sum up all that we need to do
- Create a guid.
- Make a new key with this guid under Internet Explorer in the windows registry.
- Create the set of entries under this key as shown in the last image.
As is evident from the above text this feat can be achieved in variety of languages and the trick can be put to use in many scenarios. You can create an application that allows users to put their choice of applications into the IE. You can have this feature built into the installer code for your applications. The code I am attaching along with this article puts a helloworld application into the IE toolbar. It is made in VB for no other reason then I could do it in 15 minutes in this language.
DownloadsDownload demo project - 15 Kb
Download source - 8 Kb