IBM Automates Firefox With CoScripter - InformationWeek
Software // Enterprise Applications
02:36 PM
Connect Directly

IBM Automates Firefox With CoScripter

The program is designed to automate browser-based tasks such as printing photos online, requesting a vacation hold for postal mail, or checking online bank accounts.

IBM has released a free extension for the Firefox Web browser called CoScripter that allows users to record browser interactions in a replayable, sharable script.

Created by a research team led by Allen Cypher, an IBM research scientist who used to work at Apple, the program is designed to automate browser-based tasks such as printing photos online, requesting a vacation hold for postal mail, or checking online bank accounts.

IBM has set up an online forum and script sharing community for the software. By making scripts available to its user community, IBM hopes to lower the barriers for capturing "how to" knowledge.

The CoScripter site includes a video tutorial. Registration is required, but there is no charge for the software. Some of the newly contributed scripts include "Add your phone number to the National Do Not Call List" and "Check American Airlines flight arrival time and status."

CoScripter was formerly called Koala. In a paper presented at the Computer/Human Interaction 2007 Conference (CHI 2007) earlier this year, Cypher and his colleagues described the software as "a collaborative programming-by-demonstration system that records, edits, and plays back user interactions as pseudo-natural language scripts that are both human- and machine-interpretable."

The paper, "Koala: Capture, Share, Automate, Personalize Business Processes on the Web," makes the point of distinguishing the software from the "formal syntactic statements" used in most programming languages. Koala/CoScripter "leverages sloppy programming that interprets pseudo-natural language instructions ... in the context of a given Web page's elements and actions."

In other words, CoScripter scripts are easy to create and read, and the scripting syntax makes script creation more like writing than coding.

"One of the most innovative aspects of CoScripter is that actions are represented as human readable and editable text," said Alex Faaborg, a user experience designer at Mozilla, in a blog post about the new software.

The Koala paper notes that Koala/CoScripter builds upon two other client-side browser programming tools, Greasemonkey and Chickenfoot. What distinguishes CoScripter is that it's much easier to use because it doesn't require knowledge of JavaScript programming.

CoScripter will likely find fans among both businesses and consumers. Companies may, for example, record scripts to solve common computer support problems and distribute them to help desk staff or flummoxed employees. And general Internet users will likely welcome the software as a way to automate tedious online tasks.

Unfortunately, cyber criminals may find a user for CoScripter, too, as a tool for creating deceptively labeled scripts to conduct automated phishing attacks or by altering trusted scripts covertly. In response to a post on the CoScripter forums, IBM's Cypher acknowledges the possibility for misuse.

"We do need to understand both the vulnerabilities of CoScripter and users' perceptions of its vulnerabilities," Cypher said. "If you download CoScripter from, I would hope that you can trust that the CoScripter program is trustworthy, and that it does not surreptitiously store your confidential information. I would also like to hope that you can trust CoScripter scripts more than, say, Outlook Macros, because you see every action performed by the script, and the scripts cannot do anything that you cannot do yourself."

Even so, Cypher notes that it would be possible for someone to edit a trusted script and replace a URL like "" with "," where the letter "o" has been replaced with the number "0" to send the user of the script to a phishing site.

Cypher recommends reading any script that one uses. "[W]hen I use a script created by someone else, I always Step through the script to see exactly what it is doing," he said. "But it may be that other users simply trust scripts and Run them, rather than Stepping through them."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll