IBM Automates Firefox With CoScripter - InformationWeek
Software // Enterprise Applications
02:36 PM
Connect Directly
[Dark Reading Crash Course] Finding & Fixing Application Security Vulnerabilitie
Sep 14, 2017
Hear from a top applications security expert as he discusses key practices for scanning and securi ...Read More>>

IBM Automates Firefox With CoScripter

The program is designed to automate browser-based tasks such as printing photos online, requesting a vacation hold for postal mail, or checking online bank accounts.

IBM has released a free extension for the Firefox Web browser called CoScripter that allows users to record browser interactions in a replayable, sharable script.

Created by a research team led by Allen Cypher, an IBM research scientist who used to work at Apple, the program is designed to automate browser-based tasks such as printing photos online, requesting a vacation hold for postal mail, or checking online bank accounts.

IBM has set up an online forum and script sharing community for the software. By making scripts available to its user community, IBM hopes to lower the barriers for capturing "how to" knowledge.

The CoScripter site includes a video tutorial. Registration is required, but there is no charge for the software. Some of the newly contributed scripts include "Add your phone number to the National Do Not Call List" and "Check American Airlines flight arrival time and status."

CoScripter was formerly called Koala. In a paper presented at the Computer/Human Interaction 2007 Conference (CHI 2007) earlier this year, Cypher and his colleagues described the software as "a collaborative programming-by-demonstration system that records, edits, and plays back user interactions as pseudo-natural language scripts that are both human- and machine-interpretable."

The paper, "Koala: Capture, Share, Automate, Personalize Business Processes on the Web," makes the point of distinguishing the software from the "formal syntactic statements" used in most programming languages. Koala/CoScripter "leverages sloppy programming that interprets pseudo-natural language instructions ... in the context of a given Web page's elements and actions."

In other words, CoScripter scripts are easy to create and read, and the scripting syntax makes script creation more like writing than coding.

"One of the most innovative aspects of CoScripter is that actions are represented as human readable and editable text," said Alex Faaborg, a user experience designer at Mozilla, in a blog post about the new software.

The Koala paper notes that Koala/CoScripter builds upon two other client-side browser programming tools, Greasemonkey and Chickenfoot. What distinguishes CoScripter is that it's much easier to use because it doesn't require knowledge of JavaScript programming.

CoScripter will likely find fans among both businesses and consumers. Companies may, for example, record scripts to solve common computer support problems and distribute them to help desk staff or flummoxed employees. And general Internet users will likely welcome the software as a way to automate tedious online tasks.

Unfortunately, cyber criminals may find a user for CoScripter, too, as a tool for creating deceptively labeled scripts to conduct automated phishing attacks or by altering trusted scripts covertly. In response to a post on the CoScripter forums, IBM's Cypher acknowledges the possibility for misuse.

"We do need to understand both the vulnerabilities of CoScripter and users' perceptions of its vulnerabilities," Cypher said. "If you download CoScripter from, I would hope that you can trust that the CoScripter program is trustworthy, and that it does not surreptitiously store your confidential information. I would also like to hope that you can trust CoScripter scripts more than, say, Outlook Macros, because you see every action performed by the script, and the scripts cannot do anything that you cannot do yourself."

Even so, Cypher notes that it would be possible for someone to edit a trusted script and replace a URL like "" with "," where the letter "o" has been replaced with the number "0" to send the user of the script to a phishing site.

Cypher recommends reading any script that one uses. "[W]hen I use a script created by someone else, I always Step through the script to see exactly what it is doing," he said. "But it may be that other users simply trust scripts and Run them, rather than Stepping through them."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll