IBM Automates Firefox With CoScripter
The program is designed to automate browser-based tasks such as printing photos online, requesting a vacation hold for postal mail, or checking online bank accounts.
IBM has released a free extension for the Firefox Web browser called CoScripter that allows users to record browser interactions in a replayable, sharable script.
Created by a research team led by Allen Cypher, an IBM research scientist who used to work at Apple, the program is designed to automate browser-based tasks such as printing photos online, requesting a vacation hold for postal mail, or checking online bank accounts.
IBM has set up an online forum and script sharing community for the software. By making scripts available to its user community, IBM hopes to lower the barriers for capturing "how to" knowledge.
The CoScripter site includes a video tutorial. Registration is required, but there is no charge for the software. Some of the newly contributed scripts include "Add your phone number to the National Do Not Call List" and "Check American Airlines flight arrival time and status."
CoScripter was formerly called Koala. In a paper presented at the Computer/Human Interaction 2007 Conference (CHI 2007) earlier this year, Cypher and his colleagues described the software as "a collaborative programming-by-demonstration system that records, edits, and plays back user interactions as pseudo-natural language scripts that are both human- and machine-interpretable."
The paper, "Koala: Capture, Share, Automate, Personalize Business Processes on the Web," makes the point of distinguishing the software from the "formal syntactic statements" used in most programming languages. Koala/CoScripter "leverages sloppy programming that interprets pseudo-natural language instructions ... in the context of a given Web page's elements and actions."
In other words, CoScripter scripts are easy to create and read, and the scripting syntax makes script creation more like writing than coding.
"One of the most innovative aspects of CoScripter is that actions are represented as human readable and editable text," said Alex Faaborg, a user experience designer at Mozilla, in a blog post about the new software.
The Koala paper notes that Koala/CoScripter builds upon two other client-side browser programming tools, Greasemonkey and Chickenfoot. What distinguishes CoScripter is that it's much easier to use because it doesn't require knowledge of JavaScript programming.
CoScripter will likely find fans among both businesses and consumers. Companies may, for example, record scripts to solve common computer support problems and distribute them to help desk staff or flummoxed employees. And general Internet users will likely welcome the software as a way to automate tedious online tasks.
Unfortunately, cyber criminals may find a user for CoScripter, too, as a tool for creating deceptively labeled scripts to conduct automated phishing attacks or by altering trusted scripts covertly. In response to a post on the CoScripter forums, IBM's Cypher acknowledges the possibility for misuse.
"We do need to understand both the vulnerabilities of CoScripter and users' perceptions of its vulnerabilities," Cypher said. "If you download CoScripter from www.ibm.com, I would hope that you can trust that the CoScripter program is trustworthy, and that it does not surreptitiously store your confidential information. I would also like to hope that you can trust CoScripter scripts more than, say, Outlook Macros, because you see every action performed by the script, and the scripts cannot do anything that you cannot do yourself."
Even so, Cypher notes that it would be possible for someone to edit a trusted script and replace a URL like "www.citicorp.com" with "www.citic0rp.com," where the letter "o" has been replaced with the number "0" to send the user of the script to a phishing site.
Cypher recommends reading any script that one uses. "[W]hen I use a script created by someone else, I always Step through the script to see exactly what it is doing," he said. "But it may be that other users simply trust scripts and Run them, rather than Stepping through them."
About the Author
You May Also Like
2024 InformationWeek US IT Salary Report
May 29, 20242022 State of ITOps and SecOps
Jun 21, 2022