HOWTO : Apparmor with Iceweasel on Kali Linux 1.1.0

It is not effective to use "NoScript" Add-ons on Iceweasel as almost all web pages are using javascript. However, you still need "NoScript" for XSS protection on Iceweasel. You just need to allow it globally and XSS will still in force. To protect your browser from being compromised, an alternative way is to implement the Apparmor. Apparmor for Iceweasel can be used in penetration testing and daily use.

apt-get install apparmor apparmor-docs apparmor-notify apparmor-profiles apparmor-utils dh-apparmor python-libapparmor

Edit the /etc/default/grub to make apparmor to active after boot.

nano /etc/default/grub

Locate the following string :

GRUB_CMDLINE_LINUX_DEFAULT="quiet"

To make it looks like :

GRUB_CMDLINE_LINUX_DEFAULT="quiet apparmor=1 security=apparmor"

Then run the following command :

update-grub

After that, create a file namely usr.lib.iceweasel.iceweasel at /etc/apparmor.d/ :

nano /etc/apparmor.d/usr.lib.iceweasel.iceweasel

Copy the following content to the file and save it.



Then change the mode of iceweasel apparmor to enforce by using the following command :

aa-enforce /etc/apparmor.d/usr.lib.iceweasel.iceweasel

To update the rule of apparmor, just run the following command and ask some questions. Most likely, you just need to answer "Allow".

aa-logprof

Iceweasel Add-ons

You may need to install "FoxyProxy" Add-ons to Iceweasel.

apt-get install xul-ext-foxyproxy-standard

You can install any available Add-ons by searching the database :

apt-cache search xul-ext

That's all! See you.