To try the thousands of add-ons available here, download Mozilla Firefox, a fast, free way to surf the Web!Close
Welcome to Firefox Add-ons.
Choose from thousands of extra features and styles to make Firefox your own.Close
sslvis 0.8 Requires Restart
Visualize SSL fingerprint values and check if the HTTPS connection you're using matches what other people are seeing. WARNING: This extension reports data to a remote server, but you can utilize the reporting exclusion feature or disable reporting.
About this Add-on
This functionality gives you a chance of detecting a Man-in-the-Middle (MitM) attack using a properly formed certificate (ie: wildcard SSL certificates and/or certificates issued to governments/intelligence agencies by Certificate Authorities).
SSL utilizes public-key cryptography, and two big parts of that are math and trust. The math generally keeps people from sneaking a peak into the SSL connection, and if someone tries on their own your browser will sound the alarm. The trust part comes in because the Certificate Authorities (CAs) who are trusted by default by virtually every browser in the world say they will not ever issue legitimate looking certs to illegitimate people. If any random person could go to a CA and get an SSL cert valid for www.paypal.com then a whole lot of things break down.
Unfortunately it appears that CAs are issuing false certificates to governments and intelligence agencies:
There is also the whole issue of wildcard SSL certs, which we're not getting into here, but this extension may help with...
So by mapping fingerprints to a simple word this extension allows you to keep a level of awareness of when there's a change to an HTTPS connection you use. If the word changes, then the certificate has changed. The certificate change could be legitimate or it could be part of a MitM attack.
If you see a change, you can go out to the sslvis reporting server and check and see what other people are seeing for the site you're trying to get to.
The default sslvis report server is currently: http://tlsvis-report.appspot.com/
By default, this extension reports the server, domain, and tld (ie: www.google.com) of HTTPS sites you visit along with the word value for their fingerprints.
If you use this at work or visit sites you don't want people to know about you can use the reporting exclusion option to disable external reporting for domains or sites. You can also disable reporting altogether. Internal RFC1918 IP address space is excluded by default. Sites which aren't reported externally include a trailing asterisk as a visual cue that they are not being reported.
Before you flip out about privacy, please keep in mind that internet traffic is regularly monitored and the sites you visit often aren't private. This extension is a bit of a trade-off, but the exclusion and reporting controls should help that out.