Suplimente pentru Firefox
  • Extensii
  • Teme
    • pentru Firefox
    • Dicționare și pachete lingvistice
    • Site-uri pentru alte browsere
    • Suplimente pentru Android
Autentifică-te
Previzualizare Warn Insecure Redirection

Warn Insecure Redirection de em_te

To protect your privacy, this extension warns you if a URL looks to be a redirection URL and doesn't use HTTPS. Without HTTPS, snoopers will know the full path of the redirection URL, which sometimes contains private information.

5 (2 revizuiri)5 (2 revizuiri)
5 utilizatori5 utilizatori
Descarcă Firefox și obține extensia
Descarcă fișierul

Metadate extensie

Capturi de ecran
Despre această extensie
Overview:
If you visit a link that appears to simply be a redirection link and that link is not loaded over HTTPS, it will expose the redirection link to potential snoopers.

For example, if you visit:

http://www.example.com/redirect?goto=https://www.paypal.me/ashleymadison/100USD

Notice the HTTP in "http://www.example.com" means it is insecure.

Since example.com is NOT loaded over HTTPS, everyone on the Internet will know that you intend to visit the Paypal website to send money to Ashley Madison. Even though the Paypal website will be loaded over HTTPS, your intention will already be exposed by visiting example.com over an insecure connection.

Solution:
This extension will catch these potential problems and give you the option to:

1. Try loading example.com over HTTPS
2. Visit Paypal directly over HTTPS
3. Continue with the insecure link

This extension will also "ping" the root page ("/") at example.com over HTTPS to see if it is accessible and if so, will automatically navigate to the example.com page over HTTPS.

It will also "ping" the root page at paypal.me over HTTPS to determine if it is accessible and will add a tick or cross, so that you can decide whether you want to go directly to it.

The ping is made by sending a HEAD request with no cookies and no referral for your privacy. The root page was chosen to alleviate side effects and for privacy.

Explanation:
Any link that is NOT loaded over HTTPS means the full link and the website's contents will be susceptible to snooping and modification when passing through the Internet.

Generally, if that server doesn't support HTTPS you have no choice anyway. However, some links are really just redirection links that, when visited, will immediately redirect you to another website. The URL of the final website is sometimes embedded in the first URL in the form of URL parameters.

You can avoid exposing the redirection URL by not visiting the URL at all and choosing to go directly to the redirected URL. Or you can visit the redirection URL over HTTPS so that the embedded URL is hidden.

Demo:
Open your expired evaluation copy of WireShark and start inspecting network traffic.

Visit this link:
http://www.google.com/url?url=https://paypal.me/ashleymadison/0.99USD&rct=j&q=
or
http://disq.us/url?url=https://paypal.me/ashleymadison/0.99USD:YCTYzFK7sN1PiDyNguasfoOXJvo

Then inspect your traffic and notice that the above text "paypal.me/....." appears in your exposed network traffic.

Scope:
This extension will only work for opaquely embedded redirection URLs. If the redirection is performed on the server side using code 302, this extension cannot act on them.

This extension will only check for URLs loaded in the top level and won't check iframes.

If the redirected URL has the same domain name as the redirection URL, the extension will not intercept it, since such URLs are usually private and not redirections.

This extension will only watch for GET methods and will ignore other methods like POST since only the GET method can safely be halted and started up again with minimal side effects.

Performance:
In order to minimize the overhead that this extension has on your browser, this extension is configured to ONLY activate if the URL does NOT use HTTPS and there is a search parameter in the URL which contains the string "http:" or "https:". The prevents the extension from needing to respond to every type of URL.
Evaluat cu 5 de către 2 recenzori
Intră în cont pentru a evalua această extensie
Nu există încă evaluări

Evaluarea prin stele a fost salvată

5
2
4
0
3
0
2
0
1
0
Citește toate cele 2 recenzii
Permisiuni și dateAflă mai multe

Permisiuni necesare:

  • Să îți acceseze datele pentru toate site-urile web
Mai multe informații
Versiune
0.1.6
Mărime
29,38 KB
Ultima actualizare
5 ani în urmă (12 aug. 2020)
Categorii conexe
  • Confidențialitate și securitate
Licență
Mozilla Public License 2.0
Istoricul versiunilor
  • Vezi toate versiunile
Etichete
  • anti tracker
  • privacy
  • search
Adaugă în colecție
Raportează acest supliment
Note privind versiunea 0.1.6
Changed icon design
Du-te pe pagina de start Mozilla

Suplimente

  • Despre
  • Blog suplimente Firefox
  • Atelier de extensii
  • Centrul dezvoltatorilor
  • Politicile dezvoltatorilor
  • Blogul comunității
  • Forum
  • Raportează o defecțiune
  • Ghid pentru recenzii

Browsere

  • Desktop
  • Mobile
  • Enterprise

Produse

  • Browsers
  • VPN
  • Relay
  • Monitor
  • Pocket
  • Bluesky (@firefox.com)
  • Instagram (Firefox)
  • YouTube (firefoxchannel)
  • Confidențialitate
  • Cookie-uri
  • Mențiuni legale

Cu excepția cazurilor când se specifică altfel, conținutul de pe acest site este licențiat sub licența Creative Commons cu atribuire și distribuire în condiții identice v3.0 sau orice versiune ulterioară.