Додаци за прегледач Firefox
  • Проширења
  • Теме
    • за Firefox
    • Речници и језички пакети
    • Странице других прегледача
    • Додаци за Android
Пријавите се
Преглед Warn Insecure Redirection

Warn Insecure Redirection од em_te

To protect your privacy, this extension warns you if a URL looks to be a redirection URL and doesn't use HTTPS. Without HTTPS, snoopers will know the full path of the redirection URL, which sometimes contains private information.

5 (2 рецензија)5 (2 рецензија)
5 корисника5 корисника
Преузмите Firefox и добијте додатак
Преузмите датотеку

Метаподаци додатка

Снимци екрана
О овом додатку
Overview:
If you visit a link that appears to simply be a redirection link and that link is not loaded over HTTPS, it will expose the redirection link to potential snoopers.

For example, if you visit:

http://www.example.com/redirect?goto=https://www.paypal.me/ashleymadison/100USD

Notice the HTTP in "http://www.example.com" means it is insecure.

Since example.com is NOT loaded over HTTPS, everyone on the Internet will know that you intend to visit the Paypal website to send money to Ashley Madison. Even though the Paypal website will be loaded over HTTPS, your intention will already be exposed by visiting example.com over an insecure connection.

Solution:
This extension will catch these potential problems and give you the option to:

1. Try loading example.com over HTTPS
2. Visit Paypal directly over HTTPS
3. Continue with the insecure link

This extension will also "ping" the root page ("/") at example.com over HTTPS to see if it is accessible and if so, will automatically navigate to the example.com page over HTTPS.

It will also "ping" the root page at paypal.me over HTTPS to determine if it is accessible and will add a tick or cross, so that you can decide whether you want to go directly to it.

The ping is made by sending a HEAD request with no cookies and no referral for your privacy. The root page was chosen to alleviate side effects and for privacy.

Explanation:
Any link that is NOT loaded over HTTPS means the full link and the website's contents will be susceptible to snooping and modification when passing through the Internet.

Generally, if that server doesn't support HTTPS you have no choice anyway. However, some links are really just redirection links that, when visited, will immediately redirect you to another website. The URL of the final website is sometimes embedded in the first URL in the form of URL parameters.

You can avoid exposing the redirection URL by not visiting the URL at all and choosing to go directly to the redirected URL. Or you can visit the redirection URL over HTTPS so that the embedded URL is hidden.

Demo:
Open your expired evaluation copy of WireShark and start inspecting network traffic.

Visit this link:
http://www.google.com/url?url=https://paypal.me/ashleymadison/0.99USD&rct=j&q=
or
http://disq.us/url?url=https://paypal.me/ashleymadison/0.99USD:YCTYzFK7sN1PiDyNguasfoOXJvo

Then inspect your traffic and notice that the above text "paypal.me/....." appears in your exposed network traffic.

Scope:
This extension will only work for opaquely embedded redirection URLs. If the redirection is performed on the server side using code 302, this extension cannot act on them.

This extension will only check for URLs loaded in the top level and won't check iframes.

If the redirected URL has the same domain name as the redirection URL, the extension will not intercept it, since such URLs are usually private and not redirections.

This extension will only watch for GET methods and will ignore other methods like POST since only the GET method can safely be halted and started up again with minimal side effects.

Performance:
In order to minimize the overhead that this extension has on your browser, this extension is configured to ONLY activate if the URL does NOT use HTTPS and there is a search parameter in the URL which contains the string "http:" or "https:". The prevents the extension from needing to respond to every type of URL.
Оцењено са 5 од стране 2 рецензената
Пријавите се да бисте оценили овај додатак
Још увек нема оцена

Оцена звездицама сачувана

5
2
4
0
3
0
2
0
1
0
Прочитајте 2 рецензије
Овлашћења и подаци

Потребна овлашћења:

  • Приступ подацима за све веб странице
Сазнајте више
Више информација
Везе додатка
  • Копирај ИД додатка
Издање
0.1.6
Величина
29,38 KB
Последњи пут ажурирано
pre 6 godina (12. avg. 2020.)
Повезане категорије
  • Приватност и безбедност
Дозвола
Јавна дозвола Mozilla 2.0
Историјат издања
  • Погледајте сва издања
Ознаке
  • anti tracker
  • privacy
  • search
Додај у збирку
Пријави овај додатак
Идите на почетну страницу Mozilla-е

Додаци

  • O програму
  • Блог о додацима за Firefox
  • Радионица за додатке
  • Центар за програмере
  • Политике програмера
  • Блог заједнице
  • Форум
  • Пријавите грешку
  • Водич за оцењивање

Преузмите

  • Download Firefox
  • Windows
  • macOS
  • iOS
  • Android
  • Linux
  • All

Најновије градње

  • Nightly
  • Beta

Firefox за предузећа

  • Enterprise

Заједница

  • Connect
  • Contribute
  • Developer

Прати

  • Instagram
  • YouTube
  • TikTok
  • Bluesky
  • Podcast
  • Приватност
  • Колачићи
  • Права

Изузев тамо где је другачије наведено , садржај на овој страници је лиценциран под Creative Commons Attribution Share-Alike дозволом v3.0 или било којим каснијим издањем.