Webbläsartillägg för Firefox
  • Tillägg
  • Teman
    • för Firefox
    • Ordlistor & språkpaket
    • Andra webbläsarplatser
    • Tillägg för Android
Logga in
Förhandsvisning av Warn Insecure Redirection

Warn Insecure Redirection av em_te

To protect your privacy, this extension warns you if a URL looks to be a redirection URL and doesn't use HTTPS. Without HTTPS, snoopers will know the full path of the redirection URL, which sometimes contains private information.

5 (2 reviews)5 (2 reviews)
5 användare5 användare
Du behöver Firefox för att kunna använda den här tillägget
Hämta Firefox och få tillägget
Hämta fil

Metadata för tillägg

Skärmbilder
Om detta tillägg
Overview:
If you visit a link that appears to simply be a redirection link and that link is not loaded over HTTPS, it will expose the redirection link to potential snoopers.

For example, if you visit:

http://www.example.com/redirect?goto=https://www.paypal.me/ashleymadison/100USD

Notice the HTTP in "http://www.example.com" means it is insecure.

Since example.com is NOT loaded over HTTPS, everyone on the Internet will know that you intend to visit the Paypal website to send money to Ashley Madison. Even though the Paypal website will be loaded over HTTPS, your intention will already be exposed by visiting example.com over an insecure connection.

Solution:
This extension will catch these potential problems and give you the option to:

1. Try loading example.com over HTTPS
2. Visit Paypal directly over HTTPS
3. Continue with the insecure link

This extension will also "ping" the root page ("/") at example.com over HTTPS to see if it is accessible and if so, will automatically navigate to the example.com page over HTTPS.

It will also "ping" the root page at paypal.me over HTTPS to determine if it is accessible and will add a tick or cross, so that you can decide whether you want to go directly to it.

The ping is made by sending a HEAD request with no cookies and no referral for your privacy. The root page was chosen to alleviate side effects and for privacy.

Explanation:
Any link that is NOT loaded over HTTPS means the full link and the website's contents will be susceptible to snooping and modification when passing through the Internet.

Generally, if that server doesn't support HTTPS you have no choice anyway. However, some links are really just redirection links that, when visited, will immediately redirect you to another website. The URL of the final website is sometimes embedded in the first URL in the form of URL parameters.

You can avoid exposing the redirection URL by not visiting the URL at all and choosing to go directly to the redirected URL. Or you can visit the redirection URL over HTTPS so that the embedded URL is hidden.

Demo:
Open your expired evaluation copy of WireShark and start inspecting network traffic.

Visit this link:
http://www.google.com/url?url=https://paypal.me/ashleymadison/0.99USD&rct=j&q=
or
http://disq.us/url?url=https://paypal.me/ashleymadison/0.99USD:YCTYzFK7sN1PiDyNguasfoOXJvo

Then inspect your traffic and notice that the above text "paypal.me/....." appears in your exposed network traffic.

Scope:
This extension will only work for opaquely embedded redirection URLs. If the redirection is performed on the server side using code 302, this extension cannot act on them.

This extension will only check for URLs loaded in the top level and won't check iframes.

If the redirected URL has the same domain name as the redirection URL, the extension will not intercept it, since such URLs are usually private and not redirections.

This extension will only watch for GET methods and will ignore other methods like POST since only the GET method can safely be halted and started up again with minimal side effects.

Performance:
In order to minimize the overhead that this extension has on your browser, this extension is configured to ONLY activate if the URL does NOT use HTTPS and there is a search parameter in the URL which contains the string "http:" or "https:". The prevents the extension from needing to respond to every type of URL.
Fäll ut för att läsa mer
Betyg 5 av 2 recensenter
Logga in för att betygsätta detta tillägg
Det finns inga betyg än

Stjärnklassificering sparad

5
2
4
0
3
0
2
0
1
0
Läs alla 2 recensioner
Behörigheter och dataLäs mer

Nödvändiga behörigheter:

  • Åtkomst till dina data för alla webbplatser
Mer information
Version
0.1.6
Storlek
29,38 kB
Senast uppdaterad
för 5 år sedan (12 aug 2020)
Relaterade kategorier
  • Sekretess & säkerhet
Licens
Mozilla Public License 2.0
Versionshistorik
  • Se alla versioner
Taggar
  • anti tracker
  • privacy
  • search
Lägg till i samling
Rapportera detta tillägg
Versionsfakta för 0.1.6
Changed icon design
Andra populära tillägg
  • Dark Reader

    Dark Reader
    RekommenderadRekommenderad

    Betygsatt 4,5 av 5

    Dark Reader Ltd

    1 234 941 användare

  • Grammar and Spell Checker - LanguageTool

    Grammar and Spell Checker - LanguageTool
    RekommenderadRekommenderad

    Betygsatt 4,7 av 5

    LanguageTooler GmbH

    358 547 användare

  • Search by Image

    Search by Image
    RekommenderadRekommenderad

    Betygsatt 4,6 av 5

    Armin Sebastian

    407 292 användare

  • Tree Style Tab

    Tree Style Tab
    RekommenderadRekommenderad

    Betygsatt 4,5 av 5

    Piro (piro_or)

    175 737 användare

Fler tillägg av em_te
  • Tap To Tab

    Tap To Tab

    Betygsatt 4,3 av 5

    em_te

    792 användare

  • Popup To Tab

    Popup To Tab

    Betygsatt 4,5 av 5

    em_te

    405 användare

  • Open Same Tab

    Open Same Tab

    Betygsatt 4,1 av 5

    em_te

    249 användare

  • Paste n' Go

    Paste n' Go

    Betygsatt 4,7 av 5

    em_te

    210 användare

  • Math in Address Bar

    Math in Address Bar

    Betygsatt 4 av 5

    em_te

    174 användare

  • Tablet Gestures

    Tablet Gestures

    Betygsatt 3,1 av 5

    em_te

    158 användare

Gå till Mozillas hemsida

Tillägg

  • Om
  • Firefox tilläggsblogg
  • Verkstad för tillägg
  • Utvecklarcenter
  • Utvecklarpolicyer
  • Community-blogg
  • Forum
  • Rapportera en bugg
  • Recensionsriktlinjer

Webbläsare

  • Desktop
  • Mobile
  • Enterprise

Produkter

  • Browsers
  • VPN
  • Relay
  • Monitor
  • Pocket
  • Bluesky (@firefox.com)
  • Instagram (Firefox)
  • YouTube (firefoxchannel)
  • Sekretess
  • Kakor
  • Juridisk information

Om inget annat anges, är innehållet på denna webbplats licensierat under licensen Creative Commons Attribution Share-Alike License v3.0 eller senare version.