Comments (14)
@DaAwesomeP @herczegzsolt @evilpie
I've un-archived this repository in order to investigate developing a WebExtensions version of CipherFox - unless somebody has already developed a suitable alternative?
Notes:
from cipherfox.
I think this should now be possible to implement in Firefox Nightly, because bug 1322748 just landed.
from cipherfox.
I suppose I meant feature-complete compared to what I myself would likely implement here.
Seems better to extend and support IndicateTLS than completely re-write CipherFox at this point.
from cipherfox.
@DaAwesomeP @herczegzsolt @evilpie
I've un-archived this repository in order to investigate developing a WebExtensions version of CipherFox - unless somebody has already developed a suitable alternative?
There is this other extension now:
- https://addons.mozilla.org/it/firefox/addon/certainly-something/
- https://github.com/april/certainly-something
from cipherfox.
Actually, after having now seen IndicateTLS, I'm really cooling on the idea of porting CipherFox at all ... that seems pretty feature-complete to me.
from cipherfox.
I have not looked into what WebExtensions expose that we could use to make CipherFox work. That said, I no longer use Firefox (except for updating this extension, occasionally), so it's not a high priority for me. In the likely event that I never get around to this, Pull Requests for this feature are absolutely welcome.
from cipherfox.
As far as I know, it's not possible to implement Cipherfox via WebExtensions currently, because there's no WebExtensions API to access certificate information. Here's a related bugzilla feature request:
https://bug623317.bugzilla.mozilla.org/show_bug.cgi?id=1322748
Addons not rewritten for WebExtensions will stop working at Firefox 57, November 14th. I'll try to track and update this issue.
from cipherfox.
There seems to be some progress at the Mozilla bug thread, but it's slow: https://bug623317.bugzilla.mozilla.org/show_bug.cgi?id=1322748
from cipherfox.
It might be possible to analyze the SSL separately from Firefox on-click with a native JavaScript library like Forge. A relatively safe request to /favicon.ico
would do the trick. It shouldn't be too slow or cause a performance hit if it's activated per-use and only analyzing one request. I will consider developing this myself, but it would be very different from how this addon currently functions—I would probably do it separate from this repo. Unfortunately, this wouldn't be my first WebExtension hack-replacement addon.
from cipherfox.
@DaAwesomeP i'm concerned about this workaround causing false sense of security to the user.
- In case the server handshakes with Firefox using a weaker algo cert than with the addon, user may be falsely identify the site as secure
- In case of a MITIM attack, it's easy to isolate and pass-through the request of such an addon, causing the user to falsely identify the site as secure
Because it's hard to assess these risks even for an experienced user, I'd not recommend such an addon. I think such an addon needs at least the hash of the actual cert in use from firefox, so that it can verify that the request it creates use the same cert as the browser.
from cipherfox.
@gavinhungry I've not found any suitable alternatives within firefox or chrome, I use the openssl cli when I have to. I would love to see this extension again.
I don't have the bandwidth at the moment to work on implementing this, but I'm more than happy to test and debug it if that helps.
from cipherfox.
That's not really an alternative, but might be helpful in rewriting CF.
From its ReadMe:
Note: Certainly Something has been integrated into Firefox 72, and is no longer necessary for viewing certificates.
Uses the new TLS Info API in Firefox to view information about the current state of your HTTPS connection.
from cipherfox.
This might be a bit closer:
https://addons.mozilla.org/en-US/firefox/addon/indicatetls/
↓
https://github.com/jannispinter/indicatetls
Addon for Mozilla Firefox that displays the TLS protocol version of websites you visit. This extension makes use of the new SecurityInfo API in Mozilla Firefox to display some information about the TLS connection.
from cipherfox.
IndicateTLS … seems pretty feature-complete to me.
It hasn't been updated in 2 years & there're a bunch of open issues, so @ least some of its (non-troll 😉) users disagree w/ you re: that. Maybe develop there?
from cipherfox.
Related Issues (20)
- Add support for Pale Moon HOT 3
- Remove "(Firefox XX+)" from cipherSuite.label and protocol.label HOT 4
- Site ID dialog width is not enough HOT 17
- Cipherfox dropdown in site ID dialog is gone in Firefox 42 HOT 1
- Make statusbar item moveable HOT 2
- New Firefox 43 box does not expand to full size HOT 2
- Add support for e10s
- Questionmarks for chiper size, type, hash, and other values HOT 44
- Add short date options HOT 2
- Remove RC4-Option HOT 3
- Cipherfox with partial https HOT 1
- Mark extension as compatible with e10s
- Add support for TLS 1.3 HOT 7
- "Qualys SSL Labs Server Test" does not work on Fx 51+ HOT 6
- Enhancement request: Switch from SSL labs test to new Observatory by Mozilla HOT 4
- Questionmarks for chiper size, type, hash, and other values HOT 3
- Add support for TLS 1.3 protocol HOT 4
- Error thrown with cipherfox 4.1.1 in Pale Moon 27.5.* HOT 3
- Update for Firefox 57 support HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cipherfox.