sslguard

Leggi la versione italiana

sslguard is a Firefox plugin to protect against certain types of SSL mitm attacks.

the attack

How many of us digit locations/addresses in the browser including the protocol (e.g. http instead of https or viceversa?) Maybe almost nobody.

That's why most of the (user-friendly) websites that use the https protocol to protect sensible data from being sent insecurely (like credentials), let you write the location without https:// (just like www.somewebfucker.com instead of http://www.somewebhell.com) and then be redirected to the secure website automatically.
This is where the problems begin.

Let's say some of our friends issues a Man In The Middle attack, what can happen? The attacker can manage the secure session for us e send back clear pages to us. Also the attacker will take care of replacing all https occurrences in all pages with http. This way all of our requests will sent in clear, because the browser has no need (as it doesn't see any https:// link) to enstablish a secure connection.

what is sslguard

sslguard will verify, as its best, that the websites listed in the plugin are effectively visited the secure way through https! This list is already populated by default, but you can of course add new websites within Firefox (ToolsSSLGuard Preferences). The dialog is pretty intuitive, and you can even use some basic regular expessions in the entries.

where to get sslguard

sslguard is available for download from mozilla addons website. If you want to contribute or report any bugs, please contact us.

Public git repository available at gitorious.