sslguard
Leggi la versione italianasslguard is a Firefox plugin to protect against certain types of SSL mitm attacks.
the attack
How many of us digit locations/addresses in the browser including the protocol (e.g. http instead of https or viceversa?) Maybe almost nobody.
That's why most of the (user-friendly) websites that use the https protocol
to protect sensible data from being sent insecurely (like credentials), let you
write the location without https:// (just like www.somewebfucker.com instead
of http://www.somewebhell.com) and then be redirected to the secure website
automatically.
This is where the problems begin.
Let's say some of our friends issues a Man In The Middle attack, what can happen? The attacker can manage the secure session for us e send back clear pages to us. Also the attacker will take care of replacing all https occurrences in all pages with http. This way all of our requests will sent in clear, because the browser has no need (as it doesn't see any https:// link) to enstablish a secure connection.
what is sslguard
sslguard will verify, as its best, that the websites listed in the plugin are effectively visited the secure way through https! This list is already populated by default, but you can of course add new websites within Firefox (Tools → SSLGuard Preferences). The dialog is pretty intuitive, and you can even use some basic regular expessions in the entries.
where to get sslguard
sslguard is available for download from mozilla addons website. If you want to contribute or report any bugs, please contact us.
Public git repository available at gitorious.
