Full Disclosure mailing list archives
Re: extension for Firefox to force HTTPS always?
From: Harry Hoffman <hhoffman () ip-solutions net>
Date: Fri, 12 Oct 2007 22:12:08 -0400
what is wrong with his suggestion? If you look at the situation the following things happen: [hhoffman@localhost ~]$ host www.cnn.com www.cnn.com has address 64.236.16.20 www.cnn.com has address 64.236.16.52 www.cnn.com has address 64.236.24.12 www.cnn.com has address 64.236.29.120 www.cnn.com has address 64.236.91.21 www.cnn.com has address 64.236.91.22 www.cnn.com has address 64.236.91.23 www.cnn.com has address 64.236.91.24 Host www.cnn.com not found: 3(NXDOMAIN) [hhoffman@localhost ~]$ openssl s_client -connect www.cnn.com:443 [root@localhost ~]# tcpdump -i wlan0 -ln tcp port 443 and net '64.236' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on wlan0, link-type EN10MB (Ethernet), capture size 96 bytes 22:02:32.427607 IP 192.168.1.103.35113 > 64.236.24.12.https: S 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp 102380687 0,nop,wscale 7> 22:02:35.427467 IP 192.168.1.103.35113 > 64.236.24.12.https: S 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp 102383687 0,nop,wscale 7> 22:02:41.427496 IP 192.168.1.103.35113 > 64.236.24.12.https: S 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp 102389687 0,nop,wscale 7> 22:02:53.427470 IP 192.168.1.103.35113 > 64.236.24.12.https: S 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp 102401687 0,nop,wscale 7> 22:03:17.427469 IP 192.168.1.103.35113 > 64.236.24.12.https: S 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp 102425687 0,nop,wscale 7> 22:04:05.427466 IP 192.168.1.103.35113 > 64.236.24.12.https: S 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp 102473687 0,nop,wscale 7> 22:05:41.427556 IP 192.168.1.103.47627 > 64.236.29.120.https: S 2954205762:2954205762(0) win 5840 <mss 1460,sackOK,timestamp 102569687 0,nop,wscale 7> 22:05:44.427467 IP 192.168.1.103.47627 > 64.236.29.120.https: S 2954205762:2954205762(0) win 5840 <mss 1460,sackOK,timestamp 102572687 0,nop,wscale 7> 22:05:50.427472 IP 192.168.1.103.47627 > 64.236.29.120.https: S 2954205762:2954205762(0) win 5840 <mss 1460,sackOK,timestamp 102578687 0,nop,wscale 7> 22:06:02.428441 IP 192.168.1.103.47627 > 64.236.29.120.https: S 2954205762:2954205762(0) win 5840 <mss 1460,sackOK,timestamp 102590687 0,nop,wscale 7> If there are a ton of addresses associated with the hostname record you'd be sitting there for a long time, no? It'd be nice if sites sent a unreachable message but some ppl still believe that blocking all ICMP is ok... go figure. Cheers, Harry full-disclosure () hushmail com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MAYBE YOU HAVE A SUGGESTION OR SOMETHING CONSTRUCTIVE TO SAY AFTER ALL THESE YEARS VLADIS OR MAYBE YOU SHOULD SHUT THE FUCK UP!!! YOU AREN'T SMARTER THAN WE THINK YOU ARE On Fri, 12 Oct 2007 21:55:37 -0400 Valdis.Kletnieks () vt edu wrote:On Fri, 12 Oct 2007 15:06:14 PDT, Kristian Erik Hermansen said:I just wanted to clarify that I am looking for an extension thatwillrewrite all encountered HTTP references in Firefox to HTTPS. Iwouldalready have a firewall or some other layer7 filtering deviceblockingunencrypted traffic. The addon "Better Gmail" does somethingsimilarto this, with the "force HTTPS" option, but not exactly...What should this hypothetical extension do if it automagically redirect http: to https:, but the target server is something that is only listening on port 80 because it doesn't have https: enabled? https://www.cnn.com just sorta sits there for me.-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkcQJ40ACgkQ+dWaEhErNvQjfAQAhvRta2YldG0s+RPwOOYQJhmavq4c uo/dTsCd3EQy6yQru6oGcmWR7CdCo8EvwoTpB0EwLgVW4z7/lujiayEMECV4zejTNztw NSabygNoko5I8wh5trmqvoSb4RfPW79qEWLgTosECR1dsCu5FfXuKZhgQwbweWpi09gh zDPTvGg= =jxe7 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- extension for Firefox to force HTTPS always? Kristian Erik Hermansen (Oct 12)
- Re: extension for Firefox to force HTTPS always? Ismail Dönmez (Oct 12)
- Re: extension for Firefox to force HTTPS always? Kristian Erik Hermansen (Oct 12)
- Re: extension for Firefox to force HTTPS always? Valdis . Kletnieks (Oct 12)
- Re: extension for Firefox to force HTTPS always? gjgowey (Oct 12)
- Re: extension for Firefox to force HTTPS always? Valdis . Kletnieks (Oct 12)
- Re: extension for Firefox to force HTTPS always? gjgowey (Oct 12)
- Re: extension for Firefox to force HTTPS always? Valdis . Kletnieks (Oct 12)
- Re: extension for Firefox to force HTTPS always? Kristian Erik Hermansen (Oct 12)
- Re: extension for Firefox to force HTTPS always? silky (Oct 13)
- <Possible follow-ups>
- Re: extension for Firefox to force HTTPS always? full-disclosure (Oct 12)
- Re: extension for Firefox to force HTTPS always? Harry Hoffman (Oct 12)
- Re: extension for Firefox to force HTTPS always? full-disclosure (Oct 13)
- Re: extension for Firefox to force HTTPS always? full-disclosure (Oct 13)
- Re: extension for Firefox to force HTTPS always? Valdis . Kletnieks (Oct 13)
- Re: extension for Firefox to force HTTPS always? full-disclosure (Oct 13)
- Re: extension for Firefox to force HTTPS always? Marcus Graf (Oct 13)
- Re: extension for Firefox to force HTTPS always? full-disclosure (Oct 13)