Firefox plugin highlighting security information

posted in #IT Security on the 4.08.2015

This Firefox plugin developed by A-SIT shows security-relevant parameters of the active connection.

Typically, browsers keep the display of security-related information about called web pages to a minimum. While it is clearly indicated whether the connection to a server is encrypted, more fine-grained information is not printed or can only be retrieved by overcoming hurdles.

As a consequence, the objective of this project consisted in developing an extensible addon for Mozilla Firefox which inspects called domains regarding security-critical aspects and summarizes the results for security-affine users.The focus of the work has been put on reading and evaluating retrievable data whose values substantially affect the attainable security level. Hence, for every called website, details concerning the employed cipher suite, used signature algorithms, and the entire certificate chain are displayed. An excerpt of this data is also shown for all domains which are indirectly loaded by primarily invoked domain.

Screenshot Firefox Plugin

Installation

Having downloaded the browser extension and unpacked the .ZIP file, the resulting .xpi file can be moved to an active browser window via drag & drop. After confirming the installation, the plugin is ready to use.

Downloads

File Description File size
pdf Project Report (DE) Version 1.0 from 21.7.2015 (German only)
586 KB
zip Application (multiprocess) Version 1.3.4 from 9.2.2016 (.zip, plugin for Firefox, ,multiprocess-compatible, bugfixes)
540 KB
zip Application (for FF >= 43) Version 1.1 from 9.2.2016 (.zip, plugin for Firefox version 43 and above)
748 KB
zip Application (for FF < 43) Version 1.0 from 15.7.2015 (.zip, plugin for Firefox until version 43)
746 KB