This Firefox plugin developed by A-SIT shows security-relevant parameters of the active connection.
Typically, browsers keep the display of security-related information about called web pages to a minimum. While it is clearly indicated whether the connection to a server is encrypted, more fine-grained information is not printed or can only be retrieved by overcoming hurdles.
As a consequence, the objective of this project consisted in developing an extensible addon for Mozilla Firefox which inspects called domains regarding security-critical aspects and summarizes the results for security-affine users.The focus of the work has been put on reading and evaluating retrievable data whose values substantially affect the attainable security level. Hence, for every called website, details concerning the employed cipher suite, used signature algorithms, and the entire certificate chain are displayed. An excerpt of this data is also shown for all domains which are indirectly loaded by primarily invoked domain.
Having downloaded the browser extension and unpacked the .ZIP file, the resulting .xpi file can be moved to an active browser window via drag & drop. After confirming the installation, the plugin is ready to use.