Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 14 Feb 2016 22:07:21 -0500
From: David Leo <>
Subject: Browser Security Tool: HTTPS Only (Why, How, Open Source, Python)

(@moderators The original post was too brief. This one has details.)


This tool completely locks browser - just HTTPS, nothing else. This
tool is extremely simple - less than 100 lines of code(Python and


Firefox Add-on Firesheep Brings Hacking to the Masses
"Firesheep is basically a packet sniffer that can analyze all the
unencrypted Web traffic"
(Quite a while ago, it's become a "casual game")

Yes, Mozilla said, "Gradually phasing out access to browser features
for non-secure websites", in April 2015. After more than six months,
they have done nothing useful.

The Chrome team wanted the same stuff:
Again, nothing significant has been achieved yet.

And there is HTTPS Everywhere, with SO MANY rules:
It's still able to access HTTP by default, but there is "Block all
HTTP requests". The problem: nothing happens when browser tries HTTP -
there should be warning(it's incorrect behavior) and options(try
HTTPS, Google Cache, etc). People complained, months ago:


PAC(Proxy auto-config) is used:
If it's HTTPS, that's fine.
If it's HTTP, user gets warning and options(try HTTPS, Google Cache -
it has HTTPS, etc).
Anything else, it goes to

It's a simple tool that does one job, and does it very well.


Best Wishes,

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ