Advice Request What Browser Extensions are you using in 2020?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
Sort by date Sort by votes
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,821
Suggested reading for anyone debating whether to use HTTPS Everywhere or not:
www.eff.org

How HTTPS Everywhere Keeps Protecting Users On An Increasingly Encrypted Web

Way back in 2010, we launched our popular browser extension HTTPS Everywhere as part of our effort to encrypt the web. At the time, the need for HTTPS Everywhere to protect browsing sessions was as obvious as the threats were ever-present. The threats may not be as clear now, but HTTPS...
www.eff.org www.eff.org
 
  • Like
  • Thanks
  • +Reputation
Reactions: Cortex, HarborFront, Protomartyr and 8 others
Upvote 0 Downvote
Lenny_Fox

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
I read the article and can someone explain how a redirect on the same server from HTTP to HTTPS gives hackers plenty of time to do their evil?

HTTPS everywhere is as usefull as anti conception for a 60 year old woman.

As with pregnant 60 year olds, it does happen from time to time. But the chance you winning the lottery IS WAY HIGHER THAN making a 60 year old pregnant again.

In short: HTTPS EVERYWHERE? Nah not for me, but feel free to check your chances with the next 60 year old you encounter.
 
  • HaHa
  • Applause
Reactions: Cortex, ForgottenSeer 85179, CyberTech and 2 others
Upvote 0 Downvote
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,821
Lenny_Fox said:
can someone explain how a redirect on the same server from HTTP to HTTPS gives hackers plenty of time to do their evil?
Click to expand...
  1. Does an MITM on the HTTP connection
  2. Replaces all the HTTPS links with HTTP ones but remembers the links which were changed
  3. Communicates with the victim client on an HTTP connection for any secure link
  4. Communicates with the legitimate server over HTTPS for the same secure link
  5. Communication is transparently proxied between the victim client and the legitimate server
  6. Images such as the favicon are replaced by images of the familiar "secure lock" icon, to build trust
  7. As the MITM is taking places all passwords, credentials etc are stolen without the Client knowing
Click to expand...
Not sure if this is the explanation you wanted or not. I believe this would require the attacker to compromise your machine/router or the server you connect to.
I don't know how prevalent this attack is or the percentage of servers vulnerable to it nowadays, but back in 2016 only 5% of HTTPS servers implemented HSTS. With that said, 5% still means tens to hundreds of thousands of websites have implemented it.
 
Last edited:
  • Like
Reactions: DDE_Server, Cortex, ForgottenSeer 85179 and 3 others
Upvote 0 Downvote
Handsome Recluse

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
Lenny_Fox said:
I read the article and can someone explain how a redirect on the same server from HTTP to HTTPS gives hackers plenty of time to do their evil?

HTTPS everywhere is as usefull as anti conception for a 60 year old woman.

As with pregnant 60 year olds, it does happen from time to time. But the chance you winning the lottery IS WAY HIGHER THAN making a 60 year old pregnant again.

In short: HTTPS EVERYWHERE? Nah not for me, but feel free to check your chances with the next 60 year old you encounter.
Click to expand...
Tor browser uses it which have users of some high risk people. It must be useful.
 
  • Like
  • HaHa
Reactions: DDE_Server, Cortex, oldschool and 3 others
Upvote 0 Downvote
Lenny_Fox

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
@Arequire

The first step is the 60 year old successful inception. Considering it is a redirect on the same server (from HTTP to HTTPS)

intrusion without explanation said:
1. Does an MITM on the HTTP connection
Click to expand...



@Handsome Recluse

Every additional security helps. But when the magic "Does an MITM on the HTTP connection" is that easy, HSTS still keeps that window open, see explanation (link), only difference is that the browser remembers it for the time (max-age) set in the header time, which closes down the window of opportunity from each time the address is typed in the adddres bar to once.

To be honest a MITB (man in the browser) attack would be easier, just develop an extension and update it to go bad. People love to stack extensions to protect themselves against all sorts of unlikely events (like playing soccer in knight's armor)

1588662815650.png
 
Last edited:
  • Like
  • HaHa
Reactions: Cortex, oldschool and toto_10
Upvote 0 Downvote
Handsome Recluse

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
Cortex said:
Emsisoft - I don't care about cookies - No, thanks - IMHO the less extensions the better, or you are heading to overkill as you can with AV program of sorts.
Click to expand...
Much less and much less intrusively than a local program however.

SeriousHoax said:
Don't call it soccer 😖 It's football ⚽
Click to expand...
It's putball.
Lenny_Fox said:
People love to stack extensions to protect themselves against all sorts of unlikely events (like playing soccer in knight's armor)
Click to expand...
The stores would quickly remove that though and they'd have to regain followers.
 
  • Like
Reactions: Cortex and toto_10
Upvote 0 Downvote
F

ForgottenSeer 85179

Arequire said:
Suggested reading for anyone debating whether to use HTTPS Everywhere or not:
www.eff.org

How HTTPS Everywhere Keeps Protecting Users On An Increasingly Encrypted Web

Way back in 2010, we launched our popular browser extension HTTPS Everywhere as part of our effort to encrypt the web. At the time, the need for HTTPS Everywhere to protect browsing sessions was as obvious as the threats were ever-present. The threats may not be as clear now, but HTTPS...
www.eff.org www.eff.org
Click to expand...
HTTPS everywhere is from EFF. Of course they make it better then it is nowadays

Handsome Recluse said:
Tor browser uses it which have users of some high risk people. It must be useful.
Click to expand...
Tor browser not even use nor had a Adblocker. Also they can't protect you against fingerprinting.

DSD27 said:
How?
Click to expand...
You can read about that in edge and AdGuard thread ;) can't post it here from mobile

DDE_Server said:
What about blocking port 80 firewall will block all http connection of the browser if browser is support using port 443 (https protocol )I think it will be blocked without any problems while access to https still provided what do you think??
Click to expand...
Should work but I guess it can make some trouble.
you can't then make easy exceptions at browser level for sites which still not use https
 
  • Like
Reactions: Protomartyr, Cortex, oldschool and 2 others
Upvote 0 Downvote
DDE_Server

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
security123 said:
You can read about that in edge and AdGuard thread ;) can't post it here from mobile
Should work but I guess it can make some trouble.
you can't then make easy exceptions at browser level for sites which still not use https
Click to expand...
if you donot want to use HTTP then why you want to make exception
1588696070635.png

also i see adguard desktop there is option for for HTTPs filtering but not HTTP may i will search again for that
or you mean using adguard DNS that is another method
i trust HTTPs for encypted connection filtering but may be add some exclusions
 
  • Like
Reactions: Protomartyr and oldschool
Upvote 0 Downvote
SeriousHoax

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,633
DDE_Server said:
i see adguard desktop there is option for for HTTPs filtering but not HTTP
Click to expand...
This means Adguard will MITM the encrypted HTTPS connection between the server and your browser. It needs to do this for it to block ads properly. Some AV like Kaspersky, ESET, Bitdefender does this too by default to scan webpages.
HTTP is not encrypted so it doesn't require such method.
 
  • Like
  • +Reputation
Reactions: toto_10, Protomartyr, DDE_Server and 8 others
Upvote 0 Downvote
Cortex

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
I have few extensions but I do use AdGuard for desk with additions & anti-tracking on IVPN which gives somewhat unknown anti-tracking I must say, contacting support wasn't very helpful regarding what is & isn't tracked, (support should be in secret service) though it does block Spotify & upsets Office 365 (good) :):) Having no need for MS Office moved again to Softmaker so what O&O blocks is now irrelevant.
 
  • Like
Reactions: toto_10, Protomartyr, oldschool and 1 other person
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

R
    • Like
Hot Take Let's Block It! - A companion to the great uBlock Origin content blocker
Replies
2
Views
579
Web Extensions
rashmi
R
PlayerFromTheITtic
    • Like
  • Question
Advice Request A little big Browser Add-on related challenge
Replies
10
Views
1,533
Web Extensions
PlayerFromTheITtic
PlayerFromTheITtic
silversurfer
    • Like
    • +Reputation
Cookie Block corrects GDPR violations in the browser
Replies
0
Views
732
Web Extensions
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top