登录
Certificate Watch 预览

Certificate Watch 作者: PilzAdam

Warns when TLS certificates change over time.

5 (2 reviews)
55 个用户
您需要 Firefox 来使用此扩展
下载 Firefox 并安装扩展
下载文件
屏幕截图
On first visit, a new certificate is added to the local storage automatically.The certificate from the website matches the one stored earlier.The certificate from the website is not the same as the stored version. The changes are displayed and there is an option to accept this new certificate into the store.The storage page shows information about stored certificates.
关于此扩展
This add-on watches over the TLS certificates that websites present to you and warns when the certificate for a domain changes. If a new domain is encountered, its certificate is added to the local storage of this add-on. Future connections to that domain will check that the certificate is still the same as in the local storage.

The add-on icon can display three possible states:
  • Stored: The certificate of the domain is the same as the one in storage.
  • New: There is no previous certificate stored for this domain; the new one is automatically added to the storage.
  • Changed: The certificate of the connection is different to the one in storage. This means, that the certificate of the website was changed. A click on the add-on icon will display more information and has the option to accept the new certificate into the local storage (overriding the old certificate).

This add-on can be a countermeasure to attacks where the attacker has a valid certificate for the attacked website. Changes to the certificate that the browser happily accepts can no longer go unnoticed. The goal of this countermeasure is simply to make the user aware that something has changed; user intervention is still required.

Be aware of the following points:
  • This add-on does not check that certificates are valid. The browser does this already. This add-on only compares certificates of connections that the browser deems safe.
  • This add-on does not block any requests where the certificate has changed. It only informs the user of this fact. If the add-on displays a changed certificate, it is up to the user to decide what to do (e.g. leave the page, accept the certificate, or something else).
  • This add-on implements Trust On First Use (TOFU): the first certificate that is encountered for a domain is automatically trusted. Only future changes will raise a warning.
  • Users of this add-on should already have basic knowledge of how certificates for TLS connections work. The warnings generated by this add-on only make sense if the user can correctly interpret them.
  • This add-on does not work in private browsing mode (see Firefox bug 1329304).
评分 5(1 位用户)

已保存星级评分

5
2
4
0
3
0
2
0
1
0
权限与数据详细了解

必要权限:

  • 访问您在所有网站的数据

可选权限:

  • 获取浏览器标签页
更多信息
附加组件链接
版本
1.12.0
大小
48.46 KB
上次更新
6 年前 (2019年12月1日)
相关分类
版本历史
添加到收藏集
举报此附加组件
1.12.0 的发布说明
  • Added setting that defines which fields of certificates are checked
  • Added buttons to storage to prune old (unseen for a long time) or expired certificates
PilzAdam 制作的更多扩展