General :
K-Meleon Web Browser Forum
I guess I will have to go back and read those posts on converting an extension for K-Meleon.
Edited 1 time(s). Last edit at 10/27/2010 01:42PM by Munkymind.
Firesheep is a scary extension for FireFox, imo, and one that makes open and free WiFi cafes even scarier to use.
http://www.zdnet.com/blog/perlow/firesheep-its-gonna-cost-you/14327?tag=content;selector-blogs
The following FireFox extensions are supposed to make that browser safe by forcing SSL and HTTPS. Will they work with K-Meleon?
Force the use of TLS or SSL Many, but not all sites, support the use of Transport Layer Security (TLS) and Secure Sockets Layer (SSL) or TLS/SSL over HTTP (HTTPS) but default to not encrypting your traffic. There are browser extensions, however, that will force those sites that support TLS or SSL to use these protocols. Once authenticated and encrypted, your traffic will be safe from Firesheep.
These extensions include HTTPS Everywhere and Force TLS. Other broader Web security extensions, such as NoScript, also include this functionality. That’s the good news. The bad news is that they only work with Firefox. There are, to the best of my knowledge, no such add-ons for Internet Explorer, Chrome, Safari, or Opera. If anyone knows of some, I’d love to hear about them.
N
Nobody here cares if anything is not available for IE and Safari
Who told You they work only on FF? :O
To me the interface of e.g. Force TLS looks pretty much like the self contained XUL-Window type that we use in a number of other K-Meleon ports.
4 K-Meleon: You got to try. Unpack the xpi. Install the software prerequisites...
Edited 1 time(s). Last edit at 10/30/2010 06:59PM by guenter.
Guenter,
You flatter me. Moi? Write a KM extension? Not bloody likely! <VBG>
N
Edited 1 time(s). Last edit at 10/31/2010 02:32PM by ndebord.
Guenter, what do we need to do to the XUL to make this fit KM? And it looks like one or two other things may need hacking...
Gordon.
____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]
http://kmeleonbrowser.org/forum/read.php?1,119221,119291#msg-119291
The extension is probably not working for K-Meleon.
Else You'd unpack the xpi.
Repack the chrome files of content, locale and skin into forcetls.jar (a zipped folder). Fix the paths of the chrome.manifest so that they work and point to a jar in ./chrome. Create a kmm that calls the forcedsites.xul in this jar.
Distribute all files where they belong in chrome, components, macros & moduls.
NoScript seems to use the extensions technology. Maybe look there for a replacement.
Edited 1 time(s). Last edit at 09/25/2011 08:27PM by guenter.
General discussion about K-Meleon
FireSheep Firefox Extension: Sidejacking (cookie stealing) Made Easy
Posted by:
Munkymind
Date: October 27, 2010 01:40PM
http://codebutler.com/firesheepQuote
It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.
Today at Toorcon 12 I announced the release of Firesheep, a Firefox extension designed to demonstrate just how serious this problem is.
After installing the extension you'll see a new sidebar. Connect to any busy open wifi network and click the big "Start Capturing" button. Then wait.
As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed:
Double-click on someone, and you're instantly logged in as them.
Firesheep is free, open source, and is available now for Mac OS X and Windows. Linux support is on the way.
I guess I will have to go back and read those posts on converting an extension for K-Meleon.
Edited 1 time(s). Last edit at 10/27/2010 01:42PM by Munkymind.
Re: FireSheep Firefox Extension: Sidejacking (cookie stealing) Made Easy
Posted by:
ndebord
Date: October 30, 2010 01:39PM
Firesheep is a scary extension for FireFox, imo, and one that makes open and free WiFi cafes even scarier to use.
http://www.zdnet.com/blog/perlow/firesheep-its-gonna-cost-you/14327?tag=content;selector-blogs
The following FireFox extensions are supposed to make that browser safe by forcing SSL and HTTPS. Will they work with K-Meleon?
Force the use of TLS or SSL Many, but not all sites, support the use of Transport Layer Security (TLS) and Secure Sockets Layer (SSL) or TLS/SSL over HTTP (HTTPS) but default to not encrypting your traffic. There are browser extensions, however, that will force those sites that support TLS or SSL to use these protocols. Once authenticated and encrypted, your traffic will be safe from Firesheep.
These extensions include HTTPS Everywhere and Force TLS. Other broader Web security extensions, such as NoScript, also include this functionality. That’s the good news. The bad news is that they only work with Firefox. There are, to the best of my knowledge, no such add-ons for Internet Explorer, Chrome, Safari, or Opera. If anyone knows of some, I’d love to hear about them.
N
Re: FireSheep Firefox Extension: Sidejacking (cookie stealing) Made Easy
Posted by:
guenter
Date: October 30, 2010 05:09PM
Quote
ndebord
The following FireFox extensions are supposed to make that browser safe by forcing SSL and HTTPS.
Will they work with K-Meleon?
...
The bad news is that they only work with Firefox.
There are, to the best of my knowledge, no such add-ons for Internet Explorer, Chrome, Safari, or Opera. If anyone knows of some, I’d love to hear about them.
Nobody here cares if anything is not available for IE and Safari
Who told You they work only on FF? :O
To me the interface of e.g. Force TLS looks pretty much like the self contained XUL-Window type that we use in a number of other K-Meleon ports.
4 K-Meleon: You got to try. Unpack the xpi. Install the software prerequisites...
Edited 1 time(s). Last edit at 10/30/2010 06:59PM by guenter.
Re: FireSheep Firefox Extension: Sidejacking (cookie stealing) Made Easy
Posted by:
ndebord
Date: October 31, 2010 02:31PM
Quote
guenter
Quote
ndebord
The following FireFox extensions are supposed to make that browser safe by forcing SSL and HTTPS.
Will they work with K-Meleon?
...
The bad news is that they only work with Firefox.
There are, to the best of my knowledge, no such add-ons for Internet Explorer, Chrome, Safari, or Opera. If anyone knows of some, I’d love to hear about them.
Nobody here cares if anything is not available for IE and Safari
Who told You they work only on FF? :O
To me the interface of e.g. Force TLS looks pretty much like the self contained XUL-Window type that we use in a number of other K-Meleon ports.
4 K-Meleon: You got to try. Unpack the xpi. Install the software prerequisites...
Guenter,
You flatter me. Moi? Write a KM extension? Not bloody likely! <VBG>
N
Edited 1 time(s). Last edit at 10/31/2010 02:32PM by ndebord.
Re: FireSheep Firefox Extension: Sidejacking (cookie stealing) Made Easy
Posted by:
gordon451
Date: September 24, 2011 11:51AM
Quote
guenter
To me the interface of e.g. Force TLS looks pretty much like the self contained XUL-Window type that we use in a number of other K-Meleon ports.
Guenter, what do we need to do to the XUL to make this fit KM? And it looks like one or two other things may need hacking...
Gordon.
____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]
Re: FireSheep Firefox Extension: Sidejacking (cookie stealing) Made Easy
Posted by:
guenter
Date: September 25, 2011 08:26PM
http://kmeleonbrowser.org/forum/read.php?1,119221,119291#msg-119291
The extension is probably not working for K-Meleon.
Else You'd unpack the xpi.
Repack the chrome files of content, locale and skin into forcetls.jar (a zipped folder). Fix the paths of the chrome.manifest so that they work and point to a jar in ./chrome. Create a kmm that calls the forcedsites.xul in this jar.
Distribute all files where they belong in chrome, components, macros & moduls.
NoScript seems to use the extensions technology. Maybe look there for a replacement.
Edited 1 time(s). Last edit at 09/25/2011 08:27PM by guenter.
English