Automatic security, browse encrypted.
This extension enforces encryption for websites that support it as much as currently possible in Chrome. This gives you added security and privacy for your browsing automatically and transparently. This is particularly important on insecure networks, such as public wifi in e.g. coffee shops and hotels. It is not completely secure against the infamous Firesheep, but it does minimize the risk greatly. See the section on complete enforcement for technical details and more on when this will be possible. Features: - Automatically detects if a site supports SSL (TLS) and enforces all subsequent requests to be over SSL - As soon as a domain is set to be enforce, the browser will not send any unencrypted requests for that domain (unless the site deliberately enforces not using encryption, see the section on complete enforcement) - Flexible options for overriding the auto-detection - Caches which sites support SSL (respects incognito mode) - Open source (GPLv2 or later) Changelog: https://github.com/kbitdk/kbsslenforcer/blob/master/Changelog.md Issue tracker: https://github.com/kbitdk/kbsslenforcer/issues Complete enforcement: Due to Chrome limitations KB SSL Enforcer detects SSL on the very first visit to a page and is unable to block the unencrypted request from going through while this is happening. It will let that page load and if it is detected to support SSL, all subsequent requests to that domain will be enforced automatically to use SSL before the unencrypted request is sent from the browser. The unencrypted request only goes through on the very first page visit where it's detecting SSL support. The setting will be saved and survives reboots and all. The only way to stop enforcing SSL is to manually set it to ignore SSL on that domain or if the extension detects that the site is trying to enforce an unencrypted connection and therefore backs off by not enforcing it from then on. This first insecure request could send a cookie in the clear, which would give anyone with tools like Firesheep an opportunity to use your account on that site. But this only happens if they catch it during that first request and if it includes sensitive information, such as your logged in session. All subsequent requests, even after restarting the browser and rebooting the computer, will enforce encryption. Permissions: The manifest file states the permissions requested: https://github.com/kbitdk/kbsslenforcer/blob/master/chrome%20extension/manifest.json * *://*/ * This is for accessing pages on all domains and both with and without SSL * tabs * This is for accessing information on whether a tab is in incognito, so it can be respected * webRequest * This is for intercepting the unencrypted requests and detecting whether the site doesn't support encryption by redirecting encrypted requests to the unencrypted site * webRequestBlocking * This is for blocking the unencrypted requests while determining whether it needs to be redirected The project is open source and any scrutiny of the code or the extension's behavior is encouraged. If you have any comments, please open an issue on the issue tracker: https://github.com/kbitdk/kbsslenforcer/issues Feedback: Any questions or feedback are welcome in the issue tracker linked above, which has features to manage and notify people of any issues, so they can be fixed and we can all have a better extension. Please keep the user reviews section of this page to just reviews. Thanks. Developed by KB IT: https://kbit.dk
- (2018-03-29) Алексей путенихин: класс
- (2017-12-07) Thomas Grothuesmann: Lightweight and opensource, does it job well.
- (2017-04-14) Ilya Stroganov: bye-bye "HTTPS Everywhere"
- (2017-01-30) Eddie Atter: Way better than HTTPS Everywhere. Lightweight, open source, and does what it says!
- (2016-12-27) Habib Ullah: Not Working
- (2016-12-02) HeRuHaiLiu Huang: 需要手动激活，很麻烦。不如httpsEverywhere。弃用
- (2016-09-21) Brain Arts: Definitely the best one i found to take care of Enforcing SSL communication automatically for me. You have choice to enforce or ignore rule on certain domain and with a bit of tuning you have a perfectly running and secure environment to browse you favorite website. You will even see where there is security breach that we can't really see otherwise, like facebook trying to access unsecure resource over SSL.
- (2016-08-23) Xiaojiang: Please add wildcard support for https URLs, e.g. *.blogspot.com
- (2016-08-17) Paulo Mendes: Lighter then HTTPS Everywhere.
- (2015-07-07) s hndpz: Opera顺利安装
- (2015-05-22) Harry Bobo: 很不错，自动检测https，破网必备……
- (2015-05-03) awesome!
- (2015-04-22) David Coburn: Basically works, but also tends to break lots of websites. Just not worth constantly having to disable it or wondering why something isn't loading before realizing that yes, it's this thing again.
- (2015-04-12) Breaks twitch.tv
- (2015-04-01) Eng Mohamed: G
- (2015-03-25) Koorosh Persia: what's the point ? :/ if sites have https we use that !! if they haven't what we can do ?
- (2015-03-13) 喵喵酱: 自动检测并添加的功能能不能关掉，有些https的网址虽然能连通但不一定能显示页面，就比如淘宝和腾讯网一些域名
- (2015-02-21) Tal Bourla: very good and easy to use, installed "tracker ssl" extention along with it and the combination is best
- (2015-02-06) Costin Gușă: i logged in just to rate this, because i feel it deserves a bit more. searching for 'ssl enforcer' shows other extensions which are not as good as kb. if it was useful to you, take a minute to help it by leaving a positive review.
- (2014-10-15) Kadesha Narcis: it does always stick -_-
- (2014-09-04) Forget the rest this one is the best.
- (2014-08-28) Habib Yajam: Thanks to its options for ignoring and enforcing HTTPS for selected sites, Its even better than HTTPS Everywhere! It's also open source which make me believe in its security.
- (2014-07-28) Mr. Mehran: use the switch --allow-running-insecure-content for breaking issues
- (2014-07-02) Karan Patwardhan: I Have been using it for a few years now. But recently youtube videos are not playing because of the extension. The videos play fine when i disable the extension. Using it with ABP and Disconnect extensions.
- (2014-05-14) Domingo Gonzalez Luengo: Mejor en Español
- (2018-04-02, v:2.0.5) Extension error
Extension error at Google Analytics with uBlock Origin
- (2018-04-01, v:2.0.5) Use of Google Analytics
Your extension is the only one I use that gets blocked by the adblocker from using Google Analytics. Since this is an extension for people who value privacy, the use of that tracker is particularly problematic. It would be great if you could remove that. Use PiWik if you really want tracking.
- (2017-05-24, v:2.0.5) Johny Why: SSL If Not Enforced?
if a site is not "enforeced" or "ignored", will it load securely with https? Unclear.
- (2017-05-10, v:2.0.5) veryscaryreaper: ERR_SSL_PROTOCOL_ERROR
I thought that this extension would fix this error on some sites on public WiFi as I have heard that it means that that WiFi address doesn't allow HTTPS with HTML5. Is there any way to enable these sites?
- (2015-07-09, v:2.0.4) Albert Kolkin: Breaks TheAtlantic .com
Only text appears on displaying a page. None of the hyperlinks on that page work.
- (2015-02-24, v:2.0.4) Add an automatic fingerprint checker
SSL is great if it's not being intercepted. If your software could contain the pre-checked fingerprints of some well-known web sites, it could check them against the thumbprint seen by the browser. More info on Steve Gibson's web site, grc.com: https://www.grc.com/fingerprints.htm
- (2015-02-11, v:2.0.4) Ano Nymous: Breaks sourceforge.net
sourceforge.net does not work with this extension on. It gets stuck on a cookie acceptance page (it remains blank).
- (2015-02-04, v:2.0.4) Evelyne Giorgetti: connexion
- (2013-10-10, v:2.0.3) Christopher W.: How do you whitelist a site?
Hi, I've found one site (www.makeuseof.com) that needs to be whitelisted. How do I find the manifest to do so, and what do I do when I get there? Windows 7, latest version of Chrome... Thanks!
- (2013-08-13, v:2.0.0) Donn Edwards: Disqus comments
Please add disqus.com to the default "ignore" list. Thanks for a great extension!