+ Reply to Thread
Results 1 to 15 of 15

Thread: HTTPS FF extension .xml script for sb-innovation

  1. #1
    Retired Seal
    SealLion's Avatar
    Join Date
    04.05.08
    Location
    The Arctic--Believe it!!
    Posts
    2,079
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 sssss2079

    HTTPS FF extension .xml script for sb-innovation

    Hey everyone

    I made a simple .xml file for those of you who use HTTPSEverywhere Firefox extension.

    I am aware that you can simply input https for the normal http that I believe the board still uses; however, because I've been on a public wifi for a while now and probably still will be for a shorter while yet, I felt it necessary to installed HTTPSEverywhere firefox extension.

    For the fun of it, I also made this ruleset (within an .xml file) that I placed inside my ruleset folder for that extension.

    Would like others to test it, though as far as I know, while looking through the Console2 extension, I don't see any concerns for that file with respect to sb-innovation that are listed there in.

    I have not yet submitted it to gitrepository website for others to download. And if it seems to go well as I think it is so far, have a go, let me know, and then I can submit it for everyone to use. I figured that if passthepopcorn website has one, so should we.


    *Removed (see post #15)*

    PLease do post your comments, concerns, questions, results here.
    Last edited by anon; 29.10.19 at 05:17. Reason: See post #15
    "God, from the mount Sinai
    whose grey top shall tremble,
    He descending, will Himself,
    in thunder, lightning, and loud trumpet’s sound,
    ordain them laws".


    John Milton (1608-1674) in Paradise Lost


    Ripley's SealLion's Believe it or Not! ~ NASCAR car crashes and Windows have just one thing in common.
    Oh, oh. Better use LINUX.
    Reply With QuoteReply With Quote
    Thanks

  2. Who Said Thanks:

    Renk (02.08.12) , Blocker (20.07.12) , saebrtooth (19.07.12) , Instab (19.07.12) , anon (19.07.12)

  3. #2
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    *Removed (see post #15)*

    I think that would be more efficient. Feedback appreciated too (my HTTPS Everywhere is currently disabled, among many others, since I'm trying to trace a leaky addon).
    Last edited by anon; 29.10.19 at 05:18. Reason: See post #15
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  4. Who Said Thanks:

    SealLion (20.07.12) , saebrtooth (19.07.12) , Instab (19.07.12)

  5. #3
    Moderator
    Instab's Avatar
    Join Date
    18.09.09
    Posts
    6,660
    Activity Longevity
    5/20 17/20
    Today Posts
    0/5 sssss6660
    that's a very welcome addition. big thanks to both of you
    Your account has been disabled.
    Reply With QuoteReply With Quote
    Thanks

  6. #4
    Retired Seal
    SealLion's Avatar
    Join Date
    04.05.08
    Location
    The Arctic--Believe it!!
    Posts
    2,079
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 sssss2079
    What's the difference between your script and mine, anon? Unless some minor detail escaped me, I didn't notice the difference btw either one??

    Or is it the following info I just saw in your code??

    (www\.)
    As the inclusion would just be that, is it not normally adjusted as such within the URL bar when going to any particular website??

    So if the one that I've posted above and if there aren't any problems with it as I have not noticed any either, though I'm still hoping some others will comment, I would then just submit this to the torproject then.
    "God, from the mount Sinai
    whose grey top shall tremble,
    He descending, will Himself,
    in thunder, lightning, and loud trumpet’s sound,
    ordain them laws".


    John Milton (1608-1674) in Paradise Lost


    Ripley's SealLion's Believe it or Not! ~ NASCAR car crashes and Windows have just one thing in common.
    Oh, oh. Better use LINUX.
    Reply With QuoteReply With Quote
    Thanks

  7. #5
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    This part of yours:

    Code:
    <rule from="^sb-innovation\.de/" to="https://sb-innovation.de/"/>
    Repointing the request to 'https://sb-innovation.de/restofurlgoeshere' will make it redirect to 'https://www.sb-innovation.de/restofurlgoeshere', because of how the server works. Mine points any link starting with http://www.sb-innovation.de/ (the underlined part could be there or not) to https://www.sb-innovation.de/, avoiding that.

    By the way, HTTPS Everywhere doesn't seem to be one of the leaky addons, so I'll try it myself later today and see how it fares in reality.

    ---------- Post added at 15:10 ---------- Previous post was at 14:10 ----------

    Disregard that and use this:

    *Removed (see post #15)*

    No leaks (verified with SmartSniff) and sets the secure flag on all site cookies for additional protection.
    Last edited by anon; 29.10.19 at 05:18. Reason: See post #15
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  8. Who Said Thanks:

    CM05 (26.07.12)

  9. #6
    Retired Seal
    SealLion's Avatar
    Join Date
    04.05.08
    Location
    The Arctic--Believe it!!
    Posts
    2,079
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 sssss2079
    Ok so what your saying then is that even without the www within the ruleset, it still makes it redirect to https:/www, correct??

    I understand that the ruleset is being given the benefit, so to speak, by the forum's server to the correct redirection. But from what I understand of your information is that, rather than having the forum's server redirect a URL without the www, to a URL with the https://www, you are actually having to cut out 1-step of a 2-step redirection to just a 1-step redirection by placing inside the ruleset the www so that it the extension and server correctly redirect a URL with the www to a https://www address?? Is that correct??
    "God, from the mount Sinai
    whose grey top shall tremble,
    He descending, will Himself,
    in thunder, lightning, and loud trumpet’s sound,
    ordain them laws".


    John Milton (1608-1674) in Paradise Lost


    Ripley's SealLion's Believe it or Not! ~ NASCAR car crashes and Windows have just one thing in common.
    Oh, oh. Better use LINUX.
    Reply With QuoteReply With Quote
    Thanks

  10. #7
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    Quote Originally Posted by SealLion View Post
    I understand that the ruleset is being given the benefit, so to speak, by the forum's server to the correct redirection. But from what I understand of your information is that, rather than having the forum's server redirect a URL without the www, to a URL with the https://www, you are actually having to cut out 1-step of a 2-step redirection to just a 1-step redirection by placing inside the ruleset the www so that it the extension and server correctly redirect a URL with the www to a https://www address?? Is that correct??
    Yes
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  11. Who Said Thanks:

    SealLion (21.07.12)

  12. #8
    Retired Seal
    SealLion's Avatar
    Join Date
    04.05.08
    Location
    The Arctic--Believe it!!
    Posts
    2,079
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 sssss2079
    Ok. Great. On to the next question. In the ruleset you've placed above, you have 'securecookie host' placed. Is not the https considered automatically a securecookie host by the redirected action?? And a supplemental question to that is what is the primary purpose of the entire line having the securecookie host?? How or why would that be a necessity as you've already provided a ruleset stating the redirection to the https://www directly underneath that line??
    "God, from the mount Sinai
    whose grey top shall tremble,
    He descending, will Himself,
    in thunder, lightning, and loud trumpet’s sound,
    ordain them laws".


    John Milton (1608-1674) in Paradise Lost


    Ripley's SealLion's Believe it or Not! ~ NASCAR car crashes and Windows have just one thing in common.
    Oh, oh. Better use LINUX.
    Reply With QuoteReply With Quote
    Thanks

  13. #9
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    Quote Originally Posted by SealLion View Post
    And a supplemental question to that is what is the primary purpose of the entire line having the securecookie host?? How or why would that be a necessity as you've already provided a ruleset stating the redirection to the https://www directly underneath that line??
    Additional security. Say the HTTPS Everywhere addon breaks for whatever reason - since all your forum cookies are marked as secure, they wouldn't be sent over the resulting unencrypted connections, therefore keeping your account here safe.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  14. #10
    Retired Seal
    SealLion's Avatar
    Join Date
    04.05.08
    Location
    The Arctic--Believe it!!
    Posts
    2,079
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 sssss2079
    I see. Ok. Great. Well, then I think that I"ll replace the one that I've used with the 2nd one you've posted. You might as well take credit and post it to the gitweb.torproject.org list then if you want. Very much an asset to have this available to those who use the extension.
    "God, from the mount Sinai
    whose grey top shall tremble,
    He descending, will Himself,
    in thunder, lightning, and loud trumpet’s sound,
    ordain them laws".


    John Milton (1608-1674) in Paradise Lost


    Ripley's SealLion's Believe it or Not! ~ NASCAR car crashes and Windows have just one thing in common.
    Oh, oh. Better use LINUX.
    Reply With QuoteReply With Quote
    Thanks

  15. #11
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    I merely improved on something you posted, so I think it'd be fair if you still went ahead and submitted it.

    By all means, I'm also happy we have this now. vBulletin's HTTPS support is very broken when it comes to leaks.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  16. Who Said Thanks:

    SealLion (21.07.12)

  17. #12
    Retired Seal
    SealLion's Avatar
    Join Date
    04.05.08
    Location
    The Arctic--Believe it!!
    Posts
    2,079
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 sssss2079
    Ok. Well I"ll do that then. I"ll email the site today for submission on this script for that particular extension. And for those who have been reading this thread and would like to know where the gitweb.torproject.org list is for HTTPSEverywhere firefox extension, I'll post the link here:

    Inside your user profile folder, find ( unless there exists already) a folder called HTTPSEverywhereUserRule. Start a file and copy/paste inside some of the rulesets already there (or make your own following the directions at the extensions website). Rename it as an .xml file. Restart your browser.
    "God, from the mount Sinai
    whose grey top shall tremble,
    He descending, will Himself,
    in thunder, lightning, and loud trumpet’s sound,
    ordain them laws".


    John Milton (1608-1674) in Paradise Lost


    Ripley's SealLion's Believe it or Not! ~ NASCAR car crashes and Windows have just one thing in common.
    Oh, oh. Better use LINUX.
    Reply With QuoteReply With Quote
    Thanks

  18. #13
    Retired Seal
    SealLion's Avatar
    Join Date
    04.05.08
    Location
    The Arctic--Believe it!!
    Posts
    2,079
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 sssss2079
    @ anon:

    Is there something wrong with this?? I basically took directions from you and how you managed to make the ruleset for sb-i more compatible with potential extension breakages and elimination of 2-steps down to 1. (http taken out and replaced with hxxp. Same with all the links given below)


    <ruleset name="warez-bb.org">
    <target host="*.warez-bb.org" />
    <target host="warez-bb.org" />
    <securecookie host="^(.*?\.)?warez-bb\.org$" name=".*" />
    <rule from="^hxxp://(.*?\.)?.warez-bb\.org/" to="hxxps://www.warez-bb.org/" />
    </ruleset>

    For some reason I keep getting some errors about these though I don't believe that they amount to much. It just shows errors about unrelated matters.


    Warning: Unknown property 'box-sizing'. Declaration dropped.
    Source file: hxxp://img9.warez-bb.org/wbb3_theme/styles/main.css
    Line: 37
    and

    NOTE: The below link is not a direct warez link. You'll get a pop stating that the protocol of 'hxxp' is unknown and your browser won't know how to open it.

    Warning: Expected media feature name but found 'view-mode'.
    Source file: Index :: Warez-BB.org
    Line: 1
    and


    Warning: Unknown pseudo-class or pseudo-element 'selected'. Ruleset ignored due to bad selector.
    Source file: hxxp://img9.warez-bb.org/wbb3_theme/styles/main.css
    Line: 9

    you can see from the last console error in which it states 'ruleset ignored'. This is the only error that I would have most concern about. I am none too sure what is referencing to pseudo-elements.
    Last edited by SealLion; 22.07.12 at 22:23. Reason: needed to take out direct warez links.
    "God, from the mount Sinai
    whose grey top shall tremble,
    He descending, will Himself,
    in thunder, lightning, and loud trumpet’s sound,
    ordain them laws".


    John Milton (1608-1674) in Paradise Lost


    Ripley's SealLion's Believe it or Not! ~ NASCAR car crashes and Windows have just one thing in common.
    Oh, oh. Better use LINUX.
    Reply With QuoteReply With Quote
    Thanks

  19. #14
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    Those are just CSS errors, you can ignore them.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  20. Who Said Thanks:

    SealLion (22.07.12)

  21. #15
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    A little bump for this. HTTPS Everywhere supports this forum out of the box, but the corresponding rule is disabled by default because our certificate is "expired, self-signed" (which it was before Cloudflare). Merely enabling it in the settings is enough, and the ruleset is well-written, therefore I've removed the "experimental" ones that were posted in this thread.

    The extension doesn't work on Pale Moon, but its fork HTTPS Always does.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

+ Reply to Thread

Tags for this Thread

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •