KB SSL Enforcer

KB SSL Enforcer插件简介

KB SSL Enforcer插件描述

This extension enfces encryption f websites that suppt it as much as currently possible in Chrome. This gives you added security  privacy f your browsing automatically  transparently. This is particularly imptant on insecure netwks, such as public wifi in e.g. coffee shops  hotels.

It is not completely secure against the infamous Firesheep, but it does minimize the risk greatly. See the section on complete enfcement f technical details  me on when this will be possible.

Features:
 Automatically detects if a site suppts SSL (TLS)  enfces all subsequent requests to be over SSL
 As soon as a domain is set to be enfce, the browser will not send any unencrypted requests f that domain (unless the site deliberately enfces not using encryption, see the section on complete enfcement)
 Flexible options f overriding the autodetection
 Caches which sites suppt SSL (respects incognito mode)
 Open source (GPLv2  later)

Changelog:
https://github.com/kbitdk/kbsslenfcer/blob/master/Changelog.md

Issue tracker:
https://github.com/kbitdk/kbsslenfcer/issues

Complete enfcement:
Due to Chrome limitations KB SSL Enfcer detects SSL on the very first visit to a page  is unable to block the unencrypted request from going through while this is happening. It will let that page load  if it is detected to suppt SSL, all subsequent requests to that domain will be enfced automatically to use SSL befe the unencrypted request is sent from the browser.

The unencrypted request only goes through on the very first page visit where its detecting SSL suppt. The setting will be saved  survives reboots  all. The only way to stop enfcing SSL is to manually set it to igne SSL on that domain  if the extension detects that the site is trying to enfce an unencrypted connection  therefe backs off by not enfcing it from then on.

This first insecure request could send a cookie in the clear, which would give anyone with tools like Firesheep an opptunity to use your account on that site. But this only happens if they catch it during that first request  if it includes sensitive infmation, such as your logged in session. All subsequent requests, even after restarting the browser  rebooting the computer, will enfce encryption.

Permissions:
The manifest file states the permissions requested:
https://github.com/kbitdk/kbsslenfcer/blob/master/chrome%20extension/manifest.json
 * *://*/
  * This is f accessing pages on all domains  both with  without SSL
 * tabs
  * This is f accessing infmation on whether a tab is in incognito, so it can be respected
 * webRequest
  * This is f intercepting the unencrypted requests  detecting whether the site doesnt suppt encryption by redirecting encrypted requests to the unencrypted site
 * webRequestBlocking
  * This is f blocking the unencrypted requests while determining whether it needs to be redirected

The project is open source  any scrutiny of the code  the extensions behavi is encouraged. If you have any comments, please open an issue on the issue tracker:
https://github.com/kbitdk/kbsslenfcer/issues

Feedback:
Any questions  feedback are welcome in the issue tracker linked above, which has features to manage  notify people of any issues, so they can be fixed  we can all have a better extension. Please keep the user reviews section of this page to just reviews. Thanks.

Developed by KB IT:
https://kbit.dk
                                

KB SSL Enforcer插件离线安装方法

1.首先用户点击谷歌浏览器右上角的自定义及控制按钮，在下拉框中选择设置。

2.在打开的谷歌浏览器的扩展管理器最左侧选择扩展程序或直接输入：chrome://extensions/

3.找到自己已经下载好的Chrome离线安装文件xxx.crx，然后将其从资源管理器中拖动到Chrome的扩展管理界面中，这时候用户会发现在扩展管理器的中央部分中会多出一个”拖动以安装“的插件按钮。

4.下载 KB SSL EnforcerChrome插件v2.0.5版本到本地。

5.勾选开发者模式，点击加载已解压的扩展程序，将文件夹选择即可安装插件。

注意：最新版本的chrome浏览器直接拖放安装时会出现“程序包无效CRX-HEADER-INVALID”的报错信息，参照这篇文章即可解决