HTTPS Everywhere rules sharing

[m00nbl00d]

I'm wondering what you folks would think of sharing rules for HTTPS Everywhere, for services that may not be in the database yet?

We could later on send it to the HTTPS Everywhere service.

I'm lazy... so I only created two so far... I got a list of domains to create rules for, though... for about a month or so... yep... lazy. lol

I've created one for Spywareblaster's website:

Code:

<ruleset name="Javacool Software">
<target host="www.javacoolsoftware.com"/>
<rule from="^http://www\.javacoolsoftware\.com/" to="https://www.javacoolsoftware.com/"/>
</ruleset>

and one other for Blocklist.de

Code:

<ruleset name="Blocklist.de">
<target host="www.blocklist.de"/>
<rule from="^http://www\.blocklist\.de/" to="https://www.blocklist.de/"/>
</ruleset>

I'm still new to creating rules, but these two seem to be working just fine.

It would be really great if you could share your own rules as well... as long as you're not breaking your own privacy...


I just thought someone could benefit from these additional rules.

[m00nbl00d]

So, I take it no one likes to share? Not even open-source apologists? (Just kidding. But, I had to say it. )

Anyway, here's another for Norton SafeWeb:

Code:

<ruleset name="Norton SafeWeb">
<target host="safeweb.norton.com"/>
<rule from="^http://safeweb\.norton\.com/" to="https://safeweb.norton.com/"/>
</ruleset>

Unfortunately, not all .norton.com sub-domains work in https. Otherwise, *.norton.com would cover them all.

Considering I got no Norton.com account, I don't know what else will or won't work in https. So, I'm only doing it for Safe Web domain.

[Hungry Man]

I haven't created any rules yet, I just use whats' default lol otherwise I would share.

[m00nbl00d]

Quote:

Originally Posted by Hungry Man

I haven't created any rules yet, I just use whats' default lol otherwise I would share.

This actually brought something to my attention.

I noticed that some of my relatives banks have mixed content in their https version. I don't know exactly how the full authentication process is done, but I'd imagine the initial code to be introduced in the main page (https + http content). If it were like my bank, this is bad. I did manage to force my bank to change, by publically exposing them, though.

As a mere courtesy, I'll send my relatives bank support team an e-mail about it. Afterwards, is their choice whether or not to make the appropriate change.

[Escalader]

Gentlemen:

What in simple words is this service and database?

Does it clash with firewall logic? Who is behind it? How funded?

What does it do for users like me?

[m00nbl00d]

Quote:

Originally Posted by Escalader

Gentlemen:

What in simple words is this service and database?

Does it clash with firewall logic? Who is behind it? How funded?

What does it do for users like me?

HTTPS Everywhere is an extension that is available for Firefox (has been for a long time) and recently became available for Chrome.

It has a huge database of domains that have an https version, even though those website won't redirect you automatically to the https version. HTTPS Everywhere will force that redirection.

Nothing is perfect, and therefore it may lack services/websites that we happen to use or may happen to come across with, and so we won't be redirected to https.

Which is why I thought of starting this thread to share our own rules, so that we can increase our own database.

Anyway, you can find more about the extension in https://www.eff.org

[Hungry Man]

It's just a massive list of websites that support HTTPS and your browser looks at it and automatically sends you to the HTTPS version of the site.

[Escalader]

Quote:

Originally Posted by Hungry Man

It's just a massive list of websites that support HTTPS and your browser looks at it and automatically sends you to the HTTPS version of the site.

It seems that if I use IE9 then I can't exploit it?

[Hungry Man]

I don't know anything about IE extensions, there may or may not be one.

[Escalader]

Quote:

Originally Posted by Hungry Man

I don't know anything about IE extensions, there may or may not be one.

Did a search on IE 9 extensions and ad ons they exist but not this HTTPS Everywhere.

On the site they only mention FF and chrome.

[funkydude]

Quote:

Originally Posted by Escalader

Did a search on IE 9 extensions and ad ons they exist but not this HTTPS Everywhere.

On the site they only mention FF and chrome.

No there is no HTTPS Everywhere for IE9. The only choice for IE is to use the https version of the DuckDuckGo search engine which will give you the https version of websites rather than the standard http version.

To those who use it, does https everywhere slow down your browsing?

[Hungry Man]

Not for me. I notice 0 difference. For some people/ websites it might though. Most of the encryption for SSL is AES iirc or at least some form of symmetric encryption.

You're all using Chrome, right? Firefox has an add-on HTTPS Finder 0.85 that is designed to go along with HTTPS Everywhere and create rules for both.

I'm installing them both right now. Anyone else given them a test drive?

[m00nbl00d]

Please, be aware that OpenVPN HTTPS Everywhere rule is not working. This is what I have in the original rule, for Google Chrome's extension:

Code:

<ruleset name="OpenVPN">
  <target host="openvpn.net" />
  <target host="www.openvpn.net" />

  <securecookie host="^(www\.)?openvpn\.net$" name=".*"/>

  <rule from="^http://(?:www\.)?openvpn\.net/" to="https://www.openvpn.net/"/>
</ruleset>

As you can see it forces from *.openvpn.net to www. openvpn. net. It doesn't work.

This is my rule:

Code:

<ruleset name="OpenVPN (My rule)">
<target host="openvpn.net"/>
<rule from="^http://openvpn\.net/" to="https://openvpn.net/"/>
<securecookie host="^openvpn\.net$" name=".*"/>
</ruleset>

You should copy and past the above to a text file, and save it as OpenVPN.net.xml (save as *.xml extension). Then copy and paste the file to HTTPS Everywhere folder > rules. Then, in HTTPS Everywhere folder, there's a file called rule_list.js. Open the file with Notepad, and add the following to the end of the file, before ,];:

"rules/OpenVPN.net.xml"

You should then restart the web browser, for the rule to be applied.

Do not replace the previous OpenVPN rule, otherwise a future update, that may not have it fixed, will overwrite it.

[m00nbl00d]

-edit-

You should also remove the entry "rules/OpenVPN.xml" from the file rule_list.js.

[m00nbl00d]

A new HTTPS Everywhere version for Google Chrome came out, and now the way rules are done changed a bit. So, I'm reworking them, and for now I've done one.

You'll find a file named default.rulesets in \Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2012.5.1_0\rules.

You need to edit that file, and add your own entries at the very bottom (for convenience), before </rulesetlibrary>.

The first new rule is for Abine, the creators of Do Not Track Plus, and IE9 TPLs.

They have these domains: "abine.com", "www.abine.com", "getabine.com" and "www.getabine.com". So, I've created a new and optimized rule to redirect all of them to "www.abine.com", over https.

Code:

<ruleset f="abine.com.xml" name="abine.com"><target host="abine.com"/><target host="www.abine.com"/><target host="getabine.com"/><target host="www.getabine.com"/><rule from="^http://(www\.)?(abine|getabine)\.com/" to="https://www.abine.com/"/></ruleset>

Hope it will be useful to somebody.

[m00nbl00d]

Be aware that there's a mistake in Malwarebyte's default rule.

The original/default rule is the following one:

Code:

<ruleset f="Malwarebytes.xml" name="Malwarebytes"><target host="*.malwarebytes.org"/><exclusion pattern="^http://(www\.)?malwarebytes\."/><target host="*.static.malwarebytes.org"/><target host="*.cdn.static.malwarebytes.org"/><securecookie host="^(.*\.)?malwarebytes\.org$" name=".*"/><rule from="^http://(?:\w+\.((static-)?cdn\.)?)?static\.malwarebytes\.org/" to="https://static.malwarebytes.org/"/><rule from="^http://(store\.|forums\.)?malwarebytes\.com/" to="https://$1malwarebytes.com/"/></ruleset>

Notice the last two .malwarebytes.com? Well, it obviously needs to end with .org, not .com.

So, it should be as follows:

Code:

<ruleset f="Malwarebytes.xml" name="Malwarebytes"><target host="*.malwarebytes.org"/><exclusion pattern="^http://(www\.)?malwarebytes\."/><target host="*.static.malwarebytes.org"/><target host="*.cdn.static.malwarebytes.org"/><securecookie host="^(.*\.)?malwarebytes\.org$" name=".*"/><rule from="^http://(?:\w+\.((static-)?cdn\.)?)?static\.malwarebytes\.org/" to="https://static.malwarebytes.org/"/><rule from="^http://(store\.|forums\.)?malwarebytes\.org/" to="https://$1malwarebytes.org/"/></ruleset>