HTTPS Everywhere rules sharing

Discussion in 'other software & services' started by m00nbl00d, Mar 27, 2012.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I'm wondering what you folks would think of sharing rules for HTTPS Everywhere, for services that may not be in the database yet?

    We could later on send it to the HTTPS Everywhere service.

    I'm lazy... so I only created two so far... I got a list of domains to create rules for, though... for about a month or so... yep... lazy. lol

    I've created one for Spywareblaster's website:

    Code:
    <ruleset name="Javacool Software">
    <target host="www.javacoolsoftware.com"/>
    <rule from="^http://www\.javacoolsoftware\.com/" to="https://www.javacoolsoftware.com/"/>
    </ruleset>
    and one other for Blocklist.de

    Code:
    <ruleset name="Blocklist.de">
    <target host="www.blocklist.de"/>
    <rule from="^http://www\.blocklist\.de/" to="https://www.blocklist.de/"/>
    </ruleset>
    
    I'm still new to creating rules, but these two seem to be working just fine. :D

    It would be really great if you could share your own rules as well... as long as you're not breaking your own privacy... :D


    I just thought someone could benefit from these additional rules. :thumb:
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    So, I take it no one likes to share? :D Not even open-source apologists? :eek: :D (Just kidding. But, I had to say it. :p)

    Anyway, here's another for Norton SafeWeb:

    Code:
    <ruleset name="Norton SafeWeb">
    <target host="safeweb.norton.com"/>
    <rule from="^http://safeweb\.norton\.com/" to="https://safeweb.norton.com/"/>
    </ruleset>
    
    Unfortunately, not all .norton.com sub-domains work in https. Otherwise, *.norton.com would cover them all.

    Considering I got no Norton.com account, I don't know what else will or won't work in https. So, I'm only doing it for Safe Web domain.
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I haven't created any rules yet, I just use whats' default lol otherwise I would share.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    This actually brought something to my attention.

    I noticed that some of my relatives banks have mixed content in their https version. I don't know exactly how the full authentication process is done, but I'd imagine the initial code to be introduced in the main page (https + http content). If it were like my bank, this is bad. I did manage to force my bank to change, by publically exposing them, though.

    As a mere courtesy, I'll send my relatives bank support team an e-mail about it. Afterwards, is their choice whether or not to make the appropriate change.

    o_O
     
  5. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Gentlemen:

    What in simple words is this service and database?

    Does it clash with firewall logic? Who is behind it? How funded?

    What does it do for users like me?
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    HTTPS Everywhere is an extension that is available for Firefox (has been for a long time) and recently became available for Chrome.

    It has a huge database of domains that have an https version, even though those website won't redirect you automatically to the https version. HTTPS Everywhere will force that redirection.

    Nothing is perfect, and therefore it may lack services/websites that we happen to use or may happen to come across with, and so we won't be redirected to https.

    Which is why I thought of starting this thread to share our own rules, so that we can increase our own database. :D

    Anyway, you can find more about the extension in https://www.eff.org
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    It's just a massive list of websites that support HTTPS and your browser looks at it and automatically sends you to the HTTPS version of the site.
     
  8. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    It seems that if I use IE9 then I can't exploit it?
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I don't know anything about IE extensions, there may or may not be one.
     
  10. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Did a search on IE 9 extensions and ad ons they exist but not this HTTPS Everywhere.

    On the site they only mention FF and chrome.
     
  11. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    No there is no HTTPS Everywhere for IE9. The only choice for IE is to use the https version of the DuckDuckGo search engine which will give you the https version of websites rather than the standard http version.
     
  12. BrandiCandi

    BrandiCandi Guest

    To those who use it, does https everywhere slow down your browsing?
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Not for me. I notice 0 difference. For some people/ websites it might though. Most of the encryption for SSL is AES iirc or at least some form of symmetric encryption.
     
  14. BrandiCandi

    BrandiCandi Guest

    You're all using Chrome, right? Firefox has an add-on HTTPS Finder 0.85 that is designed to go along with HTTPS Everywhere and create rules for both.

    I'm installing them both right now. Anyone else given them a test drive?
     
  15. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Please, be aware that OpenVPN HTTPS Everywhere rule is not working. This is what I have in the original rule, for Google Chrome's extension:

    Code:
    <ruleset name="OpenVPN">
      <target host="openvpn.net" />
      <target host="www.openvpn.net" />
    
      <securecookie host="^(www\.)?openvpn\.net$" name=".*"/>
    
      <rule from="^http://(?:www\.)?openvpn\.net/" to="https://www.openvpn.net/"/>
    </ruleset>
    
    As you can see it forces from *.openvpn.net to www. openvpn. net. It doesn't work.

    This is my rule:

    Code:
    <ruleset name="OpenVPN (My rule)">
    <target host="openvpn.net"/>
    <rule from="^http://openvpn\.net/" to="https://openvpn.net/"/>
    <securecookie host="^openvpn\.net$" name=".*"/>
    </ruleset>
    
    You should copy and past the above to a text file, and save it as OpenVPN.net.xml (save as *.xml extension). Then copy and paste the file to HTTPS Everywhere folder > rules. Then, in HTTPS Everywhere folder, there's a file called rule_list.js. Open the file with Notepad, and add the following to the end of the file, before ,];:

    "rules/OpenVPN.net.xml"

    You should then restart the web browser, for the rule to be applied.

    Do not replace the previous OpenVPN rule, otherwise a future update, that may not have it fixed, will overwrite it.
     
  16. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    -edit-

    You should also remove the entry "rules/OpenVPN.xml" from the file rule_list.js.
     
  17. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    A new HTTPS Everywhere version for Google Chrome came out, and now the way rules are done changed a bit. So, I'm reworking them, and for now I've done one.

    You'll find a file named default.rulesets in \Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2012.5.1_0\rules.

    You need to edit that file, and add your own entries at the very bottom (for convenience), before </rulesetlibrary>.

    The first new rule is for Abine, the creators of Do Not Track Plus, and IE9 TPLs.

    They have these domains: "abine.com", "www.abine.com", "getabine.com" and "www.getabine.com". So, I've created a new and optimized rule to redirect all of them to "www.abine.com", over https.

    Code:
    <ruleset f="abine.com.xml" name="abine.com"><target host="abine.com"/><target host="www.abine.com"/><target host="getabine.com"/><target host="www.getabine.com"/><rule from="^http://(www\.)?(abine|getabine)\.com/" to="https://www.abine.com/"/></ruleset>
    
    Hope it will be useful to somebody. :D :thumb:
     
    Last edited: May 2, 2012
  18. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Be aware that there's a mistake in Malwarebyte's default rule.

    The original/default rule is the following one:

    Code:
    <ruleset f="Malwarebytes.xml" name="Malwarebytes"><target host="*.malwarebytes.org"/><exclusion pattern="^http://(www\.)?malwarebytes\."/><target host="*.static.malwarebytes.org"/><target host="*.cdn.static.malwarebytes.org"/><securecookie host="^(.*\.)?malwarebytes\.org$" name=".*"/><rule from="^http://(?:\w+\.((static-)?cdn\.)?)?static\.malwarebytes\.org/" to="https://static.malwarebytes.org/"/><rule from="^http://(store\.|forums\.)?malwarebytes\.com/" to="https://$1malwarebytes.com/"/></ruleset>
    
    Notice the last two .malwarebytes.com? Well, it obviously needs to end with .org, not .com.

    So, it should be as follows:

    Code:
    <ruleset f="Malwarebytes.xml" name="Malwarebytes"><target host="*.malwarebytes.org"/><exclusion pattern="^http://(www\.)?malwarebytes\."/><target host="*.static.malwarebytes.org"/><target host="*.cdn.static.malwarebytes.org"/><securecookie host="^(.*\.)?malwarebytes\.org$" name=".*"/><rule from="^http://(?:\w+\.((static-)?cdn\.)?)?static\.malwarebytes\.org/" to="https://static.malwarebytes.org/"/><rule from="^http://(store\.|forums\.)?malwarebytes\.org/" to="https://$1malwarebytes.org/"/></ruleset>
    
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.