This is a WebExtensions primarily built for Firefox. IT watches over the TLS certificates that websites present to you and warns when the certificate for a domain changes. If a new domain is encountered, its certificate is added to the local storage of this add-on. Future connections to that domain will check that the certificate is still the same as in the local storage.
The add-on icon can display three possible states:
This add-on can be a countermeasure to attacks where the attacker has a valid certificate for the attacked website. Changes to the certificate that the browser happily accepts can no longer go unnoticed. The goal of this countermeasure is simply to make the user aware that something has changed; user intervention is still required.
The certificate of a new domain is automatically added to the storage:
The certificate of a domain matches the one in storage:
The certificate of a domain differs from the one in storage:
The storage page shows information on the stored certificates:
This add-on requires the following permissions to function:
https://*/*
: Allows this add-on to run on all https connections.wss://*/*
: Allows this add-on to run on all wss connections (secure
web-worker connections).webRequest
: Allows to inspect network connections.webRequestBlocking
: Allows to modify network connections. Required to
retrieve security information (i.e. certificates).storage
: Allows to store data persistently. Used for settings and the
certificate storage.unlimitedStorage
: Disables all size restrictions on the storage size. This
may be necessary when over time a large amount of certificates is added to the
storage.Optional permissions that enable additional features:
tabs
: Access "privileged" parts of tabs. This is used to get the URL of
tabs. Required for the setting "check only certificates of page domain".This add-on is licensed under the
Apache License 2.0, see the
LICENSE
file.