Skip to content
Permalink
Browse files

Make Facebook/Twitter/Google handlers request over HTTPS

 * This will make Firesheep requests of Facebook, Twitter, and Google encrypted, as to prevent the additional leaking of information.
 * Should also break how Firesheperd and Blacksheep currently detect Firesheep based on Facebook requests (though it's still certainly possible to detect and mess with it)
  • Loading branch information...
craSH committed Nov 18, 2010
1 parent ea1130b commit 9285c61689518d1e798d255d65e0eebcdc9ad725
Showing with 7 additions and 4 deletions.
  1. +3 −2 xpi/handlers/facebook.js
  2. +1 −1 xpi/handlers/google.js
  3. +3 −1 xpi/handlers/twitter.js
@@ -1,8 +1,9 @@
// Authors:
// Eric Butler <eric@codebutler.com>
// Ian Gallagher <crash@neg9.org>
register({
name: 'Facebook',
url: 'http://www.facebook.com/home.php',
url: 'https://www.facebook.com/home.php',
domains: [ 'facebook.com' ],
sessionCookieNames: [ 'xs', 'c_user', 'sid' ],

@@ -11,4 +12,4 @@ register({
this.userName = resp.body.querySelector('#navAccountName').innerHTML;
this.userAvatar = resp.body.querySelector('#navAccountPic img').src;
}
});
});
@@ -18,7 +18,7 @@ register({
// Grab avatar from Google Profiles page, if they have one
var avatar_element;
try {
var profile = this.httpGet('http://www.google.com/profiles/me');
var profile = this.httpGet('https://www.google.com/profiles/me');
avatar_element = profile.body.querySelector('.ll_profilephoto.photo');
}
catch(err) {
@@ -1,9 +1,11 @@
// Authors:
// Eric Butler <eric@codebutler.com>
// Ian Gallagher <crash@neg9.org>
Components.utils.import('resource://firesheep/util/RailsHelper.js');

register({
name: 'Twitter',
url: 'https://twitter.com/',
domains: [ 'twitter.com' ],
sessionCookieNames: [ '_twitter_sess', 'auth_token' ],

@@ -33,4 +35,4 @@ register({
this.userAvatar = resp.body.querySelector('#profile-image img').src;
}
}
});
});

1 comment on commit 9285c61

@hrbrmstr

This comment has been minimized.

Copy link

commented on 9285c61 Jan 21, 2011

Facebook changed session key name(s). Now "datr", "c_user", "lu", "sct"

Please sign in to comment.
You can’t perform that action at this time.