Monday, October 25, 2010

Secure Facebook Browsing

It is common that most websites use HTTPS for user authentication and use HTTP for everything else. This leaves users vulnerable to Cookie Hijacking. Tools like Firesheep brought this to forefront. It lets someone in your network perform Cookie Hijacking of Facebook as simple as installing Firefox Extension.

The best way to avoid this hack is to completely use HTTPS when using Facebook but the way Facebook work, even if you go to https://www.facebook.com (Secure HTTPS page), all the links still point to http://www.facebook.com (unsecure HTTP page). This leaves Facebook users vulnerable to tools like FireSheep.

Here is a Firefox Extension I wrote to solve the same problem for Firefox. Every time user visits Facebook.com, all the requests are forced to go through HTTPS even if user starts with http://www.facebook.com