Monday, October 25, 2010

Secure Facebook Browsing

It is common that most websites use HTTPS for user authentication and use HTTP for everything else. This leaves users vulnerable to Cookie Hijacking. Tools like Firesheep brought this to forefront. It lets someone in your network perform Cookie Hijacking of Facebook as simple as installing Firefox Extension.

The best way to avoid this hack is to completely use HTTPS when using Facebook but the way Facebook work, even if you go to (Secure HTTPS page), all the links still point to (unsecure HTTP page). This leaves Facebook users vulnerable to tools like FireSheep.

Here is a Firefox Extension I wrote to solve the same problem for Firefox. Every time user visits, all the requests are forced to go through HTTPS even if user starts with