[Name TBD]
Helps to keep users information secure by monitoring the certificate information websites that the users enter sensitive infomation into and warning users about websites that they have previously deemed unsafe.
HTML, CSS, JavaScript
Content of the extension popup
Styling of the extension popup
Most functions related to the extension (like adding/removing sites from sensitive/unsafe lists, etc).
Mostly used to communicate back and forth with popup.js to provide crucial information like CA (certificate authority) info, blocking websites, etc. Some functions that cannot be performed by popup.js (or are too complicated to implement) are performed here.
It has CSS styling that is injected to a webpage (by background.js). This CSS styling “blocks” the website by creating an overlay over the website (i.e. users will be clicking the overlay instead of the website, getting no response).
When users visit a website where they are entering sensitive information, like a banking website, they can mark the site as sensitive. The next time that they visit the website, must click on the extension to make sure that they are on the correct website and the websites' certificate is unchanged. The website will be blocked until they click on the extension.
When the user visits a site that they suspect is unsafe, due to phishing or some other reason, they mark it as unsafe. Upon subsequent visits to the site, the page will be blocked until the user clicks on the extension and then confirms their acknowledgement of the risks of accessing an unsafe site.
The settings includes the following features (more to be added):
- View list of sensitive sites
- Remove sites from list
- Manually add site by url
- View list of unsafe sites
- Remove sites from list
- Manually add site by url
The user will be randomly tested while they are using the extension. To do this testing, we change one of the characters in the domain name of the website and ask the user if they still trust the website. If they answer correctly, 10 points will be added. If they answer incorrectly, 5 points will be reduced. The message of the game is still in the making.
When a website has an extended validation (EV) certificate, there is a checkmark that is displayed next to the root domain in the extension. If a website changes from an EV certificate to an organization or domain certificate (which both require less information and are easier to fake), there is a warning message given to the user.
- Revamp visuals
- Revamp text
- Connect to database to collect results
- Complete necessary steps to get extension added to Firefox extension store
- TypeError exception thrown in popup.js on line 388, message "can't access dead object"
- Download project from GitHub repository
- Open firefox browser and type [about:debugging] (about:debugging) into the address bar
- On the left side, click on "This Firefox"
- Under "Temporary Instructions" click "Load Temporary Add-on..."
- Navigate to the project folder and open "pki-extension/extension-trial/manifest.json"
- Extension has been loaded!
To use the extension, click on the puzzle piece in the Firefix toolbar (upper right side), and click on PKI-extension. Optionally, you can right click on the extension and "pin to toolbar" so that it appear next to the puzzle piece.
In the about:debugging page, next to the extension name, click the "Inspect" button. Keeping the Inspect tab open as you use the extension allows you to view all errors and logs, as well as set up breakpoints to watch the code run line by line.
##Firefox Developers Edition-
- Download and install Firefox Developer Edition on your device.
- Go to about:config and change xpinstall.signatures.required to false.
- Compress the extension files into a .zip file (make sure manifest.json is at the root).
- Go to about:addons, and choose the Install Add-on from file option, choose the .zip file created in the previous step.
- The extension is now installed permanently on the developer edition browser and can be accessed through the toolbar.