Turn Firefox into a Security Information Powerhouse - gHacks Tech News

Turn Firefox into a Security Information Powerhouse

The majority of things that happen when you load a website in your browser of choice happen in the background. Unless you have installed security extensions in the browser or software on the system, you may be completely unaware of the connections that are initiated when a page is loaded in the browser.

While you can check that manually using the browser's developer tools (hit F12 and switch to network for that), it is only displaying information to you while the page is loading.

The Firefox web browser is probably the browser with the best selection of extensions that provide you with security information, often before you connect to a website.

This guide provides you with a list of extensions that you may want to consider for that.

Tip: Check out our Firefox security and privacy guide, and the security part of our list of best Firefox add-ons.

The extensions

Site Identity Button Colors

site identity colors

The add-on brings back colored site indicators to distinguish visually on first glance between verified domains, identities and mixed content sites.

Site Identity Button Colors uses Mozilla's own pre-Firefox 15 color scheme by default. You may change that to stronger colors in the add-on options.

SSL Sleuth

ssl sleuth

The Firefox add-on ranks SSL connections based on how strong they are. It provides you with a summary of important connection parameters such as the cipher suite, the SSL/TLS version or the certificate.

The rating itself is displayed in Firefox's address bar automatically. You may also use it to disable RC4 suites and non PFS / non RC4 suites globally in the browser which may improve the strength of the connection but may cause connection issues on some sites.

Passive Recon

passive recon

The add-on provides you with tools to look-up link or site information without visiting the site in question.

Just right-click on any link in Firefox and select a service or tool listed in the Passive Recon menu to run the query.

You may look up DNS, IP and Whois information for instance, run various Google searches, check mail servers or generate a site report on Netcraft.

While you can do so manually as well, Privacy Recon makes it a lot easier to perform these operations, especially if you run them regularly in the browser.

Web of Trust

web of trust

The extension ranks a website's trustworthiness and child safety both in Firefox's interface but also in search engine results.

The rankings are powered by the Web of Trust community and third-party sources. While that works fine most of the time, it may happen that sites that are not dangerous or untrustworthy get a bad reputation score due to the community focus of the service.

The options displays all sites that ratings are shown on. The list of sites includes the popular search engines Google Bing and Baidu, social sites like Facebook, and a bunch of other sites including Wikipedia, Yahoo and Reddit.

Safe Preview

safe preview

Safe Preview lists options to check links using several online services including Web of Trust, Google, Avast, DrWeb or Norton Safe Web.

To use it simply right-click on any link open in Firefox and select the "Is it safe" option from its context menu.

Secure or Not

secure links

The extension draws borders around all links on a web page you run it on highlighting secure links in green and insecure links in red.

This is especially useful on sites with web forms as it may not always be clear immediately if what you enter is submitted using a secure connection.

Connection-related extensions

Several Firefox add-ons list connections that are made to third-party servers when a page is loaded in the browser.

  • Lightbeam for Firefox - Lightbeam makes all connections in Firefox visible using graphs and list views.
  • NoScript Security Suite - NoScript blocks all scripts loaded by first and third-party connections. You are in full control of these connections and can enable and disable them as you see fit. The extension supports additional security-related features, including an option to look-up domains online, clickjacking protection or restrictions as to what untrusted sites may load.
  • Policeman - PoliceMan is a rules-based extensions that displays connections made by the browser. Unlike NoScript for instance, it supports rules based on content types and not only connections.
  • RequestPolicy - Puts you in control of cross-site requests made in Firefox. You may block or allow destinations, or simply list all connections made to third-party sites.
  • uMatrix - The add-on lets you manage connections made on pages you visit. It may be used to allow or block specific connections.

Misc extensions

These "smaller" extensions may prove useful as well.

  • FoxBleed - The extension checks whether websites you visit are affected by the Heartbleed vulnerability.
  • Site Check - The extension runs a site check scan on the Sucuri website which brings issues such as drive by downloads, social engineering attacks or phishing attempts to your attention.

Now You: Did we miss an add-on? Feel free to post suggestions in the comment section below.

Summary
Turn Firefox into a Security Information Powerhouse
Article Name
Turn Firefox into a Security Information Powerhouse
Description
A list of Firefox add-ons that add additional security capabilities to the web browser by displaying additional security-related information.
Author

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Pants said on May 26, 2015 at 1:36 pm
    Reply

    https://addons.mozilla.org/en-US/firefox/addon/cert-viewer-plus/ Steve Gibson from GRC gave it five stars – read his comment

    https://addons.mozilla.org/en-US/firefox/addon/foxmeter/

    https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/

    https://addons.mozilla.org/en-US/firefox/addon/cipherfox/

    some of these may be obsolete as dev console matures etc or replicate functionality already mentioned

  2. Wybo said on May 26, 2015 at 1:40 pm
    Reply

    Unfortunately Request Policy is not working with FF 38.0/38.01 :(

    So I use No Script, HTTPS Everywhere, Better Privacy, Flash Control, Privacy Badger and ZenMate for my privacy.
    Would be really interested to find out if that is a good mix ?. Thanks.

    I also use Ublock to block ads on some sites.

    1. Pants said on May 26, 2015 at 1:54 pm
      Reply

      Request Policy is working perfectly fine for me on 38.01

      1. Wybo said on May 26, 2015 at 5:13 pm
        Reply

        When I go to download page of Request Policy it says: “Not available for Firefox 38.0” and the add to FF button is greyed out!!

      2. ams said on May 27, 2015 at 6:33 am
        Reply

        NOT SPECIFIC TO “REQUEST POLICY” EXTENSION
        Instead of clicking “install” button at the addons.mozilla.org website, RIGHT-click and save the extension’s .xpi file.
        Rename the .xpi to .zip and extract the contents. Open the “install.rdf” in a text editor and find “maxVersion”.

        Edit the stated maxVersion value to your current ff version, then save the install.rdf and re-zip the extracted files.
        Change the archive file extension back to .xpi …drag the file into Firefox ( or use File-}Open in the firefox toobar ) and you will often discover that the extension still works perfectly for your ff version.

    2. Hy said on May 26, 2015 at 2:57 pm
      Reply

      I also couldn’t get Request Policy to install on Cyberfox 38, then I found this fork which continues it:

      https://addons.mozilla.org/en-US/firefox/addon/requestpolicy-continued/

      1. Wybo said on May 26, 2015 at 5:16 pm
        Reply

        Ah. Thanks for that. Indeed I can dl that one.

      2. Martin Brinkmann said on May 26, 2015 at 8:07 pm
        Reply

        Good point, I have added it to the list.

    3. Tom Hawack said on May 26, 2015 at 6:15 pm
      Reply

      uBlock can perform external calls filtering as RequestPolicy does. In fact after RequestPolicy and before uBlock appeared the add-on Policeman. Policeman is the closest to RequestPolicy with far more granularity and even than uBlock itself. RequestPolicy is IMO out of date, but if it runs correctly for the user then why not.

      1. Pants said on May 26, 2015 at 7:39 pm
        Reply

        I just thoroughly tested RequestPolicy on FF 38.01 and its doing exactly as it should. I know its been abandoned per se (I did try the fork but it was just terrible – screwed up my rules, terrible UI etc – total mess), and it’s going to totally break when e10s is implemented – so when I get time closer to the date, I’ll be testing out
        – Policeman
        – uBlock Origin (I read that uBlock was abandoned by the developer who forked to Origin?)
        – uMatrix – which in the last hour I installed and have been testing it out

        Just saying that as far as I can tell Request Policy is working, for me anyway. But totally want a supported replacement and to go with more rocks … no wait, I meant granite .. umm granularity .. that’s it, yeah .. granularity.

      2. ams said on May 27, 2015 at 6:18 am
        Reply

        @pants
        “it’s going to totally break when e10s is implemented”

        RPContinued version for e10s has been in development since last November & was recently merged into the “dev 1.0” branch
        https://github.com/RequestPolicyContinued/requestpolicy

    4. Zeus said on May 26, 2015 at 7:50 pm
      Reply

      From the Request Policy addon description:

      > RequestPolicy’s new version is under development as RequestPolicy Continued. Ultimately, I’d like RequestPolicy Continued to replace RequestPolicy.

      It links to here: https://requestpolicycontinued.github.io/

      I just installed it last night, and it seems to work okay.

  3. Nikki said on May 26, 2015 at 2:05 pm
    Reply

    Web of trust is a sham and thank you for promoting such unreliable Finnish service.

    1. Maelish said on May 26, 2015 at 3:14 pm
      Reply

      As far as I can tell, WOT is a waste of time. And wow does it slow down browser loads.

      1. Tom Hawack said on May 26, 2015 at 6:18 pm
        Reply

        I wouldn’t rely on WOT, hence install its add-on. But users’ comments regarding a site can be interesting.

    2. Pete said on May 26, 2015 at 3:44 pm
      Reply

      I agree. There have been lots of cases where the credibility of the rankings have been shot down. The rankings can be manipulated, like this article tells you:

      “While that works fine most of the time, it may happen that sites that are not dangerous or untrustworthy get a bad reputation score due to the community focus of the service.”

      Why recommend this crap?

    3. Pete said on May 26, 2015 at 3:46 pm
      Reply

      @Nikki: why did you have to mention Finland in this context? Is everything coming from Finland bad?

      1. Pants said on May 26, 2015 at 3:54 pm
        Reply

        at least you’ll always have The Dudesons :)

      2. Tom Hawack said on May 26, 2015 at 6:23 pm
        Reply

        I think he meant “it happens to be Finnish”, doesn’t mean it’s because it is Finnish. In fact I recall a lovely young lady back in young years studying in Lausanne : her hair was black like a Spanish, beautiful (until then I thought basic hair color was blond in all northern countries!)… Finished!

      3. Anonymous said on May 26, 2015 at 7:31 pm
        Reply

        @Tom Hawack

        Oh gawd .. why did you have to mention the Spanish … nobody expects the Spanish [Inquisition]

      4. Nebulus said on May 26, 2015 at 9:53 pm
        Reply

        I was wondering the same thing… I don’t like WoT, but what is the problem with it being Finnish??

    4. ams said on May 26, 2015 at 5:59 pm
      Reply

      WOT put a lot of technical effort into creating their service. Perhaps blame the users for polluting the ratings with inaccurate reports (people get PAID to conduct “competitor slander” campaigns, placing malicious ratings), misguided or (drunk?) reports (“dis site sux. i hate blue pages. yuk!”).

      From the outset, WOT staff included a Ph.D. who created, and incrementally refined, various “weighting” algorithms intended to thwart users attempting to game the ratings system. Although the cumulative result of the WOT ratings database is far from ideal, I don’t feel the development effort was entirely futile.

      1. Nebulus said on May 26, 2015 at 9:55 pm
        Reply

        They might’ve put a lot of efforts into it, but as long as you rely on users to do the work (i.e. identify the good/bad sites) there is no way you can have a reliable service.

  4. Richard Allen said on May 26, 2015 at 2:38 pm
    Reply

    Couple of these I hadn’t heard of before. Thank You Sir!

  5. ams said on May 26, 2015 at 6:01 pm
    Reply

    Martin, as a bullet point under “Connection related extensions”, policeman deserves a mention here
    https://www.ghacks.net/2014/10/19/policeman-is-a-rule-based-add-on-for-firefox-to-control-web-requests/

    1. Wybo said on May 27, 2015 at 4:05 pm
      Reply

      Thanks pants and ams for the mentioning of Policeman and links to RequestPolicy Continued. Umatrix seems to be for the advanced users. Which I am not. Cheers

  6. PhoneyVirus said on May 29, 2015 at 5:44 pm
    Reply

    Martin if no buddy said this to you yet, I’m going to and pretty much can for everyone else, you have to take it easy on the Firefox Add-ons and Firefox updates builds seriously man take a break. Since Q1 this years you must of covered wait let me go count them… ruffly 70+ Add-ons, way to much Firefox coverage. Your making a browser look like its becoming a operating system with no end in sight and with that its becoming relatively hard to click-on even though I know it has useful information its becoming hard. Even the Software nice to see you cut back on that, it feels like there no schedule in place, randomly more or less a war zone. You have to go through some anxiety doing all this writing because I can barely keep it together with all the hardware, software, operating systems etc not alone been a webmaster.

    Oh and you can forget about me clicking on anymore links in any Firefox article, with every link the anxiety level just increase, wow man wow, yes that was sarcasm with a 83% anxiety level.

    1. Gyffes said on June 4, 2015 at 3:59 pm
      Reply

      While you may have a valid point re: Martin’s extensive firefox coverage, your entire argument falls apart because you cannot spell.

      Body.
      Roughly.
      “too much”
      You’re.
      it’s (repeatedly)
      being.

      Feel free to stop clicking links to Firefox, and to stop commenting. It hurts to see the language gutted like that.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.