Pin Patrol: list Firefox HSTS and HPKP log
Pin Patrol is a free browser extension for the Firefox web browser that lists the HSTS and HPKP log the browser maintains.
We talked about HTTP Strict Transport (HSTS) and HTTP Public Key Pinning (HPKP) before here on Ghacks.
The two security features that are part of Firefox improve how Firefox handles secure connections. Without going into too many details. HSTS blocks insecure connections to sites if a web server instructed Firefox on first connect to do so.
HPKP on the other hand has been designed to block impersonation attacks by only accepting a list of public keys that the web server provided on first connect.
Both methods have in common that they require an initial connect to a server, and that they keep the information stored in a log file on the local system.
Pin Patrol is a free browser add-on for Firefox that lists all domains that Firefox has stored HSTS or HPKP information for.
While you may access the information manually as well, by opening the file SiteSecurityServiceState.txt located in the main Firefox profile folder, it presents the list in a readable format directly in the browser.
Granted, if you just need to check the contents from time to time, you may not need the add-on for that. Also, if you delete all browsing data regularly, there is little need to pay close attention to it.
Pin Patrol lists all HSTS and HPKP domains known to Firefox in a table format when you click on the extension icon.
The main benefit of using the extension, apart from being able to display the data directly in Firefox, is that it displays it in a readable format.
Information provided include the full domain name, whether HSTS or HPKP are stored, a score, data, expiration time, security property information, subdomain and HPKP pins.
The score is a value set by Firefox which increases by one for every 24 hour period the domain is visited.
The extension lists a search at the top that you may use to find specific information. Unfortunately, Pin Patrol does not offer any options to delete entries right from within the extension's interface.
Pin Patrol makes Firefox's HSTS and HPKP logs accessible in the browser. That's handy for a quick check of the log, or making sure that a web server delivers correct information.