first commit

4 years ago · 91808391a9
8 changed files with 118 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,5 @@
+# HTTPS+ Checker
+
+The extension quickly check if the website has HSTS, HPKP, DANE / TLSA and DNSSEC.
+
+Based on personnal API.
--- a/httpspluschecker.zip
+++ b/httpspluschecker.zip
--- a/icon_x48.png
+++ b/icon_x48.png
--- a/icon_x96.png
+++ b/icon_x96.png
--- a/manifest.json
+++ b/manifest.json
@ -0,0 +1,24 @@
+{
+  "manifest_version": 2,
+  "name": "HTTPS+ Checker",
+  "version": "0.0.2",
+  "description": "Verification of security mechanisms complementary to HTTPS",
+  "permissions": [
+    "tabs",
+    "webRequest",
+    "<all_urls>"
+  ],
+  "browser_action": {
+    "default_title": "HTTPS+ Checker",
+    "default_icon": {
+      "48": "icon_x48.png",
+      "96": "icon_x96.png"
+    },
+    "default_popup": "popup/index.html"
+  },
+
+  "icons": {
+      "48": "icon_x48.png",
+      "96": "icon_x96.png"
+  }
+}
--- a/popup/dnssec.js
+++ b/popup/dnssec.js
@ -0,0 +1,37 @@
+
+var xhr = new XMLHttpRequest();
+
+browser.tabs.query({ active: true, lastFocusedWindow: true }).then(function(tab) {
+    const url = new URL(tab[0].url);
+    if (url.protocol === "http:" || url.protocol === "https:" ) {
+	    var host = url.hostname ;
+
+	    xhr.open('GET', 'https://httpspluschecker.virtit.fr/?domain=' + host, false);
+		xhr.send();
+
+
+		value = JSON.parse(xhr.responseText);
+
+		if (value['DNSSEC'] === true  ) {
+			document.getElementById("dnssec").className = "success";
+		} else {
+			document.getElementById("dnssec").className = "danger";	
+		}
+		if (value['DANE'] === true  ) {
+			document.getElementById("dane").className = "success";
+		} else {
+			document.getElementById("dane").className = "danger";
+		} 
+		if (value['HSTS'] === true  ) {
+			document.getElementById("hsts").className = "success";
+		} else {
+			document.getElementById("hsts").className = "danger";
+		} 
+		if (value['HPKP'] === true  ) {
+			document.getElementById("hpkp").className = "success";
+		} else {
+			document.getElementById("hpkp").className = "danger";
+		} 
+    }
+
+});
--- a/popup/index.html
+++ b/popup/index.html
@ -0,0 +1,21 @@
+<html>
+  <head>
+    <meta charset="utf-8">
+    <link rel="stylesheet" href=" style.css">
+    <script type="text/javascript" src="dnssec.js"></script>
+  </head>
+
+  <body>
+    <div class="title">HTTPS+ Checker</div>
+    <table align="center" ">
+      <tr>
+        <td id="hsts" class="loading"><a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security">HSTS</a></td>
+        <td id="hpkp" class="loading"><a href="https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning">HPKP</td>
+      </tr>
+      <tr>
+        <td id="dnssec" class="loading"><a href="https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions">DNSSEC</td>
+        <td id="dane" class="loading"><a href="https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities">DANE/TLSA</td>
+      </tr>
+    </table>
+  </body>
+</html>
--- a/popup/style.css
+++ b/popup/style.css
@ -0,0 +1,31 @@
+body {
+  width: 250px;
+}
+
+table, td, th {
+    border: 1px solid black;
+}
+table {
+    border-collapse: collapse;
+    width: 95%;
+}
+td {
+    height: 30px;
+    text-align: center;
+    vertical-align: center;
+    width: 50%;
+}
+.success {
+  background-color: #dff0d8;
+}
+.danger {
+  background-color: #f2dede;
+}
+.loading {
+  background-color: #fff2e6;
+}
+.title {
+  text-align: center;
+  font-weight: bold;
+  font-size: 18px;
+}