CheckMyHTTPS

CheckMyHTTPS is a method allowing the verification (check) that your secured web connections ('HTTPS' protocol) are not intercepted (neither decrypted, nor listened, nor modified).

What is CheckMyHTTPS?

CheckMyHTTPS is a Firefox add-on that allows you to verify the security of your HTTPS connections. It checks if your connections are compromised or at risk of interception, modification or listening. Protect your online privacy with CheckMyHTTPS.

Download

Stats

By: CheckMyHTTPS Team

View on Firefox Browser Add-ons

Users: 236 ▼ -8

Rating: 4.33 (9)

Version: 5.7.1 (Last updated: 2024-02-04)

Creation date: 2016-01-03

Weekly download count: 4

Firefox on Android: No

Risk impact: High risk impact

Risk likelihood: Moderate risk likelihood

Manifest version: 2

Permissions:

notifications
storage
tabs
webRequest
webRequestBlocking
*://*/*

Size: 62.05K

Email: in*****@checkmyhttps.net

URLs: Website ,Privacy policy

Stats date:

Chrome-Stats Rank

# 6218 ▼ 71

Other rankings

#92 in modify keyword 19 ▼ 1

#97 in receive keyword 16 ▼ 2

#145 in connection keyword 25 ▲ 1

#163 in checker keyword 45 ▲ 2

#167 in connect keyword 25 ▼ 4

Upgrade to see more rankings

Other platforms

Not available on Chrome

Not available on Edge

Want to check extension ranking and stats more quickly for other Firefox add-ons? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Firefox Browser Add-ons.

Summary

Analyze keywords

When browsing on secured sites ("https://..." websites), you can check the security status by clicking on the extension icon (check).

The icon is green : your connection is not compromised;
The icon is red : your connection is considered very risky (hijacked, modified, listened);
The icon is blue : the verification is impossible (check server is unreachable, web site is whitelisted);
The icon is gray : the verification is in progress.

Technical details : Normally, before encrypting an HTTPS connection, a secure website must prove its identity to your browser by sending it its security certificate. This certificate can be considered as an identity card issued by higher authorities (Certificate Authorities). There are several techniques of usurpation based on false certificates (false identity cards) or homographers (false names) to make you believe that a "pirate" site is the legitimate site you think you are visiting. These techniques allow pirate sites to retrieve your private information. CheckMyHTTPS allows you to detect this type of practice, which can be implemented on open networks (WiFi in hotels, conference centers, stations, etc.) or even within your company via its firewall (SSL inspection). To detect this, the extension compares the certificate of the visited site that is received by your browser with the same certificate retrieved by an external "verification server" located on the Internet. If the certificates differ, the identity of the server can be considered as usurped (red icon).

Respect for privacy?

The CheckMyHTTPS extension requires only two parameters : The name of the visited website and the certificate received from it; The external "verification server" only receives the name of the visited website. If you want, you can make this "verification server" yourself.

All explanations are detailed on the project website : checkmyhttps.net.

User reviews

** Major trust issue alert ** The add-on reports that it now has a compromised back end service API. You may now see an error "This public key does not match the one required by the server" within the add-on about:addons config screen. I have tried this on multiple computers, same catastrophic security error. The public key no longer matches the expected API key. This add-on normally sends all your website URLs to a back end server that the developer hosts free of charge (how "generous"... hmmm). Notwithstanding this suspicious setup which is funded "some how", this error would indicate their server has been compromised. Someone else is now hoovering up all your URLs, maybe the CIA, FBI, MI5, Mossad... who knows. Also, https://www.ssllabs.com/ssltest/analyze.html?d=checkmyhttps.net suggests the server's certificate chain is incomplete. which is odd. The Public key you should see in the add-on.. -----BEGIN PUBLIC KEY-----MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvPk7sw/smaqXrF+glR1ibe/AjaxTnUCVwYJ+iSYxizBl5n42RGRaxhbbkJuM9esnFJd74bb9Uv5oM5rZWtSOsedr49uY237V5C3z0PPSYPaJD290bJzwK4bOZim9cr8DT25KhRj5WoXbnuULVLAE5DO55nUbhp51HisOUsZwtYNEE53D8Ev8wX2iwzAx4X0E2KvVpoyI23u4UVFdQxUJGVzI7Bs8OQyzFJBhalEjaylK3gDNDMFF3reNGgIEPIMIs9I6bUaOgaQsT/b65SR9qxWyrOrQcYl42y8mpC7SN+8zPnxUuRQgIgvR1VDThJVf5+pRi+phPLaX5exEkoDZISU8UiCquAfd0dgjNzo/wUvSykkJvAZHNtkn5kNeVE/cOYFw8jWZfX7oe2Gy5CGk83abNDpkpdvDpDJwHA8oP8q/0Wzd1EJkGyPfr79eEwtUEblWXaYvVPrvcrBkuex0F1MMQJ82WtAwP7DtwEvkHDezuMyjK2jO0cxcYfXh1mjuTRYuCZ4fdvVUpIyoDo8gMoWqP4U0RmOXjG7GoqVVH89aFxtMYmXWolL08sYSOBG2R3sD/kMQq2I++DpDyxtX8cxDdBxXrh+PNQTOLbuuQIesn/MTHSHMo8bHDVsooEVrgGDIad2/AK2seihhVMsj17aoSfDrFx7OQi+0BmiZKzsCAwEAAQ==-----END PUBLIC KEY-----

by Firefox user 18241984, 2024-01-15

View all user reviews

Safety

Risk impact

CheckMyHTTPS is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this add-on. Review carefully before installing. We recommend that you only install CheckMyHTTPS if you trust the publisher.

Risk likelihood

CheckMyHTTPS is probably trust-worthy. Prefer other publishers if available. Exercise caution when installing this add-on.

Upgrade to see risk analysis details