cschanaj / xhttpse2 Goto Github PK
View Code? Open in Web Editor NEWAutomatically generate HTTPS Everywhere ruleset
License: Apache License 2.0
Automatically generate HTTPS Everywhere ruleset
License: Apache License 2.0
Deduce the cause of #2 and fix it.
Missing correct .Different Content
implementation (Ref: https://github.com/EFForg/https-everywhere/blob/445df151702555218cda70aab9aff092f1bfd214/test/rules/src/https_everywhere_checker/metrics.py#L42)
libcurl verbose mode mess up stdout
when multi-threading is enabled (theoretically)
OpenSSL locking (now requires OpenSSL 1.1.0+)
Doxyfile, configure file, etc.
Pre-generated test data (Sublist3r output).
Figure out required CURL version.
Check HSTS preload for the domain prior to the requests. (won't fix, use https://hstspreload.com)
Automatically look for test URLs from downloaded pages.
Check and warn for HTTPS-Transprt-Security
header.
Sort domain internally without relying on Sublist3r if --sort
is enabled in the command line
No progress nor log messages.
A tool to check if cookies
are set for a subdomain, if HTTPS works on that domain without problem then add securecookie
for that subdomain, e.g. www,
ref https://stackoverflow.com/questions/5298187/is-it-possible-to-read-a-cookie-from-a-different-sub-domain-if-so-how
Some sites serve differently when using a browser and a headless client!!!
RT> Program terminated randomly when num-threads
is larger than one, especially for input file containing more than 80+ lines targets. The reason for this issue can be heap overflow (unconfirmed).
Temporary solution: setting 'num-threads' to 1 by default until this is fixed.
libcurl Thread Safety (https://curl.haxx.se/libcurl/c/threadsafe.html)
When using multiple threads you should set the CURLOPT_NOSIGNAL option to 1L for all handles.
xhttpse2 -
currently looks for a file called -
, instead of using STDIN as an input (xhttpse2 /dev/stdin
works).
Running xhttpse2 with this list consistently causes a pointer being freed was not allocated
error.
RT, while this program work relatively well. it is difficult to extend the functionalities.
Non-deterministic Test Results
HTTPSE_SECURE_FALLBACK
URL(s) | Type | Reference | Status |
---|---|---|---|
https://www.sfc.hk | EFForg/https-everywhere#8972 | ||
https://price.com.hk | EFForg/https-everywhere#8982 | ||
https://www.pixiv.net | |||
https://archive.am730.com.hk | P | EFForg/https-everywhere#8741 (review) | Pending Fix |
https://m.price.com.hk | N | EFForg/https-everywhere#8982 (review) | Pending Fix |
https://checkout.unicef.org.uk | N | EFForg/https-everywhere#9491 | Pending Fix |
https://golfdigest.com | N | EFForg/https-everywhere#9532 | Pending Fix |
HTTPSE_DIFFERENT_CONTENT
URL(s) | Type | Reference | Status |
---|---|---|---|
https://slack.sumome.com | |||
https://www.ttk-chita.ru | |||
https://secure.worldwildlife.org | P | EFForg/https-everywhere#9560 | Pending Fix |
https://habets.pp.se | P | Pending | Pending Fix |
https://flipbook.am730.com.hk | N | EFForg/https-everywhere#8741 (review) | Fixed 589fcfa |
https://support.unian.ua | N | Fixed 98eeb2b |
TODO Missing false positive examples.
HTTPSE_OK
Important There are in fact hosts which pass all the tests and exited with
HTTPSE_OK
but being problematic. They are likely having false-negative results from the above tests, mostlyHTTPSE_DIFFERENT_CONTENT
.
Deterministic Test Results
HTTPSE_SSL_INCOMPLETE_CERT_CHAIN
, See EFForg/https-everywhere#8964 (comment)
HTTPSE_MIXED_CONTENT
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.