Closed Bug 472073 Opened 17 years ago Closed 17 years ago

see uncrypted ssl commication using" ieinspector httpanalyzer" http sniffer

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: nicolas, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 (.NET CLR 3.5.30729) When I sniff https communication between firefow and the internet with IEInspector HttpAnalyzer, I can see not crypted data. Reproducible: Always Steps to Reproduce: 1. Launch HTTPANalyser -> Select a running process -> firefox 2. Goto any https site ex: gmail Actual Results: You can view the entire clear transmission in HTTPANalyser. Expected Results: Transmission must appear crypted ! Maybe not directly a bug in firefox. But this kind of software must not be able to see ssl crypted communication. A loophole in the ssl connexion management ?
Are you actually going to https://gmail.com? Gmail has a bad habit of swapping back to HTTP. You should go into your preferences and make sure the option is set to make Gmail only use HTTPS.
Something that is installed on your system can do everything that it wants to do. That shouldn't be surprising for you. Does this tool install a Firefox addon (look in tools/addons) ?
Finally true only with gmail. Gmail's SSL sucks. Bug is not one. Closed.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.