Skip to content

HelpAddonsHttpsinfoHttpsinfo

thc202 edited this page Jun 6, 2016 · 5 revisions

HTTPS Info Add-on

The HTTPS Info add-on is accessed via the context menu within the Sites Tree or History table. It displays a dialog in which various summary information is displayed regarding the target server's HTTPS configuration, and the offered SSL/TLS cipher suites.

General

The top portion of the dialog is devoted to general details of the SSL/TLS configuration. Such as:

  • Minimum Cipher Strength
  • Maximum Cipher Strength
  • Compression Support
  • BEAST Status (Vulnerable/Protected)
  • CRIME Status (Vulnerable/Protected)

If vulnerabilities are detected then Alerts are raised.

Cipher Suites

The bottom portion of the dialog is devoted to enumeration/listing of the specific Cipher Suites the target server offers, grouped by protocol (SSLv2, SSLv3, TLSv1, TLSv1.1, etc.). The "Determine Server Preference" button iterates through the list of available Cipher Suites in order to determine the order with which the server would "prefer" to select Cipher Suites.

Clone this wiki locally