Tag Archives: firefox

Developer, How To, HTML

How to figure out the location where a form posts

Leave a comment

If you are trying to figure out where a form posts (for instance to see whether or not it submits information securely) and the post location isn’t readily view-able in the page source, here is how to do it:

Using Firefox, (download if necessary) open Firebug.

Download Firefox

Download Firebug

Hit Ctrl+Shift+C to open the console.

Switch to the Net tab and submit the form.  (The console window needs to be open before you hit submit.)

In the list window you should see a POST request with the endpoint and the complete information about the request including Headers, Post, Response, JSON, Cache, and Cookies.

You can copy the endpoint location by right clicking and selecting Copy Location.

Broken Encryption, How To

How to: Secure Firefox against Logjam

Leave a comment

Update: Firefox 39 was released on 7/2/15 with a fix for the logjam vulnerability (advisory on “logjam”). Use Firefox 39 or newer

Disable the following:

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

following are step by step instructions

How to: Secure Firefox against Logjam (until Firefox 39 is released)

Step 1:
Type “about:config” in the navigation bar

20150530-secure-firefox-logjam-step1

 

Step 2:
Continue through the warning screen by clicking “I’ll be careful, I promise!”

20150530-secure-firefox-logjam-step2

 

Step 3:
Search for “ssl3”

20150530-secure-firefox-logjam-step3

 

Step 4:
Disable the following (by double clicking or right clicking then “Toggle”)  Changes are saved automatically

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

20150530-secure-firefox-logjam-step4

 

Step 5:
Verify these cipher suites have been disabled

Quick: https://weakdh.org/

Before

20150530-secure-firefox-logjam-step0

After

20150530-secure-firefox-logjam-step5

 

Detailed: https://www.ssllabs.com/ssltest/viewMyClient.html

20150530-secure-firefox-logjam-ssltest-before

20150530-secure-firefox-logjam-ssltest-after

 

(h/t) http://techdows.com/2015/05/how-to-make-firefox-browser-safe-against-logjam-attack.html

Additional Information

Mozilla released (5/22/15) an add-on that changes these settings – https://addons.mozilla.org/mk/firefox/addon/disable-dhe/

Per Mozilla – Firefox 39 will include changes that will increase the minimum strength of keys to 1024 bits.

20150530-firefox-39

 

Content from Qualys licensed under a Creative Commons Attribution 3.0 License (http://creativecommons.org/licenses/by/3.0/us/).   Arrows and Before and After tags were added to screenshots of the original content.

Original content and screenshots on this page are licensed under a Creative Commons Attribution 3.0 License (http://creativecommons.org/licenses/by/3.0/us/)