In an earlier article on Technofriends, you learnt about Firesheep and how it can easily let layman do HTTP Session Hijacking. You also learnt about 2 Security Add-Ons which can help you protect yourself from Firesheep. In this article, you will learn how to configure Force-TLS, a Firefox Security Add-On.
Force – TLS when added to your Firefox browser will actually force the browser to establish a secure HTTPS connection to the websites that support it. In this article, I shall take you through simple steps of how to add Force- TLS add-on to Mozilla Firefox browser.
Installing Force-TLS Firefox Add-On
- Download Force-TLS from forcetls.sidstamm.com
- Open the Firefox browser. Click on Tools and select Add-ons from the drop-down menu.
- In the search box, key in “Force-TLS”. Click on the magnifying glass icon and let the system search for the downloaded Force-TLS software.
- Once the search is over, you will see the Force-TLS add-on listed below. Click on Add to Firefox button.
- Now, to install Force-TLS, click Install Now button.
- Once the installation is done, you will be asked to restart the Firefox browser.
- The Firefox browser will close and then re open with a dialog box confirming the installation of the Force-TLS add-on.
- Once you confirm, you will see a message ‘’1 new add-on has been installed”.
How to Configure Force-TLS Add On
- Now that Force TLS add-on is installed, you need to instruct it what site(s) need to force- establish a secure connection.
- For example, if you want to instruct Force- TLS to establish a secure connection with Facebook (www.facebook.com) , follow these steps.
- Open the Firefox browser. Click on Tools and then Force TLS Configuration from the drop-down menu.
- In the Address of the website box, enter www.facebook.com. Click on Add site.
- You will see a confirmation that Facebook.com is added to the list. In this manner, you can addother websites you wish to have a secure connection ( Note: The website you add must support the HTTPS feature to do this).
- Finally, you must verify if a continuous secure connection to Facebook.com is established from your Firefox browser.
- To do that, start accessing your Facebook account. You will notice that the website will start with “https” URL.
- Click on “Home”, “Profile” links on Facebook and you will see “https” instead of http. This way you can verify there is a continuous secure connection established.
Swetha Kalyanee contributed for this article, she is a Freelance Technical Writer (Information Technology) based in Chennai.
Follow me on Twitter at @vaibhav1981 Firefox, Firefox Add On, Firesheep, Force TLS, HTTP, HTTP Session Hijacking, HTTPS Everywhere, security, Session