8

Is there a simple way, maybe through a firefox plugin or something, to be able to tell which element on a webpage is breaking the HTTPS connection?

I've searched the source for any "http" and did not find any. I am thinking the root of the problem lies in a javascript file somewhere, but I was hoping to narrow it down easier than going line by line through all the javascript files.

Any simple solution or suggestions?

MultiDev
  • 10,389
  • 24
  • 81
  • 148
  • 3
    Have you tried firebug's net tab or google's dev tools network tab? – ScottE May 11 '12 at 12:07
  • +1 That would be an interesting developer feature ;-) – Ja͢ck May 11 '12 at 12:08
  • What do you mean "breaks"? As well as the tools @ScottE has mentioned, another one to consider is Fiddler. – Chris J May 11 '12 at 12:09
  • 1
    @ChrisJ: I'm pretty sure he wants to know which of his page elements is transferred via HTTP, thus "breaking" the HTTPS seal. – Joachim Sauer May 11 '12 at 12:11
  • @Jacohim - that's what I thought, but it's not really clear. How does the OP know that something is breaking? Is the browser giving him a warning (IE warns about mixed content, for example), or has the browser removed the SSL indicators from the website (e.g., not a green address bar, or something). Maybe all elements are SSL, but one is pulled back from a server that doesn't have a fully verifible certificate (browser gives a big "this site is untrsuted" box). – Chris J May 11 '12 at 12:16
  • @ Chris J: For example, in Opera you get the "lock" icon in the address bar. If something on the page was not sent over https, it goes away and you get the message that the site may be insecure. @ScottE: I'm checking out firebug's net tab now- looks very promising. Thanks. – MultiDev May 11 '12 at 12:20
  • possible duplicate of [Tools for finding Non SSL resources in web page (firebug like tool)](http://stackoverflow.com/questions/9200932/tools-for-finding-non-ssl-resources-in-web-page-firebug-like-tool) – Bruno May 11 '12 at 14:00

1 Answers1

4

I don't know about firefox, but Google Chrome shows all insecure content sources in console.

For example:

The page at https://mail.google.com/mail/u/0/?shva=1#inbox displayed insecure content from http://example.com.

Etc.

antyrat
  • 27,479
  • 9
  • 75
  • 76