no.
-
-
-
if you're looking into mitm detection: there's really no easy route. you can look for hpkp fails, but has pitfalls, too.
-
Obviously a MITM could replace the js even if it could, but it would make their lives much harder & foil the usual AV/ent crap.
-
Anyway, seems like this a feature we should be lobbying browser vendors for.
-
Lobby them to stop supporting interception via local certificate store for HPKP or at least add a way to opt-out.
- End of conversation
New conversation -
-
-
may be some creative possibilities to at least inspect via XHR/exts (https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/How_to_check_the_secruity_state_of_an_XMLHTTPRequest_over_SSL … -- scroll to bottom), also HTML5 ws
-
Uhg, why is it a restricted/privileged operation?
-
not sure. Similarly restricted in the draft TCP Sockets API (https://developer.mozilla.org/en-US/docs/Archive/B2G_OS/API/TPC_Socket_API …). You might be interested in noVNC wizardry
-
(noVNC uses websockets & canvas voodoo to emulate VNC, which some cloud providers use for HTML5 ssh). Always bet on the hackers.
End of conversation
New conversation -
-
-
No :(
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.