So this morning I started looking into greasemonkey based on recommendations of a few friends. I found a few useful scripts and I think I may actually keep it around. I did actually take one script that seemed pretty limited and improved upon it.
If you use greasemonkey you might want to check this out. (I don’t know if this already exists–it certainly may–but here it is anyhow).
Ever notice how Google supports https but doesn’t require it on more than the login page? This script will require any available Google App that supports https to actually use https. Currently this supports:
GmailGoogle Docs
Google Reader
Google Calendar
if you know of any other Google Apps that support https for the session let me know and I’ll improve this. Enjoy. I also have an idea of maintaining a growing list of other sites that support but do not require https.
Download : GoogleSecure – GreaseMonkey
Have a look at http://userscripts.org/scripts/review/5951, which is also based on Mark Pilgrim’s script and adds in a couple of extra subdomains.
Just a note: CustomizeGoogle is an extension that subsumes this functionality. It also has a bunch of other neat stuff 🙂
How does this effect the speed of the Google apps?
LaserJock – initial load time might be a few seconds more as it may start loading the insecure and then redirect and reload the secure, but after that point it’s business as usual.
Maintaining an encrypted session is more important now than ever.
There was a Defcon presentation this year showing that by sniffing cookies from unencrypted portions of sessions, an attacker can assume your identity at a web service. The presenter actually did this on stage, hijacking the GMail credentials of someone in the audience who was checking their GMail account.