Greasemonkey script to block Gmail cookie-theft attacks
Ryan Naraine of ZDNet points out a Greasemonkey script that blocks Gmail cookie-theft attacks. The script can be downloaded here, and it redirects Gmail to use a "secure" HTTPS connection. You can modify the script to @include redirect any site that has HTTP or HTTPS to use HTTPS by default.
The meat of the script is just a couple lines:
@include http://mail.google.com/* location.href = location.href.replace(/^http:/, 'https:');blog comments powered by Disqus