Accessing HTTPS sites using Firefox [solved]

[diablo]

I am having problems accessing secure web sites - e.g. my on line bank - from Mozilla Firefox. I can access it using IE, or if I switch off the Web Shield in Avast. I can also access it if I route through a remote SSH proxy, presumably this bypasses the virus detection altogether.

I am using Windows XP pro, and Kerio 4 firewall.

Is this a common problem?

Diablo

[sded]

How do you have FF configured-no proxy?  And webshield default scanning on port 80?  Try logging the output of FF and webshield with KPF4 to see what is happening.  Webshield only scans port 80; your HTTPS SSL traffic is normally on port 443. 

[Lisandro]

I am having problems accessing secure web sites - e.g. my on line bank - from Mozilla Firefox. I can access it using IE, or if I switch off the Web Shield in Avast. I can also access it if I route through a remote SSH proxy, presumably this bypasses the virus detection altogether.

As I posted elsewhere (http://forum.avast.com/index.php?topic=12856.0), my problem is the opposite: only Firefox works 

[diablo]

1. Firefox is configured for direct connection to Internet via my network. (NO proxy)

2. Avast is acting as a transparent proxy on port 80.

I have been trying to see what is going on, with a packet sniffer.

I normally access my bank site by connecting to an http: URL on port 80.
The bank server responds with a "302 Object Moved" redirection, to another URL, an HTTPS site. The webclient should logoff the first connection and then reconnect onto the HTTPS port.

This works ok on Internet Explorer + Avast.

When I try to access with FF + Avast, it sends out the request on port 80 and gets the redirection request, but then stalls at this point. The browser says it's still waiting for the FIRST URL - so I assume that the redirection html packet does not make it back thru' Avast to the browser. (I know - nothing to do with https protocol on port 443 yet!)

The strange thing is, if I enter the https: address directly (including the "https://" bit) and avoid the redirection, it works okay! I don't have this knowledge with all the secure sites I use, though.

Presumably Avast cannot monitor SSL (or TLS) protocols because it's still encrypted, at the point that Avast intercepts?

Diablo

[DavidR]

You might want to try thr avast pre-release version (4.6.650), see this thread for hoe to get it. http://forum.avast.com/index.php?topic=12798.0

[sded]

Have you tried using KPF 4 to look at the connections and log for FF and Webshield yet?  These type of sites usually have multiple simultaneous connections, so there may be a FF issue with that and the webshield transparent proxy and SSL connections.   Also the avast! log set to debug.  And no, avast! can't monitor the SSL/TLS traffic-your browser wouldn't be very secure if it could.   Technical found his mail ISP apparently setting up SSL sessions on port 80 with IE, which causes no end of problems because of that.  Could be something similar with FF and your site-lots of creative internetting out there.

[diablo]

I tried putting two logging rules into Kerio -
1. To log anything from Avast.
2. To log anything on remote port 443

Using "Internet Explorer" & "Avast" works ok, and resulted in a Kerio log of 1 packet to port 80 (via Avast) and 10 packets on port 443 from iexplore.exe (html & images)

Using "Firefox" & "Avast" does not work and only logs the first packet, port 80 from Avast. - Firefox just displays "Waiting for..."

When I enter sites that DO work, Kerio logs the normal (port 80) packets coming via ashwebsvr.exe (including the usual pop-up rubbish from Doubleclick.net), and the secure packets coming direct via firefox.exe.

Unfortunately the Kerio log does not record valid replies from the remote web servers; this is why I was using Packetyzer packet sniffer.

I am not getting anything in the Avast logs when the failure occurs, even at debug  setting.

[DavidR]

As I said try the pre-release version, it may resolve this issue, it has worked for others experiencing a similar problem (http: - https: and back or http: re-directs).

This won't take very long, certainly less time than sniffing/analysing the logs.

[sded]

Certainly try the prerelease version.  Also log the output of FF in Kerio to see if there is something going out to an authentication server on port 80 (different IP than the www site).  If so, probably secure that can't be read by avast!, not in the avast! log because it never gets through.

[diablo]

Installed Avast version 4.6.450 and this seems to have solved it. Thanks guys 

I think it would be a good idea for me  to block off (and flag) port 80 in the firewall for Firefox / IE , only allowing  Avast the use of this port.

[lukor]

Installed Avast version 4.6.450 and this seems to have solved it. Thanks guys 

Can you mark the issue as solved by changing the subject in the first message in a row - you might add [Solved] for example. The new version is about to be released, and thus we can track more easily if there are some pending issues even in the updated vers.

thanks.
lukas.