Author Topic: Did you test the browser on http.badssl?  (Read 2847 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33937
  • malware fighter
Did you test the browser on http.badssl?
« on: September 25, 2023, 05:46:53 AM »
Go to http://http.badssl.com/ to check against an insecure http connection.
Did you get a warning, did your screen turn red?
Ctrl + Shift+I turns up (depending on used extensions)
Quote
content.js:8 injected: env: missing script "b58e8ca5-b67c-40d3-8bd8-f3e91755d09b"!
Mt @ content.js:8
content.js:8 injected: env: missing script "ec95684d-0a32-44d9-a26c-65e86e70be75"!
Mt @ content.js:8
content.js:8 injected: env: missing script "328997de-9077-4f9f-9193-2f92e2fe7679"!
Mt @ content.js:8
3http.badssl.com/:1 Uncaught (in promise) Error: The message port closed before a response was received.
DevTools failed to load source map: Could not load content for chrome-extension://kbbidhfplpegemhlbcfboalcjdmgebap/public_static/3sm/jquery.min.map: System error: net::ERR_BLOCKED_BY_CLIENT
DevTools failed to load source map: Could not load content for chrome-extension://iidnbdjijdkbmajdffnidomddglmieko/sourceMap/detect-editors.js.map: System error: net::ERR_BLOCKED_BY_CLIENT

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Ruslan S.

  • Moderator
  • Jr. Member
  • *
  • Posts: 49
Re: Did you test the browser on http.badssl?
« Reply #1 on: October 09, 2023, 02:33:02 PM »
Hello
there is a page where you can report a malicious Website if you think that this page should be detected as dangerous
https://www.avast.com/en-gb/report-malicious-file.php

Offline midnight

  • Massive Poster
  • ****
  • Posts: 2479
Re: Did you test the browser on http.badssl?
« Reply #2 on: October 09, 2023, 03:42:17 PM »
Yes, and my screen was red
.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33937
  • malware fighter
Re: Did you test the browser on http.badssl?
« Reply #3 on: October 11, 2023, 02:57:04 PM »
This is a normal testsite since 2019 and not malicious. It is supposed to alert.

See: https://www.virustotal.com/gui/url/f1340801cee5059e0540653761028e253b286ca4a699ff51a932f79502e778a4?nocache=1
and https://zulu.zscaler.com/submission/d5b21d59-9bb2-4da1-b86c-9217f7116fd6

See: https://www.shodan.io/search?query=badssl.com%2F
HTTP GET on resource 'https://self-signed.badssl.com:443/' failed: PKIX path validation failed: sun.security.validator.ValidatorException

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline ondrejz

  • Browser QA Team
  • Moderator
  • Sr. Member
  • *
  • Posts: 356
    • Avast Secure Browser
Re: Did you test the browser on http.badssl?
« Reply #4 on: October 13, 2023, 03:04:46 PM »
Hi polonus,

I see the red page. The same result in Chrome and Brave.
We report the site as "Not secure" in the omnibox with exclamation mark. We use the same way of indication as used in other chromium based browsers.

What kind of warning would you expect?

Thanks