Experts Round Table Network

Known Issue : Will loop on sites that forcefully redirect from HTTPS back to HTTP for example Google. Google has been added to the exclude list for the time being until a workaround is made. Any site that has this problem remove it from the include list or add to the exclude list.

Language: javascript (GeSHi-highlighted)
// ==UserScript==
// @name          Force Secure Connection
// @description	  Forces A Domain To Use The HTTPS Scheme
// @include       *.example.com/*
// @exclude       http://*.google.com/*
// ==/UserScript==
 
/************************************************************************/
/* Copyright (c) 2006 by CrYpTiC MauleR                                 */
/* cryptic_mauler {at} expertsrt {dot} net                              */
/*                                                                      */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License.       */
/************************************************************************/
 
/* Check If Is NOT https */
if (/^http:/.test(document.URL))
{
    /* Make Redirect URL */
    const redirect = 'https' + document.URL.substr(4);
 
    /* Lets Check If New URL Will Load */
    GM_xmlhttpRequest(
    {
        /* Use Faster HEAD Method */
        method:'HEAD',
 
        /* Set Redirect URL */
        url:redirect,
 
        onload:function(http_request)
        {
            /* Check HTTP Status & State */
            if ((4 == http_request.readyState) && ('OK' == http_request.statusText))
            {
                /* Redirect To https */
                window.location.replace(redirect);
            }
        }
    })
}
else
{
    /* Make Regex For Matching Current Domain */
    const regex = new RegExp('^http://' + document.domain);
 
    function convert(elems, attribute)
    {
        /* Get Tags */
        var lnks = document.getElementsByTagName(elems);
 
        /* Loops Through All Elements */
        for (var i = 0; i < lnks.length; i++)
        {
            /* Get URL */
            var lnk = lnks[i].getAttribute(attribute);
 
            /* Check If Absolute URL For Current Domain */
            if (regex.test(lnk))
            {
                /* Make Absolute URL Use HTTPS */
                lnks[i].setAttribute(attribute, 'https' + lnk.substr(4));
            }
        }
    }
 
    /* Loop Through FORM & A Tags To Convert URL */
    convert('a', 'href');
    convert('form', 'action');
}

Above uses the GreaseMonkey (http://greasemonkey.mozdev.org/) extension for Firefox. It will force a domain(s) of your choice to use the HTTPS scheme.

It will first check if the scheme will break the site, in such cases where the site will not load HTTPS scheme for that domain, if it does it will redirect to the HTTPS version of that URL.

Another nice feature is once you are on a HTTPS page it will convert any absolute URLS for <a> (href) and <form> (action) tags for the current domain that is not HTTPS to HTTPS, by doing so it will prevent needless redirects and page accesses to the server. Thus happy server admin and happy surfer =o). More documentation on GreaseMonkey script available at Dive Into GreaseMonkey (http://diveintogreasemonkey.org/)

If you are security cautious or a system admin having problems with people not using secure logins then this is the script for you. Any comments, or suggestions appreciated =o), safe surfing!

Cool Nick  :thumbup: