Greasemonkey script to block Gmail cookie-theft attacks

Ryan Naraine of ZDNet points out a Greasemonkey script that blocks Gmail cookie-theft attacks. The script can be downloaded here, and it redirects Gmail to use a "secure" HTTPS connection. You can modify the script to @include redirect any site that has HTTP or HTTPS to use HTTPS by default.

The meat of the script is just a couple lines:

@include     http://mail.google.com/*
location.href = location.href.replace(/^http:/, 'https:');

Posted by Marcin on Tuesday, August 7, 2007 in Privacy and Security.