Pin Patrol for Chrome

A tool for improving the experience using HSTS and HPKP in Chrome. It shows this information in a human readable way, from your own browser or from any other.

Tool description

A tool for improving the experience using HSTS and HPKP in Chrome. It shows this information in a human readable way, from your own browser or from any other. It is very easy to use and it can provide useful information about the HSTS and HPKP data stored by your browser or a different one. This is not just a Chrome extension, but a simple forensics tool for interpreting HPKP and HSTS data from any Chrome’s user.

Functionalities

Chrome stores HPKP and HSTS information hashing the domains in a standard format, so there is some “privacy” for the users. The extension also tries to “un-hash” the domains. If there is a domain in your HSTS and HPKP domains repository, it means you have visited it. So it should be in your History files. What this extension does is get to your history of domains visited and hash them. If this hash matches with some of the hashes in HSTS/HPKP, it “translates” it so it is un-hashed. There may be some domains that are not un-hashed. Some reasons:

- Your history has been deleted and the domain is not there, but still in the HSTS/HPKP repository.
- Some visits to some domains with HSTS and HPKP are done “in the background” of a webpage, as part of its APIs, advertising system, etc. And these may not be stored in the History.

Chrome offers an integrated way (chrome://net-internals/#hsts) to view some HSTS/HPKP information, but definitely it is not the best way to watch your domains.

The information provided by the table is the one stored by the browser, “translated” in a more human readable way.

- Domain: Domain protected under HSTS or HPKP. It may be hashed.
- Date: When the domain was last visited.
- Expiration Time: Max-age of HSTS or HPKP, in other words, when the entry will expire.
- Mode: Basically, always force-https.
- IncludeSubdomains: Whether the HSTS or HPKP directive includes subdomains.
- HPKP Pins: List of pins in the HPKP header.
- Report-uri: If the domain is using report-uri to inform about “anomalies”.
Pin Patrol for Chrome
Video Pin Patrol for Chrome
OUR TOOLS

Metashield Clean Up

THREATS AND VULNERABILITIES

Offer a public service of analysis and discovery from any device the metadata contained in your files.

DirtyTooth for Raspberry Pi

THREATS AND VULNERABILITIES

This tool represents a software implementation of the DirtyTooth Speaker in the form of a .deb package for Raspberry Pi.

Certificate Transparency

CONFIDENCE ON THE INTERNET

Certificate Transparency is a new layer of security on top of TLS ecosystem.