Make Facebook/Twitter/Google handlers request over HTTPS

 * This will make Firesheep requests of Facebook, Twitter, and Google encrypted, as to prevent the additional leaking of information.
 * Should also break how Firesheperd and Blacksheep currently detect Firesheep based on Facebook requests (though it's still certainly possible to detect and mess with it)

Author: Ian Gallagher

xpi/handlers/facebook.js

@@ -1,8 +1,9 @@
 // Authors:
 //   Eric Butler <[email protected]>
+//   Ian Gallagher <[email protected]>
 register({
   name: 'Facebook',
-  url: 'http://www.facebook.com/home.php',
+  url: 'https://www.facebook.com/home.php',
   domains: [ 'facebook.com' ],
   sessionCookieNames: [ 'xs', 'c_user', 'sid' ],
 
@@ -11,4 +12,4 @@ register({
     this.userName   = resp.body.querySelector('#navAccountName').innerHTML;
     this.userAvatar = resp.body.querySelector('#navAccountPic img').src;
   }
-});
+});

xpi/handlers/google.js

@@ -18,7 +18,7 @@ register({
     // Grab avatar from Google Profiles page, if they have one
     var avatar_element;
     try {
-	    var profile = this.httpGet('http://www.google.com/profiles/me');
+	    var profile = this.httpGet('https://www.google.com/profiles/me');
 	    avatar_element = profile.body.querySelector('.ll_profilephoto.photo');
     }
     catch(err) {

xpi/handlers/twitter.js

@@ -1,9 +1,11 @@
 // Authors:
 //   Eric Butler <[email protected]>
+//   Ian Gallagher <[email protected]>
 Components.utils.import('resource://firesheep/util/RailsHelper.js');
 
 register({
   name: 'Twitter',
+  url: 'https://twitter.com/',
   domains: [ 'twitter.com' ],
   sessionCookieNames: [ '_twitter_sess', 'auth_token' ],
 
@@ -33,4 +35,4 @@ register({
       this.userAvatar = resp.body.querySelector('#profile-image img').src;
     }
   }
-});
+});