How do I figure out which parts of a web page are encrypted and which aren't?

Question

I'm working on a webserver that I didn't totally set up and I'm trying to figure out which parts of a web page are being sent encrypted and which aren't. Firefox tells me that parts of the page are encrypted, but I want to know what, specifically, is encrypted.

Answer 1

For each element loaded in page, check their scheme:

• it starts with HTTPS: it is encrypted.
• it starts with HTTP: it's not encrypted.

(you can see a relatively complete list on firefox by right-clicking on the page and selecting "Page properties" then the "medias"tab.

EDIT: FF only shows images and multimedia elements. They are also javascript files & CSS ones which have to be checked. And Firebug is a good tool to find what you need.

Answer 2

Sniff the packets - that'll tell you really quick. WireShark is a good program for such a task.

Answer 3

Can firebug do this?

Edit: Looks like firebug will also do this using the "Net" panel, which also gives you some other interesting statistics.

Answer 4

Some elements may not list http or https, in this case whichever was used for the page will be used for these items, i.e. if the page request is under SSL then these images will come encrypted while if the page request is not under SSL then these will come unencrypted. Fiddler in Internet Explorer may also be useful in tracking down some of this information.

Answer 5

The best tool I have found for detecting http links on a https connection is Fiddler. It's also great for many other troubleshooting efforts.