Here's the observed behavior; my keypresses in curly braces:
{[CTRL+L]wi[TAB]}
* A GET with no search string is issued to
text.pmtpa.wikimedia.org as plaintext (Request URI: /wiki/Special:Search?search=)
*
text.pmtpa.wikimedia.org responds with a 301 Moved Permanently (Location:
http://www.wikipedia.org/wiki/Special:Search?search=\r\n)
* A GET with no search string is issued to
text.pmtpa.wikimedia.org as plaintext (Request URI: /wiki/Special:Search?search=)
*
text.pmtpa.wikimedia.org responds with a 301 Moved Permanently
(Location:
http://www.wikipedia.org/wiki/Special:Search?search=\r\n)
* my system then initiates a TLSv1 session with
secure.wikimedia.org{b}
* A GET is issued in plaintext to
text.pmtpa.wikimedia.org (Request URI: /wiki/Special:Search?search=b)
*
text.pmtpa.wikimedia.org responds with a 301 Moved Permanently (Location:
http://www.wikipedia.org/wiki/Special:Search?search=b\r\n)
* A GET is issued in plaintext to
text.pmtpa.wikimedia.org (Request URI: /wiki/Special:Search?search=b)
*
text.pmtpa.wikimedia.org responds with a 301 Moved Permanently
(Location:
http://www.wikipedia.org/wiki/Special:Search?search=b\r\n)
* my system initiates a TLSv1 session with
secure.wikimedia.org* various GETs begin to be issued in plaintext for various resources from
upload.pmtpa.wikimedia.org, with the responses in plaintext
* intermingled with this is a smaller amount of encrypted communication, which I obviously cannot inspect from Wireshark
Note I haven't pressed [ENTER] yet, which should be intended behavior. However, note the following:
{[hover over "search the web" link in ABHD]}
* my system initiates a TLSv1 session with
www-google-analytics.l.google.com* encrypted communication
{eltzner}
* more of the above GET search requests sent in the clear to Wikimedia
{[ENTER]}
* final GET issued in the clear for final search term (with 301 response, repeat, 301 as above)
* TLSv1 session initiated
* encrypted communications (presumably transferring the content of the displayed page)
* FIN/ACK business with
text.pmtpa.wikimedia.orgNaturally, copying and pasting the resulting URL (
https://secure.wikimedia.org/wikipedia/en/wiki/Special:Search?search=beltzner) causes the session to be handled entirely over TLS/SSL. I suspect what you wanted to see was the result of entering the URL
http://en.wikipedia.org/wiki/Special:Search?search=beltzner directly. In this case, HTTPS Everywhere rewrites the URL before submitting the request, and the entire session is conducted over TLS/SSL. The same is done if a link to the non-encrypted version of a supported site is clicked.
I'm not familiar enough with all the available hooks to know why ABHD is getting around the ones that HTTPS Everywhere sets up. The source for the JS component is
http://is.gd/sDVPt0. Obviously in an ideal world the plaintext GETs would never happen, which is the primary issue I intended to bring up.
Thanks again for all the hard work and thought you're putting into these projects.