Assuming that the firmware on a router is infected or something like https://news.ycombinator.com/item?id=18086418 and I want to know if I am connected to the proper website?<p>Also, can one check if keystrokes are being recorded?
You see that lock icon in your browser's url bar? If you see that, then you're using an encrypted connection, and your browser was able to verify that the site's SSL certificate is valid and is signed by at least one trusted Certificate Authority. You can click on it to get more information about the certificate, which CA or CAs its signed by, how long it'll be valid for, etc.<p>If the firmware on your router is replaced by a malicious program, then it could intercept all SSL connections and handle them itself. However, it will not be able to present a valid certificate, signed by a real Certificate Authority. Thus the lock icon will show as broken, and you'll know that something is wrong.<p>Note that in a corporate setting, it's not unheard of for an employer to add itself as a trusted Certificate Authority on your work computer. This allows them to intercept all encrypted SSL traffic and also have the lock icon not be broken. Of course there's absolutely nothing wrong with this, because your employer is perfectly trustworthy and would never betray you or spy on you.