Normally, a secured website has to prove its identity to your browser by sending a certificate validated by a recognized certificate authority. Interception techniques, to be able to work, generate dynamically forged certificates. The addon checks that the received certificate by the client (1) from a visited HTTPS website matches the certificate seen by a remote check server* (2), ensuring no interception is taking place within your local network. The addon will compare those certificats (3). If they are different, your connection might be listened to! This is sufficiant to prove the interception. Here is how CheckmyHTTPS works :
* this server is by default « checkmyhttps.net ». You can install your own server (see documentation on CheckMyHTTPS GitHub).