see https://notabug.org/themusicgod1/cloudflare-tor/pulls/154#issuecomment-13978

bcma/LICENSE.txt

@@ -1,25 +0,0 @@
-The MIT License
-
-Copyright (c) 2017 Project BCMA
-Copyright (c) 2017 cypherpunks
-Copyright (c) 2017 nullius <nullius@nym.zone>
-Copyright (c) 2018 Searxes <searxes.danwin1210.me>
-Copyright (c) 2018 Jeff Cliff <pleroma.oniichanylo2tsi4.onion/users/e51638c3>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

bcma/manifest.json

@@ -1,42 +0,0 @@
-{
-   "manifest_version": 2,
-   "name": "Block Cloudflare MITM Attack",
-   "description": "Submit to global surveillance or resist. The choice is yours.",
-   "version": "1.0.5.1",
-   "author": "Project BCMA",
-   "homepage_url": "https://trac.torproject.org/projects/tor/ticket/24351",
-   "permissions": [
-      "<all_urls>",
-      "activeTab",
-      "tabs",
-      "webRequest",
-      "webRequestBlocking",
-      "webNavigation"
-   ],
-   "icons": {
-      "32": "icons/icon-32.png",
-      "48": "icons/icon-48.png",
-      "64": "icons/icon-64.png"
-   },
-   "background": {
-      "scripts": [
-         "anticloudflare.js"
-      ]
-   },
-   "options_ui": {
-      "page": "mydata.html",
-      "browser_style": false
-   },
-   "browser_action": {
-      "browser_style": false,
-      "default_icon": {
-         "32": "icons/cf_0.png"
-      }
-   },
-   "applications": {
-      "gecko": {
-         "id": "24351@trac.torproject.org",
-         "strict_min_version": "52.0"
-      }
-   }
-}

bcma/mydata.html

@@ -1,35 +0,0 @@
-<html>
-   <head>
-      <meta charset="utf-8">
-      <link rel="stylesheet" href="style.css">
-   </head>
-   <body style="display:none">
-      Temporary configurations
-      <hr>
-      <b>&#9758; Built-in Cloudflare list</b> <small>(powered by <a href="https://searxes.danwin1210.me/" target="_blank">Searxes</a>)</small><br>
-      <label><input type="radio" id="bi0" name="bi" value="0"> Use built-in list</label> <small>(Default)</small><br>
-      <label><input type="radio" id="bi1" name="bi" value="1"> Don't use built-in list</label><br>
-      <br>
-      <b>&#9822; Take Action</b><br>
-      <label><input type="radio" id="ta0" name="ta" value="0"> Block request immediately <small>(first-party + third-party)</small></label> <small>(Default)</small><br>
-      <label><input type="radio" id="ta1" name="ta" value="1"> Block request immediately <small>(third-party only / ignore first-party)</small></label><br>
-      <label><input type="radio" id="ta2" name="ta" value="2"> Redirect to Internet Archive(first-party) + Ignore third-party</label><br>
-      <label><input type="radio" id="ta3" name="ta" value="3"> Notify only</label><br>
-      <br>
-      <b>&#9997; Your Cloudflare Domain collection</b> <small>(Last 500)</small><br>
-      <small>(please share with <a href="https://notabug.org/themusicgod1/cloudflare-tor/" target="_blank">cloudflare-tor@notabug</a>)</small><br>
-      <textarea cols="50" rows="12" id="t" wrap="off" spellcheck="false" placeholder="Cloudflare domains"></textarea>
-      <br>
-      <button type="button" id="exp">[ &#8659; Export ]</button>
-      &nbsp;&nbsp;
-      <button type="button" id="clr">[ &#8634; Clear ]</button><br>
-      <br>
-      <b>&#9997; Your Cloudflare Ignore list (NOT RECOMMEND!)</b><br>
-      <textarea cols="50" rows="10" id="g" wrap="off" spellcheck="false" placeholder="hypothes.is"></textarea>
-      <br>
-      <button type="button" id="ign">[ &#8657; Apply ]</button>
-      <hr>
-      "<i>Welcome to PRISM 2.0</i>"
-      <script src="mydata.js"></script>
-   </body>
-</html>

bcma/mydata.js

@@ -1,105 +0,0 @@
-function onError(e) {
-	console.log(`Error:${e}`);
-}
-
-document.addEventListener('DOMContentLoaded', function () {
-	browser.runtime.sendMessage(['cf']).then(function (r) {
-		if (r[0] == 'ok') {
-			document.getElementById('t').value = JSON.parse(r[1]).join("\n");
-			document.getElementById('g').value = JSON.parse(r[2]).join("\n");
-			if (r[3]) {
-				document.getElementById('bi0').checked = true;
-				document.getElementById('bi1').checked = false;
-			} else {
-				document.getElementById('bi0').checked = false;
-				document.getElementById('bi1').checked = true;
-			}
-			switch (r[4]) {
-				case 1:
-					document.getElementById('ta0').checked = false;
-					document.getElementById('ta1').checked = true;
-					document.getElementById('ta2').checked = false;
-					document.getElementById('ta3').checked = false;
-					break;
-				case 2:
-					document.getElementById('ta0').checked = false;
-					document.getElementById('ta1').checked = false;
-					document.getElementById('ta2').checked = true;
-					document.getElementById('ta3').checked = false;
-					break;
-				case 3:
-					document.getElementById('ta0').checked = false;
-					document.getElementById('ta1').checked = false;
-					document.getElementById('ta2').checked = false;
-					document.getElementById('ta3').checked = true;
-					break;
-				default:
-					document.getElementById('ta0').checked = true;
-					document.getElementById('ta1').checked = false;
-					document.getElementById('ta2').checked = false;
-					document.getElementById('ta3').checked = false;
-					break;
-			}
-			document.body.style.display = 'block';
-			document.addEventListener('contextmenu', function (z) {
-				if (z.target.tagName != 'TEXTAREA') {
-					z.preventDefault();
-				}
-			});
-		} else {
-			document.getElementById('t').value = '!!! LOAD ERROR !!!';
-			document.getElementById('g').value = '!!! LOAD ERROR !!!';
-		}
-	}, onError);
-});
-
-document.getElementById('exp').addEventListener('click', function () {
-	browser.tabs.create({
-		active: true,
-		url: 'about:blank'
-	}).then(function (t) {
-		browser.tabs.executeScript(t.id, {
-			matchAboutBlank: true,
-			code: "document.documentElement.innerHTML='<html><head><title>Data</title></head><body><pre>'+atob('" + btoa(document.getElementById('t').value) + "')+'</pre></body></html>';window.stop();"
-		}).then(function (e) {}, onError);
-	}, onError);
-});
-
-document.getElementById('clr').addEventListener('click', function () {
-	browser.runtime.sendMessage(['erosman']).then(function (r) {
-		document.getElementById('t').value = '';
-	}, onError);
-});
-document.getElementById('bi0').addEventListener('click', function () {
-	if (this.checked) {
-		browser.runtime.sendMessage(['bi', 'y']).then(function (r) {}, onError);
-	}
-});
-document.getElementById('bi1').addEventListener('click', function () {
-	if (this.checked) {
-		browser.runtime.sendMessage(['bi', 'n']).then(function (r) {}, onError);
-	}
-});
-document.getElementById('ta0').addEventListener('click', function () {
-	if (this.checked) {
-		browser.runtime.sendMessage(['ta', '0']).then(function (r) {}, onError);
-	}
-});
-document.getElementById('ta1').addEventListener('click', function () {
-	if (this.checked) {
-		browser.runtime.sendMessage(['ta', '1']).then(function (r) {}, onError);
-	}
-});
-document.getElementById('ta2').addEventListener('click', function () {
-	if (this.checked) {
-		browser.runtime.sendMessage(['ta', '2']).then(function (r) {}, onError);
-	}
-});
-document.getElementById('ta3').addEventListener('click', function () {
-	if (this.checked) {
-		browser.runtime.sendMessage(['ta', '3']).then(function (r) {}, onError);
-	}
-});
-document.getElementById('ign').addEventListener('click', function () {
-	browser.runtime.sendMessage(['ig', document.getElementById('g').value.split("\n")]).then(function (r) {}, onError);
-});

bcma/style.css

@@ -1,52 +0,0 @@
-*::-moz-focus-inner {
-	border: 0
-}
-
-*:focus {
-	outline: none;
-	outline-style: none
-}
-
-button {
-	background-color: transparent;
-	background-repeat: no-repeat;
-	border: 0;
-	overflow: hidden;
-	outline: none;
-	outline-style: none
-}
-
-body {
-	font: 13px Verdana;
-	overflow-x: hidden;
-	-webkit-user-select: none;
-	-moz-user-select: none;
-	cursor: default
-}
-
-button {
-	display: inline-block;
-	height: 27px
-}
-
-div {
-	-webkit-user-select: none;
-	-moz-user-select: none
-}
-
-hr {
-	color: #dcdcdc;
-	height: 0;
-	background: #dcdcdc
-}
-
-label {
-	-webkit-user-select: none;
-	-moz-user-select: none
-}
-
-textarea {
-	white-space: pre;
-	overflow-wrap: normal;
-	overflow-x: scroll
-}

ismitmlink/LICENSE.txt

@@ -1,21 +0,0 @@
-The MIT License
-
-Copyright (c) 2019 Maslin Bossé
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

ismitmlink/README.md

@@ -1,5 +0,0 @@
-This is a source code of Maslin Bossé's "*Are links vulnerable to MITM?*".
-
-PRs are welcome.
-
-AMO: https://addons.mozilla.org/en-US/firefox/addon/are-links-vulnerable-to-mitm/

ismitmlink/bg.js

@@ -1,77 +0,0 @@
-let apiurl = 'https://searxes.danwin1210.me/collab/open/ismitm.php';
-let TORapiurl = 'http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/open/ismitm.php';
-
-fetch('http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/open/hi.php', {
-	method: 'GET',
-	mode: 'cors'
-}).then(r => r.text()).then(r => {
-	if (r == 'hi') {
-		apiurl = TORapiurl;
-	}
-}).catch(() => {});
-
-function is_infected(f) {
-	return new Promise((g, b) => {
-		fetch(apiurl, {
-			method: 'POST',
-			mode: 'cors',
-			headers: {
-				'Content-Type': 'application/x-www-form-urlencoded'
-			},
-			body: 'f=' + f
-		}).then(r => r.json()).then(r => {
-			if (r[0]) {
-				g(r[1]);
-			} else {
-				b();
-			}
-		}).catch(b);
-	});
-}
-
-function i_already_know_you(f) {
-	if (!/^([a-z0-9_.-]{1,255})\.([a-z]{2,80})$/.test(f)) {
-		return false;
-	}
-	return new Promise((g, b) => {
-		browser.storage.local.get(f).then((ff) => {
-			if (ff[f]) {
-				if (ff[f] == 'y') {
-					g(1);
-				} else {
-					g(-1);
-				}
-			} else {
-				g(0);
-			}
-		}, () => {
-			g(0);
-		});
-	});
-}
-
-function i_remember_you(f, t) {
-	browser.storage.local.set({
-		[f]: ((t) ? 'y' : 'n')
-	});
-}
-
-browser.storage.local.clear().then(() => {
-	browser.runtime.onMessage.addListener((request, sender, sendResponse) => {
-		if (request && sender) {
-			i_already_know_you(request).then((r) => {
-				if (r == 1 || r == -1) {
-					browser.tabs.sendMessage(sender.tab.id, [request, ((r == 1) ? true : false)]);
-				}
-				if (r == 0) {
-					is_infected(request).then((a) => {
-						i_remember_you(request, a);
-						browser.tabs.sendMessage(sender.tab.id, [request, a]);
-					}, () => {
-						browser.tabs.sendMessage(sender.tab.id, [request, false]);
-					});
-				}
-			}, () => {});
-		}
-	});
-}, () => {});

ismitmlink/cs.js

@@ -1,32 +0,0 @@
-if (document.body && !['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb'].includes(location.hostname)) {
-	let cs = (function () {
-		let s = document.createElement('style');
-		document.head.appendChild(s);
-		return s.sheet;
-	})();
-	if (cs) {
-		cs.insertRule("a[data-mitm]{text-decoration-line:line-through !important;text-decoration-color:red !important;text-decoration-style:double !important}", 0);
-		cs.insertRule("a[data-mitm]::before{content:'[MITM!]';font-weight:bold !important;color:red !important}", 1);
-		cs.insertRule("a[data-mitm]:hover::before{content:'[Privacy Risk!!]'}", 2);
-		cs.insertRule("a[data-mitm]:hover{color:red !important}", 3);
-	}
-	let asked = ['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb', 'addons.mozilla.org'];
-	document.querySelectorAll("a[href^='http://']:not([data-mitm]),a[href^='https://']:not([data-mitm]),a[href^='//']:not([data-mitm])").forEach(a => {
-		let aF = (new URL(a.href)).hostname;
-		if (!/^(.*)\.(onion|i2p|invalid|test|local|localhost|([0-9]{1,3})|bbs|chan|cyb|dyn|geek|gopher|indy|libre|neo|null|o|oss|oz|parody|pirate|bit|lib|coin|emc|bazar|fur)$/.test(aF) && !asked.includes(aF)) {
-			asked.push(aF);
-			browser.runtime.sendMessage(aF);
-		}
-	});
-	browser.runtime.onMessage.addListener((request, sender, sendResponse) => {
-		if (request.length == 2) {
-			if (request[1]) {
-				document.querySelectorAll("a[href^='http://" + request[0] + "/']:not([data-mitm]),a[href^='https://" + request[0] + "/']:not([data-mitm]),a[href^='//" + request[0] + "/']:not([data-mitm])").forEach(a => {
-					a.dataset.mitm = 1;
-					a.title = 'DANGER! DANGER! MITM!';
-				});
-			}
-		}
-		sendResponse(null);
-	});
-}

ismitmlink/manifest.json

@@ -1,38 +0,0 @@
-{
-   "manifest_version": 2,
-   "name": "Are links vulnerable to MITM attack?",
-   "description": "Scan FQDN using Searxes' API",
-   "version": "1.0.4",
-   "homepage_url": "https://notabug.org/themusicgod1/cloudflare-tor/src/master/ismitmlink",
-   "author": "Maslin Bossé",
-   "permissions": [
-      "storage",
-      "unlimitedStorage"
-   ],
-   "icons": {
-      "32": "icons/32.png"
-   },
-   "background": {
-      "scripts": [
-         "bg.js"
-      ]
-   },
-   "content_scripts": [
-      {
-         "matches": [
-            "http://*/*",
-            "https://*/*"
-         ],
-         "js": [
-            "cs.js"
-         ],
-         "run_at": "document_end"
-      }
-   ],
-   "applications": {
-      "gecko": {
-         "id": "ismitm@searxes.danwin1210.me",
-         "strict_min_version": "56.0"
-      }
-   }
-}