From 32fcb03e1364268ab1ac5fb3713248f5d6042f1d Mon Sep 17 00:00:00 2001 From: mia26 Date: Wed, 27 Mar 2019 00:36:03 +0000 Subject: [PATCH 1/6] Update 'what-to-do.md' --- what-to-do.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/what-to-do.md b/what-to-do.md index 0e68e6fc2..8d3edc61c 100644 --- a/what-to-do.md +++ b/what-to-do.md @@ -144,10 +144,16 @@ Let's talk about _other software's privacy_... - Chrome is a [spyware](https://www.gnu.org/proprietary/malware-google.en.html). -- Brave Browser [whitelist Facebook/Twitter trackers](https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/). +- SRWare Iron make too many [phones home connection](https://spyware.neocities.org/articles/iron.html). It also connect to google domains. + +- Brave Browser [whitelist Facebook/Twitter trackers](https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/). Here's [more issues](https://spyware.neocities.org/articles/brave.html). - Microsoft Edge lets Facebook [run Flash code behind users' backs](https://www.zdnet.com/article/microsoft-edge-lets-facebook-run-flash-code-behind-users-backs/). +- Vivaldi [does not respect your privacy](https://spyware.neocities.org/articles/vivaldi.html). + +####### Therefore we recommend "Tor Browser" only. Nothing else. + ------------ ###### "Mozilla Firefox" user From e7c88cb4747b8fe9099a7ca7a5c0c28848416afa Mon Sep 17 00:00:00 2001 From: mia26 Date: Wed, 27 Mar 2019 00:36:34 +0000 Subject: [PATCH 2/6] Update 'what-to-do.md' --- what-to-do.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/what-to-do.md b/what-to-do.md index 8d3edc61c..9f30aa41d 100644 --- a/what-to-do.md +++ b/what-to-do.md @@ -152,7 +152,7 @@ Let's talk about _other software's privacy_... - Vivaldi [does not respect your privacy](https://spyware.neocities.org/articles/vivaldi.html). -####### Therefore we recommend "Tor Browser" only. Nothing else. +Therefore we recommend "Tor Browser" only. Nothing else. ------------ From 4be5f9ba9df638734001c5dc8f557c477ed87626 Mon Sep 17 00:00:00 2001 From: mia26 Date: Wed, 27 Mar 2019 00:38:49 +0000 Subject: [PATCH 3/6] Update 'cloudflare_owned_NS.txt' --- cloudflare_owned_NS.txt | 51 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/cloudflare_owned_NS.txt b/cloudflare_owned_NS.txt index a52412bed..a34775d7d 100644 --- a/cloudflare_owned_NS.txt +++ b/cloudflare_owned_NS.txt @@ -65,4 +65,53 @@ kevin.ns.cloudflare.com megan.ns.cloudflare.com peyton.ns.cloudflare.com tegan.ns.cloudflare.com -aida.ns.cloudflare.com \ No newline at end of file +aida.ns.cloudflare.com +abby.ns.cloudflare.com +alan.ns.cloudflare.com +alina.ns.cloudflare.com +amanda.ns.cloudflare.com +amy.ns.cloudflare.com +anna.ns.cloudflare.com +apollo.ns.cloudflare.com +arch.ns.cloudflare.com +aria.ns.cloudflare.com +asa.ns.cloudflare.com +ben.ns.cloudflare.com +beth.ns.cloudflare.com +bob.ns.cloudflare.com +brit.ns.cloudflare.com +coby.ns.cloudflare.com +coco.ns.cloudflare.com +cody.ns.cloudflare.com +cory.ns.cloudflare.com +demi.ns.cloudflare.com +dora.ns.cloudflare.com +dorthy.ns.cloudflare.com +duke.ns.cloudflare.com +edna.ns.cloudflare.com +elmo.ns.cloudflare.com +emma.ns.cloudflare.com +etta.ns.cloudflare.com +fay.ns.cloudflare.com +gabe.ns.cloudflare.com +gail.ns.cloudflare.com +hank.ns.cloudflare.com +heather.ns.cloudflare.com +hugh.ns.cloudflare.com +ian.ns.cloudflare.com +igor.ns.cloudflare.com +iris.ns.cloudflare.com +jasmine.ns.cloudflare.com +jill.ns.cloudflare.com +jim.ns.cloudflare.com +john.ns.cloudflare.com +jonah.ns.cloudflare.com +josh.ns.cloudflare.com +kim.ns.cloudflare.com +lily.ns.cloudflare.com +lucy.ns.cloudflare.com +max.ns.cloudflare.com +miki.ns.cloudflare.com +nelly.ns.cloudflare.com +olga.ns.cloudflare.com +rick.ns.cloudflare.com \ No newline at end of file From bcc2f956bddbb748445c82b14aff4e3283ea4ba3 Mon Sep 17 00:00:00 2001 From: mia26 Date: Wed, 27 Mar 2019 00:39:08 +0000 Subject: [PATCH 4/6] Update 'cloudflare_owned_NS.txt' --- cloudflare_owned_NS.txt | 116 +++++++++++++++++----------------------- 1 file changed, 50 insertions(+), 66 deletions(-) diff --git a/cloudflare_owned_NS.txt b/cloudflare_owned_NS.txt index a34775d7d..152aeefae 100644 --- a/cloudflare_owned_NS.txt +++ b/cloudflare_owned_NS.txt @@ -1,100 +1,55 @@ abby.ns.cloudflare.com adrian.ns.cloudflare.com +aida.ns.cloudflare.com +alan.ns.cloudflare.com albert.ns.cloudflare.com alex.ns.cloudflare.com +alina.ns.cloudflare.com alla.ns.cloudflare.com +amanda.ns.cloudflare.com amber.ns.cloudflare.com amy.ns.cloudflare.com andy.ns.cloudflare.com anna.ns.cloudflare.com -art.ns.cloudflare.com -athena.ns.cloudflare.com -austin.ns.cloudflare.com -ben.ns.cloudflare.com -bella.ns.cloudflare.com -bob.ns.cloudflare.com -norman.ns.cloudflare.com -chan.ns.cloudflare.com -coco.ns.cloudflare.com -cody.ns.cloudflare.com -darwin.ns.cloudflare.com -dee.ns.cloudflare.com -dom.ns.cloudflare.com -dina.ns.cloudflare.com -drew.ns.cloudflare.com -ed.ns.cloudflare.com -elinore.ns.cloudflare.com -emma.ns.cloudflare.com -foo.ns.cloudflare.com -fred.ns.cloudflare.com -gail.ns.cloudflare.com -glen.ns.cloudflare.com -guy.ns.cloudflare.com -hugh.ns.cloudflare.com -ian.ns.cloudflare.com -igor.ns.cloudflare.com -jeff.ns.cloudflare.com -jerry.ns.cloudflare.com -jill.ns.cloudflare.com -jim.ns.cloudflare.com -josh.ns.cloudflare.com -kate.ns.cloudflare.com -kip.ns.cloudflare.com -leah.ns.cloudflare.com -lee.ns.cloudflare.com -leia.ns.cloudflare.com -lex.ns.cloudflare.com -matt.ns.cloudflare.com -melinda.ns.cloudflare.com -newt.ns.cloudflare.com -nina.ns.cloudflare.com -norm.ns.cloudflare.com -pam.ns.cloudflare.com -paul.ns.cloudflare.com -pete.ns.cloudflare.com -rachel.ns.cloudflare.com -rick.ns.cloudflare.com -rob.ns.cloudflare.com -rose.ns.cloudflare.com -seth.ns.cloudflare.com -sofia.ns.cloudflare.com -terin.ns.cloudflare.com -theo.ns.cloudflare.com -zoe.ns.cloudflare.com -kevin.ns.cloudflare.com -megan.ns.cloudflare.com -peyton.ns.cloudflare.com -tegan.ns.cloudflare.com -aida.ns.cloudflare.com -abby.ns.cloudflare.com -alan.ns.cloudflare.com -alina.ns.cloudflare.com -amanda.ns.cloudflare.com -amy.ns.cloudflare.com -anna.ns.cloudflare.com apollo.ns.cloudflare.com arch.ns.cloudflare.com aria.ns.cloudflare.com +art.ns.cloudflare.com asa.ns.cloudflare.com +athena.ns.cloudflare.com +austin.ns.cloudflare.com +bella.ns.cloudflare.com ben.ns.cloudflare.com beth.ns.cloudflare.com bob.ns.cloudflare.com brit.ns.cloudflare.com +chan.ns.cloudflare.com coby.ns.cloudflare.com coco.ns.cloudflare.com cody.ns.cloudflare.com cory.ns.cloudflare.com +darwin.ns.cloudflare.com +dee.ns.cloudflare.com demi.ns.cloudflare.com +dina.ns.cloudflare.com +dom.ns.cloudflare.com dora.ns.cloudflare.com dorthy.ns.cloudflare.com +drew.ns.cloudflare.com duke.ns.cloudflare.com +ed.ns.cloudflare.com edna.ns.cloudflare.com +elinore.ns.cloudflare.com elmo.ns.cloudflare.com emma.ns.cloudflare.com etta.ns.cloudflare.com fay.ns.cloudflare.com +foo.ns.cloudflare.com +fred.ns.cloudflare.com gabe.ns.cloudflare.com gail.ns.cloudflare.com +glen.ns.cloudflare.com +guy.ns.cloudflare.com hank.ns.cloudflare.com heather.ns.cloudflare.com hugh.ns.cloudflare.com @@ -102,16 +57,45 @@ ian.ns.cloudflare.com igor.ns.cloudflare.com iris.ns.cloudflare.com jasmine.ns.cloudflare.com +jeff.ns.cloudflare.com +jerry.ns.cloudflare.com jill.ns.cloudflare.com jim.ns.cloudflare.com john.ns.cloudflare.com jonah.ns.cloudflare.com josh.ns.cloudflare.com +kate.ns.cloudflare.com +kevin.ns.cloudflare.com kim.ns.cloudflare.com +kip.ns.cloudflare.com +leah.ns.cloudflare.com +lee.ns.cloudflare.com +leia.ns.cloudflare.com +lex.ns.cloudflare.com lily.ns.cloudflare.com lucy.ns.cloudflare.com +matt.ns.cloudflare.com max.ns.cloudflare.com +megan.ns.cloudflare.com +melinda.ns.cloudflare.com miki.ns.cloudflare.com nelly.ns.cloudflare.com +newt.ns.cloudflare.com +nina.ns.cloudflare.com +norm.ns.cloudflare.com +norman.ns.cloudflare.com olga.ns.cloudflare.com -rick.ns.cloudflare.com \ No newline at end of file +pam.ns.cloudflare.com +paul.ns.cloudflare.com +pete.ns.cloudflare.com +peyton.ns.cloudflare.com +rachel.ns.cloudflare.com +rick.ns.cloudflare.com +rob.ns.cloudflare.com +rose.ns.cloudflare.com +seth.ns.cloudflare.com +sofia.ns.cloudflare.com +tegan.ns.cloudflare.com +terin.ns.cloudflare.com +theo.ns.cloudflare.com +zoe.ns.cloudflare.com \ No newline at end of file From d186ed2fef72bf95f849285157d42064e05ff051 Mon Sep 17 00:00:00 2001 From: mia26 Date: Wed, 27 Mar 2019 00:40:21 +0000 Subject: [PATCH 5/6] Update 'PEOPLE.md' --- PEOPLE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PEOPLE.md b/PEOPLE.md index 32cf415ed..4d8a97e71 100644 --- a/PEOPLE.md +++ b/PEOPLE.md @@ -27,7 +27,7 @@ Disqualify: "[I don’t trust Cloudflare with IPFS](https://blog.kareldonk.com/i-dont-trust-cloudflare-with-ipfs/)" by [Karel Donk](https://blog.kareldonk.com/) -"[Cloudflare IPFS experiment](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/cloudflare-IPFS-experiment.html)" by [Joe](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/index.html) +"[Cloudflare IPFS experiment](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/cloudflare-IPFS-experiment.html)" by [Joe](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/index.html) - ([archive](http://archive.fo/139z1)) "[Don't Trust CloudFlare](https://write.lain.haus/thufie/dont-trust-cloudflare)" by [@lunaterra@cyberia.social](https://cyberia.social/@lunaterra) From c94928a793888a32bf8a663a7bb27a928a4b9022 Mon Sep 17 00:00:00 2001 From: mia26 Date: Wed, 27 Mar 2019 02:48:35 +0000 Subject: [PATCH 6/6] Upload files to 'ismitmlink' --- ismitmlink/bg.js | 20 ++++++++----- ismitmlink/cs.js | 62 +++++++++++++++++++--------------------- ismitmlink/manifest.json | 2 +- 3 files changed, 44 insertions(+), 40 deletions(-) diff --git a/ismitmlink/bg.js b/ismitmlink/bg.js index 87a73de78..6a2a9393d 100644 --- a/ismitmlink/bg.js +++ b/ismitmlink/bg.js @@ -1,4 +1,14 @@ -const apiurl = 'https://searxes.danwin1210.me/collab/open/ismitm.php'; +let apiurl = 'https://searxes.danwin1210.me/collab/open/ismitm.php'; +let TORapiurl = 'http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/open/ismitm.php'; + +fetch('http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/open/hi.php', { + method: 'GET', + mode: 'cors' +}).then(r => r.text()).then(r => { + if (r == 'hi') { + apiurl = TORapiurl; + } +}).catch(() => {}); function is_infected(f) { return new Promise((g, b) => { @@ -9,9 +19,7 @@ function is_infected(f) { 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'f=' + f - }).then(function (r) { - return r.json(); - }).then(function (r) { + }).then(r => r.json()).then(r => { if (r[0]) { g(r[1]); } else { @@ -66,6 +74,4 @@ browser.storage.local.clear().then(() => { }, () => {}); } }); -}, (e) => { - console.log(e); -}); \ No newline at end of file +}, () => {}); \ No newline at end of file diff --git a/ismitmlink/cs.js b/ismitmlink/cs.js index c274e3b6f..1361a6660 100644 --- a/ismitmlink/cs.js +++ b/ismitmlink/cs.js @@ -1,34 +1,32 @@ -if (document.body) { - if (!['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb', 'addons.mozilla.org'].includes(location.hostname)) { - let cs = (function () { - let s = document.createElement('style'); - document.head.appendChild(s); - return s.sheet; - })(); - if (cs) { - cs.insertRule("a[data-mitm]{text-decoration-line:line-through !important;text-decoration-color:red !important;text-decoration-style:double !important}", 0); - cs.insertRule("a[data-mitm]::before{content:'[MITM!]';font-weight:bold !important;color:red !important}", 1); - cs.insertRule("a[data-mitm]:hover::before{content:'[Privacy Risk!!]'}", 2); - cs.insertRule("a[data-mitm]:hover{color:red !important}", 3); - } - let asked = ['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb']; - document.querySelectorAll("a[href^='http://']:not([data-mitm]),a[href^='https://']:not([data-mitm]),a[href^='//']:not([data-mitm])").forEach(a => { - let aF = (new URL(a.href)).hostname; - if (!/^(.*)\.(onion|i2p|invalid|test|local|localhost|([0-9]{1,3})|bbs|chan|cyb|dyn|geek|gopher|indy|libre|neo|null|o|oss|oz|parody|pirate|bit|lib|coin|emc|bazar|fur)$/.test(aF) && !asked.includes(aF)) { - asked.push(aF); - browser.runtime.sendMessage(aF); - } - }); - browser.runtime.onMessage.addListener((request, sender, sendResponse) => { - if (request.length == 2) { - if (request[1]) { - document.querySelectorAll("a[href^='http://" + request[0] + "/']:not([data-mitm]),a[href^='https://" + request[0] + "/']:not([data-mitm]),a[href^='//" + request[0] + "/']:not([data-mitm])").forEach(a => { - a.dataset.mitm = 1; - a.title = 'DANGER! DANGER! MITM!'; - }); - } - } - sendResponse(null); - }); +if (document.body && !['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb'].includes(location.hostname)) { + let cs = (function () { + let s = document.createElement('style'); + document.head.appendChild(s); + return s.sheet; + })(); + if (cs) { + cs.insertRule("a[data-mitm]{text-decoration-line:line-through !important;text-decoration-color:red !important;text-decoration-style:double !important}", 0); + cs.insertRule("a[data-mitm]::before{content:'[MITM!]';font-weight:bold !important;color:red !important}", 1); + cs.insertRule("a[data-mitm]:hover::before{content:'[Privacy Risk!!]'}", 2); + cs.insertRule("a[data-mitm]:hover{color:red !important}", 3); } + let asked = ['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb', 'addons.mozilla.org']; + document.querySelectorAll("a[href^='http://']:not([data-mitm]),a[href^='https://']:not([data-mitm]),a[href^='//']:not([data-mitm])").forEach(a => { + let aF = (new URL(a.href)).hostname; + if (!/^(.*)\.(onion|i2p|invalid|test|local|localhost|([0-9]{1,3})|bbs|chan|cyb|dyn|geek|gopher|indy|libre|neo|null|o|oss|oz|parody|pirate|bit|lib|coin|emc|bazar|fur)$/.test(aF) && !asked.includes(aF)) { + asked.push(aF); + browser.runtime.sendMessage(aF); + } + }); + browser.runtime.onMessage.addListener((request, sender, sendResponse) => { + if (request.length == 2) { + if (request[1]) { + document.querySelectorAll("a[href^='http://" + request[0] + "/']:not([data-mitm]),a[href^='https://" + request[0] + "/']:not([data-mitm]),a[href^='//" + request[0] + "/']:not([data-mitm])").forEach(a => { + a.dataset.mitm = 1; + a.title = 'DANGER! DANGER! MITM!'; + }); + } + } + sendResponse(null); + }); } \ No newline at end of file diff --git a/ismitmlink/manifest.json b/ismitmlink/manifest.json index 7c851fa49..f064778d6 100644 --- a/ismitmlink/manifest.json +++ b/ismitmlink/manifest.json @@ -2,7 +2,7 @@ "manifest_version": 2, "name": "Are links vulnerable to MITM attack?", "description": "Scan FQDN using Searxes' API", - "version": "1.0.3", + "version": "1.0.4", "homepage_url": "https://notabug.org/themusicgod1/cloudflare-tor/src/master/ismitmlink", "author": "Maslin Bossé", "permissions": [