Merge branch 'master' of mia26/cloudflare-tor into master

PEOPLE.md

@@ -27,7 +27,7 @@ Disqualify:
 
 "[I don’t trust Cloudflare with IPFS](https://blog.kareldonk.com/i-dont-trust-cloudflare-with-ipfs/)" by [Karel Donk](https://blog.kareldonk.com/)
 
-"[Cloudflare IPFS experiment](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/cloudflare-IPFS-experiment.html)" by [Joe](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/index.html)
+"[Cloudflare IPFS experiment](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/cloudflare-IPFS-experiment.html)" by [Joe](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/index.html) - ([archive](http://archive.fo/139z1))
 
 "[Don't Trust CloudFlare](https://write.lain.haus/thufie/dont-trust-cloudflare)" by [@lunaterra@cyberia.social](https://cyberia.social/@lunaterra)
 

cloudflare_owned_NS.txt

@@ -1,68 +1,101 @@
 abby.ns.cloudflare.com
 adrian.ns.cloudflare.com
+aida.ns.cloudflare.com
+alan.ns.cloudflare.com
 albert.ns.cloudflare.com
 alex.ns.cloudflare.com
+alina.ns.cloudflare.com
 alla.ns.cloudflare.com
+amanda.ns.cloudflare.com
 amber.ns.cloudflare.com
 amy.ns.cloudflare.com
 andy.ns.cloudflare.com
 anna.ns.cloudflare.com
+apollo.ns.cloudflare.com
+arch.ns.cloudflare.com
+aria.ns.cloudflare.com
 art.ns.cloudflare.com
+asa.ns.cloudflare.com
 athena.ns.cloudflare.com
 austin.ns.cloudflare.com
-ben.ns.cloudflare.com
 bella.ns.cloudflare.com
+ben.ns.cloudflare.com
+beth.ns.cloudflare.com
 bob.ns.cloudflare.com
-norman.ns.cloudflare.com
+brit.ns.cloudflare.com
 chan.ns.cloudflare.com
+coby.ns.cloudflare.com
 coco.ns.cloudflare.com
 cody.ns.cloudflare.com
+cory.ns.cloudflare.com
 darwin.ns.cloudflare.com
 dee.ns.cloudflare.com
-dom.ns.cloudflare.com
+demi.ns.cloudflare.com
 dina.ns.cloudflare.com
+dom.ns.cloudflare.com
+dora.ns.cloudflare.com
+dorthy.ns.cloudflare.com
 drew.ns.cloudflare.com
+duke.ns.cloudflare.com
 ed.ns.cloudflare.com
+edna.ns.cloudflare.com
 elinore.ns.cloudflare.com
+elmo.ns.cloudflare.com
 emma.ns.cloudflare.com
+etta.ns.cloudflare.com
+fay.ns.cloudflare.com
 foo.ns.cloudflare.com
 fred.ns.cloudflare.com
+gabe.ns.cloudflare.com
 gail.ns.cloudflare.com
 glen.ns.cloudflare.com
 guy.ns.cloudflare.com
+hank.ns.cloudflare.com
+heather.ns.cloudflare.com
 hugh.ns.cloudflare.com
 ian.ns.cloudflare.com
 igor.ns.cloudflare.com
+iris.ns.cloudflare.com
+jasmine.ns.cloudflare.com
 jeff.ns.cloudflare.com
 jerry.ns.cloudflare.com
 jill.ns.cloudflare.com
 jim.ns.cloudflare.com
+john.ns.cloudflare.com
+jonah.ns.cloudflare.com
 josh.ns.cloudflare.com
 kate.ns.cloudflare.com
+kevin.ns.cloudflare.com
+kim.ns.cloudflare.com
 kip.ns.cloudflare.com
 leah.ns.cloudflare.com
 lee.ns.cloudflare.com
 leia.ns.cloudflare.com
 lex.ns.cloudflare.com
+lily.ns.cloudflare.com
+lucy.ns.cloudflare.com
 matt.ns.cloudflare.com
+max.ns.cloudflare.com
+megan.ns.cloudflare.com
 melinda.ns.cloudflare.com
+miki.ns.cloudflare.com
+nelly.ns.cloudflare.com
 newt.ns.cloudflare.com
 nina.ns.cloudflare.com
 norm.ns.cloudflare.com
+norman.ns.cloudflare.com
+olga.ns.cloudflare.com
 pam.ns.cloudflare.com
 paul.ns.cloudflare.com
 pete.ns.cloudflare.com
+peyton.ns.cloudflare.com
 rachel.ns.cloudflare.com
 rick.ns.cloudflare.com
 rob.ns.cloudflare.com
 rose.ns.cloudflare.com
 seth.ns.cloudflare.com
 sofia.ns.cloudflare.com
+tegan.ns.cloudflare.com
 terin.ns.cloudflare.com
 theo.ns.cloudflare.com
-zoe.ns.cloudflare.com
+zoe.ns.cloudflare.com
-kevin.ns.cloudflare.com
-megan.ns.cloudflare.com
-peyton.ns.cloudflare.com
-tegan.ns.cloudflare.com
-aida.ns.cloudflare.com

ismitmlink/bg.js

@@ -1,4 +1,14 @@
-const apiurl = 'https://searxes.danwin1210.me/collab/open/ismitm.php';
+let apiurl = 'https://searxes.danwin1210.me/collab/open/ismitm.php';
+let TORapiurl = 'http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/open/ismitm.php';
+
+fetch('http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/open/hi.php', {
+	method: 'GET',
+	mode: 'cors'
+}).then(r => r.text()).then(r => {
+	if (r == 'hi') {
+		apiurl = TORapiurl;
+	}
+}).catch(() => {});
 
 function is_infected(f) {
 	return new Promise((g, b) => {
@@ -9,9 +19,7 @@ function is_infected(f) {
 				'Content-Type': 'application/x-www-form-urlencoded'
 			},
 			body: 'f=' + f
-		}).then(function (r) {
+		}).then(r => r.json()).then(r => {
-			return r.json();
-		}).then(function (r) {
 			if (r[0]) {
 				g(r[1]);
 			} else {
@@ -66,6 +74,4 @@ browser.storage.local.clear().then(() => {
 			}, () => {});
 		}
 	});
-}, (e) => {
+}, () => {});
-	console.log(e);
-});

ismitmlink/cs.js

@@ -1,34 +1,32 @@
-if (document.body) {
+if (document.body && !['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb'].includes(location.hostname)) {
-	if (!['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb', 'addons.mozilla.org'].includes(location.hostname)) {
+	let cs = (function () {
-		let cs = (function () {
+		let s = document.createElement('style');
-			let s = document.createElement('style');
+		document.head.appendChild(s);
-			document.head.appendChild(s);
+		return s.sheet;
-			return s.sheet;
+	})();
-		})();
+	if (cs) {
-		if (cs) {
+		cs.insertRule("a[data-mitm]{text-decoration-line:line-through !important;text-decoration-color:red !important;text-decoration-style:double !important}", 0);
-			cs.insertRule("a[data-mitm]{text-decoration-line:line-through !important;text-decoration-color:red !important;text-decoration-style:double !important}", 0);
+		cs.insertRule("a[data-mitm]::before{content:'[MITM!]';font-weight:bold !important;color:red !important}", 1);
-			cs.insertRule("a[data-mitm]::before{content:'[MITM!]';font-weight:bold !important;color:red !important}", 1);
+		cs.insertRule("a[data-mitm]:hover::before{content:'[Privacy Risk!!]'}", 2);
-			cs.insertRule("a[data-mitm]:hover::before{content:'[Privacy Risk!!]'}", 2);
+		cs.insertRule("a[data-mitm]:hover{color:red !important}", 3);
-			cs.insertRule("a[data-mitm]:hover{color:red !important}", 3);
-		}
-		let asked = ['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb'];
-		document.querySelectorAll("a[href^='http://']:not([data-mitm]),a[href^='https://']:not([data-mitm]),a[href^='//']:not([data-mitm])").forEach(a => {
-			let aF = (new URL(a.href)).hostname;
-			if (!/^(.*)\.(onion|i2p|invalid|test|local|localhost|([0-9]{1,3})|bbs|chan|cyb|dyn|geek|gopher|indy|libre|neo|null|o|oss|oz|parody|pirate|bit|lib|coin|emc|bazar|fur)$/.test(aF) && !asked.includes(aF)) {
-				asked.push(aF);
-				browser.runtime.sendMessage(aF);
-			}
-		});
-		browser.runtime.onMessage.addListener((request, sender, sendResponse) => {
-			if (request.length == 2) {
-				if (request[1]) {
-					document.querySelectorAll("a[href^='http://" + request[0] + "/']:not([data-mitm]),a[href^='https://" + request[0] + "/']:not([data-mitm]),a[href^='//" + request[0] + "/']:not([data-mitm])").forEach(a => {
-						a.dataset.mitm = 1;
-						a.title = 'DANGER! DANGER! MITM!';
-					});
-				}
-			}
-			sendResponse(null);
-		});
 	}
+	let asked = ['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb', 'addons.mozilla.org'];
+	document.querySelectorAll("a[href^='http://']:not([data-mitm]),a[href^='https://']:not([data-mitm]),a[href^='//']:not([data-mitm])").forEach(a => {
+		let aF = (new URL(a.href)).hostname;
+		if (!/^(.*)\.(onion|i2p|invalid|test|local|localhost|([0-9]{1,3})|bbs|chan|cyb|dyn|geek|gopher|indy|libre|neo|null|o|oss|oz|parody|pirate|bit|lib|coin|emc|bazar|fur)$/.test(aF) && !asked.includes(aF)) {
+			asked.push(aF);
+			browser.runtime.sendMessage(aF);
+		}
+	});
+	browser.runtime.onMessage.addListener((request, sender, sendResponse) => {
+		if (request.length == 2) {
+			if (request[1]) {
+				document.querySelectorAll("a[href^='http://" + request[0] + "/']:not([data-mitm]),a[href^='https://" + request[0] + "/']:not([data-mitm]),a[href^='//" + request[0] + "/']:not([data-mitm])").forEach(a => {
+					a.dataset.mitm = 1;
+					a.title = 'DANGER! DANGER! MITM!';
+				});
+			}
+		}
+		sendResponse(null);
+	});
 }

ismitmlink/manifest.json

@@ -2,7 +2,7 @@
    "manifest_version": 2,
    "name": "Are links vulnerable to MITM attack?",
    "description": "Scan FQDN using Searxes' API",
-   "version": "1.0.3",
+   "version": "1.0.4",
    "homepage_url": "https://notabug.org/themusicgod1/cloudflare-tor/src/master/ismitmlink",
    "author": "Maslin Bossé",
    "permissions": [

what-to-do.md

@@ -144,10 +144,16 @@ Let's talk about _other software's privacy_...
 
 - Chrome is a [spyware](https://www.gnu.org/proprietary/malware-google.en.html).
 
-- Brave Browser [whitelist Facebook/Twitter trackers](https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/).
+- SRWare Iron make too many [phones home connection](https://spyware.neocities.org/articles/iron.html). It also connect to google domains.
+
+- Brave Browser [whitelist Facebook/Twitter trackers](https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/). Here's [more issues](https://spyware.neocities.org/articles/brave.html).
 
 - Microsoft Edge lets Facebook [run Flash code behind users' backs](https://www.zdnet.com/article/microsoft-edge-lets-facebook-run-flash-code-behind-users-backs/).
 
+- Vivaldi [does not respect your privacy](https://spyware.neocities.org/articles/vivaldi.html).
+
+Therefore we recommend "Tor Browser" only. Nothing else.
+
 ------------
 
 ###### "Mozilla Firefox" user