Import 1.0.8.6 from a.m.o. Closes #10.

README.md

@@ -7,6 +7,6 @@ The purpose of this browser add-on is to block Cloudflare sites.
 The TLS protocol promises end-to-end encryption between the client and an authenticated, identified endpoint server.  The browser’s lock icon is a UI widget which makes this promise to the user.  Cloudflare is a mass-decryption chokepoint, which intercepts and decrypts the Web requests made by billions of people to millions of websites.
 
 - Prior discussion: [Tor Browser Bug #24351: Block Global Active Adversary Cloudflare](https://trac.torproject.org/projects/tor/ticket/24351)
-- Imported from [block_cloudflare_mitm_attack-1.0.8-an+fx.xpi](https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/), by an anonymous cypherpunk.  “Cyperpunks write code.”  Cheers!
+- Imported from [block_cloudflare_mitm_attack-1.0.8.6-an+fx.xpi](https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/), by an anonymous cypherpunk.  “Cyperpunks write code.”  Cheers!
 - [Original announcement](https://trac.torproject.org/projects/tor/ticket/24351#comment:25)
 - Thanks to [Debian Bug #831835](https://bugs.debian.org/831835) for some inspiration.

src/META-INF/manifest.mf

@@ -0,0 +1,47 @@
+Manifest-Version: 1.0
+
+Name: manifest.json
+Digest-Algorithms: MD5 SHA1
+MD5-Digest: zGY60qlrfec2aFsUpYrEqw==
+SHA1-Digest: v9XeO2ot0V/rLuSXYs4AUccSP4Y=
+
+Name: setwhitelist.html
+Digest-Algorithms: MD5 SHA1
+MD5-Digest: 5IRX40t9xV3hOSzG5DQt8g==
+SHA1-Digest: bZ6eElvQE432Qn5zeoGXI46I4OU=
+
+Name: setwhitelist.js
+Digest-Algorithms: MD5 SHA1
+MD5-Digest: zyiTPW8+zVdotk5uf71nuw==
+SHA1-Digest: Ttn6071lJN7uBVK2UaZOhroEm5I=
+
+Name: stop_cf_mitm.js
+Digest-Algorithms: MD5 SHA1
+MD5-Digest: z8IOdHN5/VdbDGGQNMqMnw==
+SHA1-Digest: jzwn+6SLINasUf2De/FE8fpmNJc=
+
+Name: style.css
+Digest-Algorithms: MD5 SHA1
+MD5-Digest: qVs2pHeT+noWZ7sQttO/2Q==
+SHA1-Digest: TgXktEJyUNImPTbaPF/viYfWcQo=
+
+Name: icons/icon-16.png
+Digest-Algorithms: MD5 SHA1
+MD5-Digest: BMpS9q28ylgmlebPGO0HBw==
+SHA1-Digest: ejT7934OdR+CRbKWJFoXPSvAo7M=
+
+Name: icons/icon-32.png
+Digest-Algorithms: MD5 SHA1
+MD5-Digest: DPnYcEZnUZa6voVAI6nm0w==
+SHA1-Digest: CqFkcPOpoKmq7Ly82vbmq/Ouhzs=
+
+Name: icons/icon-48.png
+Digest-Algorithms: MD5 SHA1
+MD5-Digest: PVwvbCCjWU+2fJeaUrrwVA==
+SHA1-Digest: upats+fdmYeFmAtgvIVwaW8mszA=
+
+Name: icons/icon-64.png
+Digest-Algorithms: MD5 SHA1
+MD5-Digest: YVzojmSoYwjhM0m20OOk5A==
+SHA1-Digest: sa4ES4gA5mSb0cu9UgGpp/2eh84=
+

src/META-INF/mozilla.sf

@@ -0,0 +1,4 @@
+Signature-Version: 1.0
+MD5-Digest-Manifest: /gjyjvUwMAfWGYwYw54bpw==
+SHA1-Digest-Manifest: 93RJzzo6Uc5BI3Yj2ffLSr6dWnI=
+

src/manifest.json

@@ -2,7 +2,7 @@
 "manifest_version": 2,
 "name": "Block Cloudflare MiTM Attack",
 "description": "If the destination website use Cloudflare, block further request.",
-"version": "1.0.8.1",
+"version": "1.0.8.6",
 "homepage_url": "https://trac.torproject.org/projects/tor/ticket/24351",
 "permissions": ["webRequest","webRequestBlocking","<all_urls>","storage","activeTab"],
 "options_ui": {
@@ -28,4 +28,4 @@
     "strict_min_version": "52.0"
   }
 }
-}
+}

src/setwhitelist.html

@@ -1,18 +1,22 @@
 <html><head><meta charset="utf-8"><link rel="stylesheet" href="style.css"></head><body><form>
 [Whitelist]<br>
-1. Add FQDN you want to ignore. One FQDN per line. Click "Save".<br>
+1. Add FQDN or .FQDN you want to ignore. Click "Save".<br>
 2. Open new tab and visit whitelisted website.<br>
+<small>(<i><b>.</b>mozilla.org</i> will allow <i>mozilla.org</i> and <i>*.mozilla.org</i>)</small>
 <textarea cols="50" rows="12" id="myset_cfwhite" wrap="off"></textarea><br>
 <br>
 [Advanced]<br>
 <label><input type="checkbox" id="myset_xincapsula"> Also detect and block Incapsula MiTM</label><br>
 <label><input type="checkbox" id="myset_xgshield"> Also detect and block Google's Project Shield MiTM</label><br>
 <label><input type="checkbox" id="myset_xsucuri"> Also detect and block Sucuri MiTM</label><br>
-<label><input type="checkbox" id="myset_xignhttp"> Ignore http:// resource (not recommend)</label><br>
-<label><input type="checkbox" id="myset_xigncj"> Ignore CSS|JS|Image|Font|Cursor resource (not recommend)</label><br>
-<label><input type="checkbox" id="myset_xsimplewarn"> Don't show warning message; just change title and favicon(<img src="data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzk4OKpMSkq6UE9PulRTU7pXV1e6W1tbul1dXbpbW1u6WFhYulVVVbpTU1O6UFBQukxMTLotLS2bAAAAOzY0NJ7Y3Nz/v9zh/8He4//D4eb/xuTp/8jm6//I5On/x+Po/8bj6f/E4ef/wt/l/8Hd4/+/2d//3N/f/xkZGYU2NTWd2N7e/xekxf8WueD/Frrh/xa74f8Ur9P/Iiwu/yIsLv8Ws9//F7De/xer3P8Xptr/IJS6/97g4f8ZGRmCAAAAV9HQ0O91s7z/F8Hj/xbC4/8Ww+T/FLbV/yArLf8gKy3/Frrh/xa13/8XsN7/FqbV/5G3vf+xsbHUAAAARQAAAC5oZ2eV2N7f/yWtv/8Xyub/Fsrm/xbJ5v8Zq8f/GavH/xbA4/8Wu+H/FrXf/zWguf/Z2dn/Ly8veAAAABwAAAAAAAAASsbFxd2gy87/KtTm/xnU6v8W0Oj/FEJI/xRCSP8WxeX/Fr/j/xWw0/+swsP/k5OTtgAAADoAAAAAAAAAAAAAACFFRUV+6evr/zq1vv8w5PH/J9/v/yIiIv8iIiL/Fsrm/xbE5P9Xq7n/19fX+BkZGW0AAAAKAAAAAAAAAAAAAAAAAAAAPre2tsnA3uD/LNrj/y/o8v8rKyv/Kysr/yvb7v8mvdD/xM/P/3d3d6AAAAA0AAAAAAAAAAAAAAAAAAAAAAAAABUbGxtt8PDw+FrAw/8u7PP/NDQ0/zQ0NP8w3e//gLu//8jIyOgAAABRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANJ2dnbTS4+T/KdDV/zQ8PP80QEH/NL3J/9XZ2f9WVlaLAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkAAABX39/f733Exv8t5vH/Ldrp/5rBw/+2trbUAAAARQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALm1tbZXf5ub/LLnD/0S7xP/d3d3/MTExeAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKx8fH3bHP0f+8zM3/l5eXtgAAADoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAITIyMna+vr7Trq6uyRkZGW0AAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAARAAAAD4AAAAVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//8AAIABAAAAAAAAAAAAAIABAACAAwAAwAMAAOAHAADgBwAA8A8AAPAPAAD4HwAA+D8AAPw/AAD+fwAA//8AAA==">)</label><br>
+<label><input type="checkbox" id="myset_xign3p"> Ignore 3rd party resource (not recommend)</label><br>
 <label><input type="checkbox" checked disabled> I don't like Man-in-the-middle attack.</label><br><!-- justajokedonttakethisseriouslyLOL //-->
 <br>
-<input type="submit" value=" Save ">
+When MiTM attempt is detected:<br>
+<label><input type="radio" name="acttype" id="myset_xsimplewarn_0" value="0"> Show security warning page</label><br>
+<label><input type="radio" name="acttype" id="myset_xsimplewarn_1" value="1"> Just change title and favicon</label><br>
+<label><input type="radio" name="acttype" id="myset_xsimplewarn_2" value="2"> Cancel request immediately</label><br>
+<br>
+<input type="submit" value="  Save  ">
 </form><script src="setwhitelist.js"></script>
-</body></html>
+</body></html>

src/setwhitelist.js

@@ -5,7 +5,7 @@ e.preventDefault();
 // check each line and remove bad fqdn (simple check)
 var cf_tmpdata=document.querySelector("#myset_cfwhite").value.split("\n");
 for (var i=0;i<cf_tmpdata.length;i++){
-if (!/^([0-9a-z.-]{1,})\.([a-z]{2,20})$/.test(cf_tmpdata[i])||cf_tmpdata[i].startsWith(".")||cf_tmpdata[i].includes("..")||
+if (!/^([0-9a-z.-]{1,})\.([a-z]{2,20})$/.test(cf_tmpdata[i])||cf_tmpdata[i].includes("..")||
 cf_tmpdata[i].endsWith(".cloudflare.com")||cf_tmpdata[i]=='cloudflare.com'||
 cf_tmpdata[i].endsWith(".incapsula.com")||cf_tmpdata[i]=='incapsula.com'||
 cf_tmpdata[i].endsWith(".withgoogle.com")||cf_tmpdata[i].endsWith(".google.com")){cf_tmpdata[i]='';}
@@ -13,17 +13,18 @@ cf_tmpdata[i].endsWith(".withgoogle.com")||cf_tmpdata[i].endsWith(".google.com")
 cf_tmpdata=cf_tmpdata.slice().sort(function(a,b){return a>b}).reduce(function(a,b){if (a.slice(-1)[0]!==b){a.push(b);};return a;},[]);// -duplicate
 cf_tmpdata=cf_tmpdata.filter(v=>v!='');// -empty
 cf_tmpdata=cf_tmpdata.join("\n");
-browser.storage.local.set({myset_cfwhite: cf_tmpdata});
-document.querySelector("#myset_cfwhite").value=cf_tmpdata;
-//workaround - simplewarn didn't work as expected if igncj is active
-if (document.querySelector("#myset_xsimplewarn").checked){document.querySelector("#myset_xigncj").checked=false;}
+browser.storage.local.set({myset_cfwhite: cf_tmpdata});document.querySelector("#myset_cfwhite").value=cf_tmpdata;
+//workaround - simplewarn didn't work as expected if ign3p is active
+if (document.querySelector("#myset_xsimplewarn_1").checked){document.querySelector("#myset_xign3p").checked=false;}
 //ADVANCED
 if (document.querySelector("#myset_xincapsula").checked){browser.storage.local.set({myset_xincapsula: "y"});}else{browser.storage.local.set({myset_xincapsula: "n"});}
 if (document.querySelector("#myset_xgshield").checked){browser.storage.local.set({myset_xgshield: "y"});}else{browser.storage.local.set({myset_xgshield: "n"});}
 if (document.querySelector("#myset_xsucuri").checked){browser.storage.local.set({myset_xsucuri: "y"});}else{browser.storage.local.set({myset_xsucuri: "n"});}
-if (document.querySelector("#myset_xignhttp").checked){browser.storage.local.set({myset_xignhttp: "y"});}else{browser.storage.local.set({myset_xignhttp: "n"});}
-if (document.querySelector("#myset_xigncj").checked){browser.storage.local.set({myset_xigncj: "y"});}else{browser.storage.local.set({myset_xigncj: "n"});}
-if (document.querySelector("#myset_xsimplewarn").checked){browser.storage.local.set({myset_xsimplewarn: "y"});}else{browser.storage.local.set({myset_xsimplewarn: "n"});}
+if (document.querySelector("#myset_xign3p").checked){browser.storage.local.set({myset_xign3p: "y"});}else{browser.storage.local.set({myset_xign3p: "n"});}
+//ACTION
+if (document.querySelector("#myset_xsimplewarn_0").checked){browser.storage.local.set({myset_xsimplewarn:0});}
+if (document.querySelector("#myset_xsimplewarn_1").checked){browser.storage.local.set({myset_xsimplewarn:1});}
+if (document.querySelector("#myset_xsimplewarn_2").checked){browser.storage.local.set({myset_xsimplewarn:2});}
 browser.runtime.sendMessage({relnow:'go'}).then(function(r){},onError);
 }
 function loadWhitelist(){
@@ -34,9 +35,12 @@ document.querySelector("#myset_cfwhite").value = r.myset_cfwhite||"";
 if (r.myset_xincapsula=='y'){document.querySelector("#myset_xincapsula").checked=true;}else{document.querySelector("#myset_xincapsula").checked=false;}
 if (r.myset_xgshield=='y'){document.querySelector("#myset_xgshield").checked=true;}else{document.querySelector("#myset_xgshield").checked=false;}
 if (r.myset_xsucuri=='y'){document.querySelector("#myset_xsucuri").checked=true;}else{document.querySelector("#myset_xsucuri").checked=false;}
-if (r.myset_xignhttp=='y'){document.querySelector("#myset_xignhttp").checked=true;}else{document.querySelector("#myset_xignhttp").checked=false;}
-if (r.myset_xigncj=='y'){document.querySelector("#myset_xigncj").checked=true;}else{document.querySelector("#myset_xigncj").checked=false;}
-if (r.myset_xsimplewarn=='y'){document.querySelector("#myset_xsimplewarn").checked=true;}else{document.querySelector("#myset_xsimplewarn").checked=false;}
+if (r.myset_xign3p=='y'){document.querySelector("#myset_xign3p").checked=true;}else{document.querySelector("#myset_xign3p").checked=false;}
+if (r.myset_xsimplewarn){switch(r.myset_xsimplewarn){
+case 1:document.querySelector("#myset_xsimplewarn_1").checked=true;break;
+case 2:document.querySelector("#myset_xsimplewarn_2").checked=true;break;
+default:document.querySelector("#myset_xsimplewarn_0").checked=true;break;
+}}else{document.querySelector("#myset_xsimplewarn_0").checked=true;}
 }
 var getting=browser.storage.local.get();
 getting.then(setCurrentChoice, onError);

src/style.css

@@ -1,3 +1,3 @@
 body{font:13px Verdana}
 label{-webkit-user-select:none;-moz-user-select:none}
-textarea{white-space:pre;overflow-wrap:normal;overflow-x:scroll}
+textarea{white-space:pre;overflow-wrap:normal;overflow-x:scroll}