From efbfa8eea97b03e6dfe58479dd27e84c621ab931 Mon Sep 17 00:00:00 2001 From: writecode Date: Mon, 6 May 2019 02:29:02 +0000 Subject: [PATCH] Upload files to 'addon_firefox/bcma' --- addon_firefox/bcma/bg.js | 84 ++++++++++++++++++++++++++++++++ addon_firefox/bcma/cs.js | 32 ++++++++++++ addon_firefox/bcma/manifest.json | 48 +++++++++--------- 3 files changed, 138 insertions(+), 26 deletions(-) create mode 100644 addon_firefox/bcma/bg.js create mode 100644 addon_firefox/bcma/cs.js diff --git a/addon_firefox/bcma/bg.js b/addon_firefox/bcma/bg.js new file mode 100644 index 00000000..61ad2383 --- /dev/null +++ b/addon_firefox/bcma/bg.js @@ -0,0 +1,84 @@ +let apiurl = 'https://searxes.danwin1210.me/collab/open/ismitm.php'; +let TORapiurl = 'http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/open/ismitm.php'; + +fetch('http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/open/ok', { + method: 'GET', + mode: 'cors' +}).then(r => r.text()).then(r => { + if (r == 'ok') { + apiurl = TORapiurl; + } +}).catch(() => {}); + +function is_infected(f) { + return new Promise((g, b) => { + fetch(apiurl, { + method: 'POST', + mode: 'cors', + headers: { + 'Content-Type': 'application/x-www-form-urlencoded' + }, + body: 'f=' + f + }).then(r => r.json()).then(r => { + if (r[0]) { + g(r[1]); + } else { + b(); + } + }).catch(b); + }); +} + +function i_already_know_you(f) { + if (!/^([a-z0-9_.-]{1,255})\.([a-z]{2,80})$/.test(f)) { + return false; + } + return new Promise((g, b) => { + browser.storage.local.get(f).then((ff) => { + if (ff[f]) { + if (ff[f] == 'y') { + g(1); + } else { + g(-1); + } + } else { + g(0); + } + }, () => { + g(0); + }); + }); +} + +function i_remember_you(f, t) { + browser.storage.local.set({ + [f]: ((t) ? 'y' : 'n') + }); +} + +function clear_cache_week() { + browser.storage.local.clear(); + setTimeout(function () { + clear_cache_week(); + }, 604800000); +} + +clear_cache_week(); + +browser.runtime.onMessage.addListener((request, sender, sendResponse) => { + if (request && sender) { + i_already_know_you(request).then((r) => { + if (r == 1 || r == -1) { + browser.tabs.sendMessage(sender.tab.id, [request, ((r == 1) ? true : false)]); + } + if (r == 0) { + is_infected(request).then((a) => { + i_remember_you(request, a); + browser.tabs.sendMessage(sender.tab.id, [request, a]); + }, () => { + browser.tabs.sendMessage(sender.tab.id, [request, false]); + }); + } + }, () => {}); + } +}); diff --git a/addon_firefox/bcma/cs.js b/addon_firefox/bcma/cs.js new file mode 100644 index 00000000..fdc2fe02 --- /dev/null +++ b/addon_firefox/bcma/cs.js @@ -0,0 +1,32 @@ +if (document.body && !['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb'].includes(location.hostname)) { + let cs = (function () { + let s = document.createElement('style'); + document.head.appendChild(s); + return s.sheet; + })(); + if (cs) { + cs.insertRule("a[data-mitm]{text-decoration-line:line-through !important;text-decoration-color:red !important;text-decoration-style:double !important}", 0); + cs.insertRule("a[data-mitm]::before{content:'[\\26A0]';font-weight:bold !important;color:red !important;display:inline-block !important}", 1); + cs.insertRule("a[data-mitm]:hover::before{content:'[\\26A1]'}", 2); + cs.insertRule("a[data-mitm]:hover{color:red !important}", 3); + } + let asked = ['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb', 'addons.mozilla.org']; + document.querySelectorAll("a[href^='http://']:not([data-mitm]),a[href^='https://']:not([data-mitm]),a[href^='//']:not([data-mitm])").forEach(a => { + let aF = (new URL(a.href)).hostname; + if (!/^(.*)\.(onion|i2p|invalid|test|local|localhost|([0-9]{1,3})|bbs|chan|cyb|dyn|geek|gopher|indy|libre|neo|null|o|oss|oz|parody|pirate|bit|lib|coin|emc|bazar|fur)$/.test(aF) && !asked.includes(aF)) { + asked.push(aF); + browser.runtime.sendMessage(aF); + } + }); + browser.runtime.onMessage.addListener((request, sender, sendResponse) => { + if (request.length == 2) { + if (request[1]) { + document.querySelectorAll("a[href^='http://" + request[0] + "/']:not([data-mitm]),a[href^='https://" + request[0] + "/']:not([data-mitm]),a[href^='//" + request[0] + "/']:not([data-mitm])").forEach(a => { + a.dataset.mitm = 1; + a.title = 'DANGER! DANGER! MITM!'; + }); + } + } + sendResponse(null); + }); +} \ No newline at end of file diff --git a/addon_firefox/bcma/manifest.json b/addon_firefox/bcma/manifest.json index 35d88391..5b4b7913 100644 --- a/addon_firefox/bcma/manifest.json +++ b/addon_firefox/bcma/manifest.json @@ -1,42 +1,38 @@ { "manifest_version": 2, - "name": "Block Cloudflare MITM Attack", - "description": "Submit to global surveillance or resist. The choice is yours.", - "version": "1.0.1811.1", - "author": "Project BCMA", - "homepage_url": "https://trac.torproject.org/projects/tor/ticket/24351", + "name": "Are links vulnerable to MITM attack?", + "description": "Scan FQDN using Searxes' API", + "version": "1.0.5", + "homepage_url": "https://notabug.org/themusicgod1/cloudflare-tor", + "author": "Maslin Bossé", "permissions": [ - "", - "activeTab", - "tabs", - "webRequest", - "webRequestBlocking", - "webNavigation" + "storage", + "unlimitedStorage" ], "icons": { - "32": "icons/icon-32.png", - "48": "icons/icon-48.png", - "64": "icons/icon-64.png" + "32": "icons/32.png" }, "background": { "scripts": [ - "anticloudflare.js" + "bg.js" ] }, - "options_ui": { - "page": "mydata.html", - "browser_style": false - }, - "browser_action": { - "browser_style": false, - "default_icon": { - "32": "icons/cf_0.png" + "content_scripts": [ + { + "matches": [ + "http://*/*", + "https://*/*" + ], + "js": [ + "cs.js" + ], + "run_at": "document_end" } - }, + ], "applications": { "gecko": { - "id": "24351@trac.torproject.org", - "strict_min_version": "52.0" + "id": "ismitm@searxes.danwin1210.me", + "strict_min_version": "56.0" } } } \ No newline at end of file