Import 1.0.8.6 from a.m.o. Closes #10.

This commit is contained in:
nullius 2018-01-02 04:42:22 +00:00
parent d4b26a7686
commit 0524b2a7cd
No known key found for this signature in database
GPG Key ID: C42793159F9EF949
9 changed files with 121 additions and 70 deletions

View File

@ -7,6 +7,6 @@ The purpose of this browser add-on is to block Cloudflare sites.
The TLS protocol promises end-to-end encryption between the client and an authenticated, identified endpoint server. The browsers lock icon is a UI widget which makes this promise to the user. Cloudflare is a mass-decryption chokepoint, which intercepts and decrypts the Web requests made by billions of people to millions of websites. The TLS protocol promises end-to-end encryption between the client and an authenticated, identified endpoint server. The browsers lock icon is a UI widget which makes this promise to the user. Cloudflare is a mass-decryption chokepoint, which intercepts and decrypts the Web requests made by billions of people to millions of websites.
- Prior discussion: [Tor Browser Bug #24351: Block Global Active Adversary Cloudflare](https://trac.torproject.org/projects/tor/ticket/24351) - Prior discussion: [Tor Browser Bug #24351: Block Global Active Adversary Cloudflare](https://trac.torproject.org/projects/tor/ticket/24351)
- Imported from [block_cloudflare_mitm_attack-1.0.8-an+fx.xpi](https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/), by an anonymous cypherpunk. “Cyperpunks write code.” Cheers! - Imported from [block_cloudflare_mitm_attack-1.0.8.6-an+fx.xpi](https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/), by an anonymous cypherpunk. “Cyperpunks write code.” Cheers!
- [Original announcement](https://trac.torproject.org/projects/tor/ticket/24351#comment:25) - [Original announcement](https://trac.torproject.org/projects/tor/ticket/24351#comment:25)
- Thanks to [Debian Bug #831835](https://bugs.debian.org/831835) for some inspiration. - Thanks to [Debian Bug #831835](https://bugs.debian.org/831835) for some inspiration.

47
src/META-INF/manifest.mf Normal file
View File

@ -0,0 +1,47 @@
Manifest-Version: 1.0
Name: manifest.json
Digest-Algorithms: MD5 SHA1
MD5-Digest: zGY60qlrfec2aFsUpYrEqw==
SHA1-Digest: v9XeO2ot0V/rLuSXYs4AUccSP4Y=
Name: setwhitelist.html
Digest-Algorithms: MD5 SHA1
MD5-Digest: 5IRX40t9xV3hOSzG5DQt8g==
SHA1-Digest: bZ6eElvQE432Qn5zeoGXI46I4OU=
Name: setwhitelist.js
Digest-Algorithms: MD5 SHA1
MD5-Digest: zyiTPW8+zVdotk5uf71nuw==
SHA1-Digest: Ttn6071lJN7uBVK2UaZOhroEm5I=
Name: stop_cf_mitm.js
Digest-Algorithms: MD5 SHA1
MD5-Digest: z8IOdHN5/VdbDGGQNMqMnw==
SHA1-Digest: jzwn+6SLINasUf2De/FE8fpmNJc=
Name: style.css
Digest-Algorithms: MD5 SHA1
MD5-Digest: qVs2pHeT+noWZ7sQttO/2Q==
SHA1-Digest: TgXktEJyUNImPTbaPF/viYfWcQo=
Name: icons/icon-16.png
Digest-Algorithms: MD5 SHA1
MD5-Digest: BMpS9q28ylgmlebPGO0HBw==
SHA1-Digest: ejT7934OdR+CRbKWJFoXPSvAo7M=
Name: icons/icon-32.png
Digest-Algorithms: MD5 SHA1
MD5-Digest: DPnYcEZnUZa6voVAI6nm0w==
SHA1-Digest: CqFkcPOpoKmq7Ly82vbmq/Ouhzs=
Name: icons/icon-48.png
Digest-Algorithms: MD5 SHA1
MD5-Digest: PVwvbCCjWU+2fJeaUrrwVA==
SHA1-Digest: upats+fdmYeFmAtgvIVwaW8mszA=
Name: icons/icon-64.png
Digest-Algorithms: MD5 SHA1
MD5-Digest: YVzojmSoYwjhM0m20OOk5A==
SHA1-Digest: sa4ES4gA5mSb0cu9UgGpp/2eh84=

BIN
src/META-INF/mozilla.rsa Normal file

Binary file not shown.

4
src/META-INF/mozilla.sf Normal file
View File

@ -0,0 +1,4 @@
Signature-Version: 1.0
MD5-Digest-Manifest: /gjyjvUwMAfWGYwYw54bpw==
SHA1-Digest-Manifest: 93RJzzo6Uc5BI3Yj2ffLSr6dWnI=

View File

@ -2,7 +2,7 @@
"manifest_version": 2, "manifest_version": 2,
"name": "Block Cloudflare MiTM Attack", "name": "Block Cloudflare MiTM Attack",
"description": "If the destination website use Cloudflare, block further request.", "description": "If the destination website use Cloudflare, block further request.",
"version": "1.0.8.1", "version": "1.0.8.6",
"homepage_url": "https://trac.torproject.org/projects/tor/ticket/24351", "homepage_url": "https://trac.torproject.org/projects/tor/ticket/24351",
"permissions": ["webRequest","webRequestBlocking","<all_urls>","storage","activeTab"], "permissions": ["webRequest","webRequestBlocking","<all_urls>","storage","activeTab"],
"options_ui": { "options_ui": {

View File

@ -1,18 +1,22 @@
<html><head><meta charset="utf-8"><link rel="stylesheet" href="style.css"></head><body><form> <html><head><meta charset="utf-8"><link rel="stylesheet" href="style.css"></head><body><form>
[Whitelist]<br> [Whitelist]<br>
1. Add FQDN you want to ignore. One FQDN per line. Click "Save".<br> 1. Add FQDN or .FQDN you want to ignore. Click "Save".<br>
2. Open new tab and visit whitelisted website.<br> 2. Open new tab and visit whitelisted website.<br>
<small>(<i><b>.</b>mozilla.org</i> will allow <i>mozilla.org</i> and <i>*.mozilla.org</i>)</small>
<textarea cols="50" rows="12" id="myset_cfwhite" wrap="off"></textarea><br> <textarea cols="50" rows="12" id="myset_cfwhite" wrap="off"></textarea><br>
<br> <br>
[Advanced]<br> [Advanced]<br>
<label><input type="checkbox" id="myset_xincapsula"> Also detect and block Incapsula MiTM</label><br> <label><input type="checkbox" id="myset_xincapsula"> Also detect and block Incapsula MiTM</label><br>
<label><input type="checkbox" id="myset_xgshield"> Also detect and block Google's Project Shield MiTM</label><br> <label><input type="checkbox" id="myset_xgshield"> Also detect and block Google's Project Shield MiTM</label><br>
<label><input type="checkbox" id="myset_xsucuri"> Also detect and block Sucuri MiTM</label><br> <label><input type="checkbox" id="myset_xsucuri"> Also detect and block Sucuri MiTM</label><br>
<label><input type="checkbox" id="myset_xignhttp"> Ignore http:// resource (not recommend)</label><br> <label><input type="checkbox" id="myset_xign3p"> Ignore 3rd party resource (not recommend)</label><br>
<label><input type="checkbox" id="myset_xigncj"> Ignore CSS|JS|Image|Font|Cursor resource (not recommend)</label><br>
<label><input type="checkbox" id="myset_xsimplewarn"> Don't show warning message; just change title and favicon(<img src="data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzk4OKpMSkq6UE9PulRTU7pXV1e6W1tbul1dXbpbW1u6WFhYulVVVbpTU1O6UFBQukxMTLotLS2bAAAAOzY0NJ7Y3Nz/v9zh/8He4//D4eb/xuTp/8jm6//I5On/x+Po/8bj6f/E4ef/wt/l/8Hd4/+/2d//3N/f/xkZGYU2NTWd2N7e/xekxf8WueD/Frrh/xa74f8Ur9P/Iiwu/yIsLv8Ws9//F7De/xer3P8Xptr/IJS6/97g4f8ZGRmCAAAAV9HQ0O91s7z/F8Hj/xbC4/8Ww+T/FLbV/yArLf8gKy3/Frrh/xa13/8XsN7/FqbV/5G3vf+xsbHUAAAARQAAAC5oZ2eV2N7f/yWtv/8Xyub/Fsrm/xbJ5v8Zq8f/GavH/xbA4/8Wu+H/FrXf/zWguf/Z2dn/Ly8veAAAABwAAAAAAAAASsbFxd2gy87/KtTm/xnU6v8W0Oj/FEJI/xRCSP8WxeX/Fr/j/xWw0/+swsP/k5OTtgAAADoAAAAAAAAAAAAAACFFRUV+6evr/zq1vv8w5PH/J9/v/yIiIv8iIiL/Fsrm/xbE5P9Xq7n/19fX+BkZGW0AAAAKAAAAAAAAAAAAAAAAAAAAPre2tsnA3uD/LNrj/y/o8v8rKyv/Kysr/yvb7v8mvdD/xM/P/3d3d6AAAAA0AAAAAAAAAAAAAAAAAAAAAAAAABUbGxtt8PDw+FrAw/8u7PP/NDQ0/zQ0NP8w3e//gLu//8jIyOgAAABRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANJ2dnbTS4+T/KdDV/zQ8PP80QEH/NL3J/9XZ2f9WVlaLAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkAAABX39/f733Exv8t5vH/Ldrp/5rBw/+2trbUAAAARQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALm1tbZXf5ub/LLnD/0S7xP/d3d3/MTExeAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKx8fH3bHP0f+8zM3/l5eXtgAAADoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAITIyMna+vr7Trq6uyRkZGW0AAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAARAAAAD4AAAAVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//8AAIABAAAAAAAAAAAAAIABAACAAwAAwAMAAOAHAADgBwAA8A8AAPAPAAD4HwAA+D8AAPw/AAD+fwAA//8AAA==">)</label><br>
<label><input type="checkbox" checked disabled> I don't like Man-in-the-middle attack.</label><br><!-- justajokedonttakethisseriouslyLOL //--> <label><input type="checkbox" checked disabled> I don't like Man-in-the-middle attack.</label><br><!-- justajokedonttakethisseriouslyLOL //-->
<br> <br>
When MiTM attempt is detected:<br>
<label><input type="radio" name="acttype" id="myset_xsimplewarn_0" value="0"> Show security warning page</label><br>
<label><input type="radio" name="acttype" id="myset_xsimplewarn_1" value="1"> Just change title and favicon</label><br>
<label><input type="radio" name="acttype" id="myset_xsimplewarn_2" value="2"> Cancel request immediately</label><br>
<br>
<input type="submit" value=" Save "> <input type="submit" value=" Save ">
</form><script src="setwhitelist.js"></script> </form><script src="setwhitelist.js"></script>
</body></html> </body></html>

View File

@ -5,7 +5,7 @@ e.preventDefault();
// check each line and remove bad fqdn (simple check) // check each line and remove bad fqdn (simple check)
var cf_tmpdata=document.querySelector("#myset_cfwhite").value.split("\n"); var cf_tmpdata=document.querySelector("#myset_cfwhite").value.split("\n");
for (var i=0;i<cf_tmpdata.length;i++){ for (var i=0;i<cf_tmpdata.length;i++){
if (!/^([0-9a-z.-]{1,})\.([a-z]{2,20})$/.test(cf_tmpdata[i])||cf_tmpdata[i].startsWith(".")||cf_tmpdata[i].includes("..")|| if (!/^([0-9a-z.-]{1,})\.([a-z]{2,20})$/.test(cf_tmpdata[i])||cf_tmpdata[i].includes("..")||
cf_tmpdata[i].endsWith(".cloudflare.com")||cf_tmpdata[i]=='cloudflare.com'|| cf_tmpdata[i].endsWith(".cloudflare.com")||cf_tmpdata[i]=='cloudflare.com'||
cf_tmpdata[i].endsWith(".incapsula.com")||cf_tmpdata[i]=='incapsula.com'|| cf_tmpdata[i].endsWith(".incapsula.com")||cf_tmpdata[i]=='incapsula.com'||
cf_tmpdata[i].endsWith(".withgoogle.com")||cf_tmpdata[i].endsWith(".google.com")){cf_tmpdata[i]='';} cf_tmpdata[i].endsWith(".withgoogle.com")||cf_tmpdata[i].endsWith(".google.com")){cf_tmpdata[i]='';}
@ -13,17 +13,18 @@ cf_tmpdata[i].endsWith(".withgoogle.com")||cf_tmpdata[i].endsWith(".google.com")
cf_tmpdata=cf_tmpdata.slice().sort(function(a,b){return a>b}).reduce(function(a,b){if (a.slice(-1)[0]!==b){a.push(b);};return a;},[]);// -duplicate cf_tmpdata=cf_tmpdata.slice().sort(function(a,b){return a>b}).reduce(function(a,b){if (a.slice(-1)[0]!==b){a.push(b);};return a;},[]);// -duplicate
cf_tmpdata=cf_tmpdata.filter(v=>v!='');// -empty cf_tmpdata=cf_tmpdata.filter(v=>v!='');// -empty
cf_tmpdata=cf_tmpdata.join("\n"); cf_tmpdata=cf_tmpdata.join("\n");
browser.storage.local.set({myset_cfwhite: cf_tmpdata}); browser.storage.local.set({myset_cfwhite: cf_tmpdata});document.querySelector("#myset_cfwhite").value=cf_tmpdata;
document.querySelector("#myset_cfwhite").value=cf_tmpdata; //workaround - simplewarn didn't work as expected if ign3p is active
//workaround - simplewarn didn't work as expected if igncj is active if (document.querySelector("#myset_xsimplewarn_1").checked){document.querySelector("#myset_xign3p").checked=false;}
if (document.querySelector("#myset_xsimplewarn").checked){document.querySelector("#myset_xigncj").checked=false;}
//ADVANCED //ADVANCED
if (document.querySelector("#myset_xincapsula").checked){browser.storage.local.set({myset_xincapsula: "y"});}else{browser.storage.local.set({myset_xincapsula: "n"});} if (document.querySelector("#myset_xincapsula").checked){browser.storage.local.set({myset_xincapsula: "y"});}else{browser.storage.local.set({myset_xincapsula: "n"});}
if (document.querySelector("#myset_xgshield").checked){browser.storage.local.set({myset_xgshield: "y"});}else{browser.storage.local.set({myset_xgshield: "n"});} if (document.querySelector("#myset_xgshield").checked){browser.storage.local.set({myset_xgshield: "y"});}else{browser.storage.local.set({myset_xgshield: "n"});}
if (document.querySelector("#myset_xsucuri").checked){browser.storage.local.set({myset_xsucuri: "y"});}else{browser.storage.local.set({myset_xsucuri: "n"});} if (document.querySelector("#myset_xsucuri").checked){browser.storage.local.set({myset_xsucuri: "y"});}else{browser.storage.local.set({myset_xsucuri: "n"});}
if (document.querySelector("#myset_xignhttp").checked){browser.storage.local.set({myset_xignhttp: "y"});}else{browser.storage.local.set({myset_xignhttp: "n"});} if (document.querySelector("#myset_xign3p").checked){browser.storage.local.set({myset_xign3p: "y"});}else{browser.storage.local.set({myset_xign3p: "n"});}
if (document.querySelector("#myset_xigncj").checked){browser.storage.local.set({myset_xigncj: "y"});}else{browser.storage.local.set({myset_xigncj: "n"});} //ACTION
if (document.querySelector("#myset_xsimplewarn").checked){browser.storage.local.set({myset_xsimplewarn: "y"});}else{browser.storage.local.set({myset_xsimplewarn: "n"});} if (document.querySelector("#myset_xsimplewarn_0").checked){browser.storage.local.set({myset_xsimplewarn:0});}
if (document.querySelector("#myset_xsimplewarn_1").checked){browser.storage.local.set({myset_xsimplewarn:1});}
if (document.querySelector("#myset_xsimplewarn_2").checked){browser.storage.local.set({myset_xsimplewarn:2});}
browser.runtime.sendMessage({relnow:'go'}).then(function(r){},onError); browser.runtime.sendMessage({relnow:'go'}).then(function(r){},onError);
} }
function loadWhitelist(){ function loadWhitelist(){
@ -34,9 +35,12 @@ document.querySelector("#myset_cfwhite").value = r.myset_cfwhite||"";
if (r.myset_xincapsula=='y'){document.querySelector("#myset_xincapsula").checked=true;}else{document.querySelector("#myset_xincapsula").checked=false;} if (r.myset_xincapsula=='y'){document.querySelector("#myset_xincapsula").checked=true;}else{document.querySelector("#myset_xincapsula").checked=false;}
if (r.myset_xgshield=='y'){document.querySelector("#myset_xgshield").checked=true;}else{document.querySelector("#myset_xgshield").checked=false;} if (r.myset_xgshield=='y'){document.querySelector("#myset_xgshield").checked=true;}else{document.querySelector("#myset_xgshield").checked=false;}
if (r.myset_xsucuri=='y'){document.querySelector("#myset_xsucuri").checked=true;}else{document.querySelector("#myset_xsucuri").checked=false;} if (r.myset_xsucuri=='y'){document.querySelector("#myset_xsucuri").checked=true;}else{document.querySelector("#myset_xsucuri").checked=false;}
if (r.myset_xignhttp=='y'){document.querySelector("#myset_xignhttp").checked=true;}else{document.querySelector("#myset_xignhttp").checked=false;} if (r.myset_xign3p=='y'){document.querySelector("#myset_xign3p").checked=true;}else{document.querySelector("#myset_xign3p").checked=false;}
if (r.myset_xigncj=='y'){document.querySelector("#myset_xigncj").checked=true;}else{document.querySelector("#myset_xigncj").checked=false;} if (r.myset_xsimplewarn){switch(r.myset_xsimplewarn){
if (r.myset_xsimplewarn=='y'){document.querySelector("#myset_xsimplewarn").checked=true;}else{document.querySelector("#myset_xsimplewarn").checked=false;} case 1:document.querySelector("#myset_xsimplewarn_1").checked=true;break;
case 2:document.querySelector("#myset_xsimplewarn_2").checked=true;break;
default:document.querySelector("#myset_xsimplewarn_0").checked=true;break;
}}else{document.querySelector("#myset_xsimplewarn_0").checked=true;}
} }
var getting=browser.storage.local.get(); var getting=browser.storage.local.get();
getting.then(setCurrentChoice, onError); getting.then(setCurrentChoice, onError);

File diff suppressed because one or more lines are too long