Merge branch 'master' of mia26/cloudflare-tor into master

This commit is contained in:
Jeff Cliff 2019-03-27 03:43:44 +00:00 committed by Gogs
commit 42f58b31ff
6 changed files with 94 additions and 51 deletions

View File

@ -27,7 +27,7 @@ Disqualify:
"[I dont trust Cloudflare with IPFS](https://blog.kareldonk.com/i-dont-trust-cloudflare-with-ipfs/)" by [Karel Donk](https://blog.kareldonk.com/) "[I dont trust Cloudflare with IPFS](https://blog.kareldonk.com/i-dont-trust-cloudflare-with-ipfs/)" by [Karel Donk](https://blog.kareldonk.com/)
"[Cloudflare IPFS experiment](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/cloudflare-IPFS-experiment.html)" by [Joe](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/index.html) "[Cloudflare IPFS experiment](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/cloudflare-IPFS-experiment.html)" by [Joe](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/index.html) - ([archive](http://archive.fo/139z1))
"[Don't Trust CloudFlare](https://write.lain.haus/thufie/dont-trust-cloudflare)" by [@lunaterra@cyberia.social](https://cyberia.social/@lunaterra) "[Don't Trust CloudFlare](https://write.lain.haus/thufie/dont-trust-cloudflare)" by [@lunaterra@cyberia.social](https://cyberia.social/@lunaterra)

View File

@ -1,68 +1,101 @@
abby.ns.cloudflare.com abby.ns.cloudflare.com
adrian.ns.cloudflare.com adrian.ns.cloudflare.com
aida.ns.cloudflare.com
alan.ns.cloudflare.com
albert.ns.cloudflare.com albert.ns.cloudflare.com
alex.ns.cloudflare.com alex.ns.cloudflare.com
alina.ns.cloudflare.com
alla.ns.cloudflare.com alla.ns.cloudflare.com
amanda.ns.cloudflare.com
amber.ns.cloudflare.com amber.ns.cloudflare.com
amy.ns.cloudflare.com amy.ns.cloudflare.com
andy.ns.cloudflare.com andy.ns.cloudflare.com
anna.ns.cloudflare.com anna.ns.cloudflare.com
apollo.ns.cloudflare.com
arch.ns.cloudflare.com
aria.ns.cloudflare.com
art.ns.cloudflare.com art.ns.cloudflare.com
asa.ns.cloudflare.com
athena.ns.cloudflare.com athena.ns.cloudflare.com
austin.ns.cloudflare.com austin.ns.cloudflare.com
ben.ns.cloudflare.com
bella.ns.cloudflare.com bella.ns.cloudflare.com
ben.ns.cloudflare.com
beth.ns.cloudflare.com
bob.ns.cloudflare.com bob.ns.cloudflare.com
norman.ns.cloudflare.com brit.ns.cloudflare.com
chan.ns.cloudflare.com chan.ns.cloudflare.com
coby.ns.cloudflare.com
coco.ns.cloudflare.com coco.ns.cloudflare.com
cody.ns.cloudflare.com cody.ns.cloudflare.com
cory.ns.cloudflare.com
darwin.ns.cloudflare.com darwin.ns.cloudflare.com
dee.ns.cloudflare.com dee.ns.cloudflare.com
dom.ns.cloudflare.com demi.ns.cloudflare.com
dina.ns.cloudflare.com dina.ns.cloudflare.com
dom.ns.cloudflare.com
dora.ns.cloudflare.com
dorthy.ns.cloudflare.com
drew.ns.cloudflare.com drew.ns.cloudflare.com
duke.ns.cloudflare.com
ed.ns.cloudflare.com ed.ns.cloudflare.com
edna.ns.cloudflare.com
elinore.ns.cloudflare.com elinore.ns.cloudflare.com
elmo.ns.cloudflare.com
emma.ns.cloudflare.com emma.ns.cloudflare.com
etta.ns.cloudflare.com
fay.ns.cloudflare.com
foo.ns.cloudflare.com foo.ns.cloudflare.com
fred.ns.cloudflare.com fred.ns.cloudflare.com
gabe.ns.cloudflare.com
gail.ns.cloudflare.com gail.ns.cloudflare.com
glen.ns.cloudflare.com glen.ns.cloudflare.com
guy.ns.cloudflare.com guy.ns.cloudflare.com
hank.ns.cloudflare.com
heather.ns.cloudflare.com
hugh.ns.cloudflare.com hugh.ns.cloudflare.com
ian.ns.cloudflare.com ian.ns.cloudflare.com
igor.ns.cloudflare.com igor.ns.cloudflare.com
iris.ns.cloudflare.com
jasmine.ns.cloudflare.com
jeff.ns.cloudflare.com jeff.ns.cloudflare.com
jerry.ns.cloudflare.com jerry.ns.cloudflare.com
jill.ns.cloudflare.com jill.ns.cloudflare.com
jim.ns.cloudflare.com jim.ns.cloudflare.com
john.ns.cloudflare.com
jonah.ns.cloudflare.com
josh.ns.cloudflare.com josh.ns.cloudflare.com
kate.ns.cloudflare.com kate.ns.cloudflare.com
kevin.ns.cloudflare.com
kim.ns.cloudflare.com
kip.ns.cloudflare.com kip.ns.cloudflare.com
leah.ns.cloudflare.com leah.ns.cloudflare.com
lee.ns.cloudflare.com lee.ns.cloudflare.com
leia.ns.cloudflare.com leia.ns.cloudflare.com
lex.ns.cloudflare.com lex.ns.cloudflare.com
lily.ns.cloudflare.com
lucy.ns.cloudflare.com
matt.ns.cloudflare.com matt.ns.cloudflare.com
max.ns.cloudflare.com
megan.ns.cloudflare.com
melinda.ns.cloudflare.com melinda.ns.cloudflare.com
miki.ns.cloudflare.com
nelly.ns.cloudflare.com
newt.ns.cloudflare.com newt.ns.cloudflare.com
nina.ns.cloudflare.com nina.ns.cloudflare.com
norm.ns.cloudflare.com norm.ns.cloudflare.com
norman.ns.cloudflare.com
olga.ns.cloudflare.com
pam.ns.cloudflare.com pam.ns.cloudflare.com
paul.ns.cloudflare.com paul.ns.cloudflare.com
pete.ns.cloudflare.com pete.ns.cloudflare.com
peyton.ns.cloudflare.com
rachel.ns.cloudflare.com rachel.ns.cloudflare.com
rick.ns.cloudflare.com rick.ns.cloudflare.com
rob.ns.cloudflare.com rob.ns.cloudflare.com
rose.ns.cloudflare.com rose.ns.cloudflare.com
seth.ns.cloudflare.com seth.ns.cloudflare.com
sofia.ns.cloudflare.com sofia.ns.cloudflare.com
tegan.ns.cloudflare.com
terin.ns.cloudflare.com terin.ns.cloudflare.com
theo.ns.cloudflare.com theo.ns.cloudflare.com
zoe.ns.cloudflare.com zoe.ns.cloudflare.com
kevin.ns.cloudflare.com
megan.ns.cloudflare.com
peyton.ns.cloudflare.com
tegan.ns.cloudflare.com
aida.ns.cloudflare.com

View File

@ -1,4 +1,14 @@
const apiurl = 'https://searxes.danwin1210.me/collab/open/ismitm.php'; let apiurl = 'https://searxes.danwin1210.me/collab/open/ismitm.php';
let TORapiurl = 'http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/open/ismitm.php';
fetch('http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/open/hi.php', {
method: 'GET',
mode: 'cors'
}).then(r => r.text()).then(r => {
if (r == 'hi') {
apiurl = TORapiurl;
}
}).catch(() => {});
function is_infected(f) { function is_infected(f) {
return new Promise((g, b) => { return new Promise((g, b) => {
@ -9,9 +19,7 @@ function is_infected(f) {
'Content-Type': 'application/x-www-form-urlencoded' 'Content-Type': 'application/x-www-form-urlencoded'
}, },
body: 'f=' + f body: 'f=' + f
}).then(function (r) { }).then(r => r.json()).then(r => {
return r.json();
}).then(function (r) {
if (r[0]) { if (r[0]) {
g(r[1]); g(r[1]);
} else { } else {
@ -66,6 +74,4 @@ browser.storage.local.clear().then(() => {
}, () => {}); }, () => {});
} }
}); });
}, (e) => { }, () => {});
console.log(e);
});

View File

@ -1,34 +1,32 @@
if (document.body) { if (document.body && !['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb'].includes(location.hostname)) {
if (!['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb', 'addons.mozilla.org'].includes(location.hostname)) { let cs = (function () {
let cs = (function () { let s = document.createElement('style');
let s = document.createElement('style'); document.head.appendChild(s);
document.head.appendChild(s); return s.sheet;
return s.sheet; })();
})(); if (cs) {
if (cs) { cs.insertRule("a[data-mitm]{text-decoration-line:line-through !important;text-decoration-color:red !important;text-decoration-style:double !important}", 0);
cs.insertRule("a[data-mitm]{text-decoration-line:line-through !important;text-decoration-color:red !important;text-decoration-style:double !important}", 0); cs.insertRule("a[data-mitm]::before{content:'[MITM!]';font-weight:bold !important;color:red !important}", 1);
cs.insertRule("a[data-mitm]::before{content:'[MITM!]';font-weight:bold !important;color:red !important}", 1); cs.insertRule("a[data-mitm]:hover::before{content:'[Privacy Risk!!]'}", 2);
cs.insertRule("a[data-mitm]:hover::before{content:'[Privacy Risk!!]'}", 2); cs.insertRule("a[data-mitm]:hover{color:red !important}", 3);
cs.insertRule("a[data-mitm]:hover{color:red !important}", 3);
}
let asked = ['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb'];
document.querySelectorAll("a[href^='http://']:not([data-mitm]),a[href^='https://']:not([data-mitm]),a[href^='//']:not([data-mitm])").forEach(a => {
let aF = (new URL(a.href)).hostname;
if (!/^(.*)\.(onion|i2p|invalid|test|local|localhost|([0-9]{1,3})|bbs|chan|cyb|dyn|geek|gopher|indy|libre|neo|null|o|oss|oz|parody|pirate|bit|lib|coin|emc|bazar|fur)$/.test(aF) && !asked.includes(aF)) {
asked.push(aF);
browser.runtime.sendMessage(aF);
}
});
browser.runtime.onMessage.addListener((request, sender, sendResponse) => {
if (request.length == 2) {
if (request[1]) {
document.querySelectorAll("a[href^='http://" + request[0] + "/']:not([data-mitm]),a[href^='https://" + request[0] + "/']:not([data-mitm]),a[href^='//" + request[0] + "/']:not([data-mitm])").forEach(a => {
a.dataset.mitm = 1;
a.title = 'DANGER! DANGER! MITM!';
});
}
}
sendResponse(null);
});
} }
let asked = ['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb', 'addons.mozilla.org'];
document.querySelectorAll("a[href^='http://']:not([data-mitm]),a[href^='https://']:not([data-mitm]),a[href^='//']:not([data-mitm])").forEach(a => {
let aF = (new URL(a.href)).hostname;
if (!/^(.*)\.(onion|i2p|invalid|test|local|localhost|([0-9]{1,3})|bbs|chan|cyb|dyn|geek|gopher|indy|libre|neo|null|o|oss|oz|parody|pirate|bit|lib|coin|emc|bazar|fur)$/.test(aF) && !asked.includes(aF)) {
asked.push(aF);
browser.runtime.sendMessage(aF);
}
});
browser.runtime.onMessage.addListener((request, sender, sendResponse) => {
if (request.length == 2) {
if (request[1]) {
document.querySelectorAll("a[href^='http://" + request[0] + "/']:not([data-mitm]),a[href^='https://" + request[0] + "/']:not([data-mitm]),a[href^='//" + request[0] + "/']:not([data-mitm])").forEach(a => {
a.dataset.mitm = 1;
a.title = 'DANGER! DANGER! MITM!';
});
}
}
sendResponse(null);
});
} }

View File

@ -2,7 +2,7 @@
"manifest_version": 2, "manifest_version": 2,
"name": "Are links vulnerable to MITM attack?", "name": "Are links vulnerable to MITM attack?",
"description": "Scan FQDN using Searxes' API", "description": "Scan FQDN using Searxes' API",
"version": "1.0.3", "version": "1.0.4",
"homepage_url": "https://notabug.org/themusicgod1/cloudflare-tor/src/master/ismitmlink", "homepage_url": "https://notabug.org/themusicgod1/cloudflare-tor/src/master/ismitmlink",
"author": "Maslin Bossé", "author": "Maslin Bossé",
"permissions": [ "permissions": [

View File

@ -144,10 +144,16 @@ Let's talk about _other software's privacy_...
- Chrome is a [spyware](https://www.gnu.org/proprietary/malware-google.en.html). - Chrome is a [spyware](https://www.gnu.org/proprietary/malware-google.en.html).
- Brave Browser [whitelist Facebook/Twitter trackers](https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/). - SRWare Iron make too many [phones home connection](https://spyware.neocities.org/articles/iron.html). It also connect to google domains.
- Brave Browser [whitelist Facebook/Twitter trackers](https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/). Here's [more issues](https://spyware.neocities.org/articles/brave.html).
- Microsoft Edge lets Facebook [run Flash code behind users' backs](https://www.zdnet.com/article/microsoft-edge-lets-facebook-run-flash-code-behind-users-backs/). - Microsoft Edge lets Facebook [run Flash code behind users' backs](https://www.zdnet.com/article/microsoft-edge-lets-facebook-run-flash-code-behind-users-backs/).
- Vivaldi [does not respect your privacy](https://spyware.neocities.org/articles/vivaldi.html).
Therefore we recommend "Tor Browser" only. Nothing else.
------------ ------------
###### "Mozilla Firefox" user ###### "Mozilla Firefox" user