Merge remote-tracking branch 'tool/block_cloudflare_mitm_fx/master'
This commit is contained in:
commit
87e6384d6e
|
@ -0,0 +1,21 @@
|
|||
# MIT License
|
||||
|
||||
Copyright (c) 2017–2018 cypherpunk, nullius. All rights reserved.
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
|
@ -0,0 +1,12 @@
|
|||
# Block Cloudflare MITM Attack
|
||||
|
||||
**Pull requests are welcome!**
|
||||
|
||||
The purpose of this browser add-on is to block Cloudflare sites.
|
||||
|
||||
The TLS protocol promises end-to-end encryption between the client and an authenticated, identified endpoint server. The browser’s lock icon is a UI widget which makes this promise to the user. Cloudflare is a mass-decryption chokepoint, which intercepts and decrypts the Web requests made by billions of people to millions of websites.
|
||||
|
||||
- Prior discussion: [Tor Browser Bug #24351: Block Global Active Adversary Cloudflare](https://trac.torproject.org/projects/tor/ticket/24351)
|
||||
- Imported from [block_cloudflare_mitm_attack-1.0.10.1-an+fx.xpi](https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/), by an anonymous cypherpunk. “Cyperpunks write code.” Cheers!
|
||||
- [Original announcement](https://trac.torproject.org/projects/tor/ticket/24351#comment:25)
|
||||
- Thanks to [Debian Bug #831835](https://bugs.debian.org/831835) for some inspiration.
|
|
@ -0,0 +1,21 @@
|
|||
MIT License
|
||||
|
||||
Copyright (c) 2017-2018 cypherpunk, nullius. All rights reserved.
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
Binary file not shown.
After Width: | Height: | Size: 508 B |
Binary file not shown.
After Width: | Height: | Size: 1.2 KiB |
Binary file not shown.
After Width: | Height: | Size: 1.9 KiB |
Binary file not shown.
After Width: | Height: | Size: 2.3 KiB |
|
@ -0,0 +1,31 @@
|
|||
{
|
||||
"manifest_version": 2,
|
||||
"name": "Block Cloudflare MiTM Attack",
|
||||
"description": "If the destination website use Cloudflare, block further request.",
|
||||
"version": "1.0.10.1",
|
||||
"homepage_url": "https://trac.torproject.org/projects/tor/ticket/24351",
|
||||
"permissions": ["webRequest","webRequestBlocking","<all_urls>","storage","activeTab","tabs"],
|
||||
"options_ui": {
|
||||
"page": "setwhitelist.html",
|
||||
"browser_style": false
|
||||
},
|
||||
"icons": {
|
||||
"32": "icons/icon-32.png",
|
||||
"48": "icons/icon-48.png",
|
||||
"64": "icons/icon-64.png"
|
||||
},
|
||||
"browser_action": {
|
||||
"browser_style": true,
|
||||
"default_icon": {
|
||||
"16": "icons/icon-16.png",
|
||||
"32": "icons/icon-32.png"
|
||||
}
|
||||
},
|
||||
"background": {"scripts": ["stop_cf_mitm.js"]},
|
||||
"applications": {
|
||||
"gecko": {
|
||||
"id": "{d86b44dd-ef12-4f28-ab1c-ea32664490ac}",
|
||||
"strict_min_version": "52.0"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,26 @@
|
|||
<html><head><meta charset="utf-8"><link rel="stylesheet" href="style.css"></head><body><form>
|
||||
[Whitelist]<br>
|
||||
1. Add FQDN or .FQDN you want to ignore. Click "Save".<br>
|
||||
2. Open new tab and visit whitelisted website.<br>
|
||||
<small>(<i><b>.</b>mozilla.org</i> will allow <i>mozilla.org</i> and <i>*.mozilla.org</i>)</small><br>
|
||||
<textarea cols="50" rows="12" id="myset_cfwhite" wrap="off"></textarea><br>
|
||||
<label><input type="checkbox" id="myset_xautoclean"> Auto-remove whitelisted domain if it is no longer use MITM services</label><br><small>(Add-on will notify you)</small><br>
|
||||
<br>
|
||||
[Advanced]<br>
|
||||
<label><input type="checkbox" id="myset_xign3p"> Ignore 3rd party resource (not recommend)</label><br>
|
||||
<label><input type="checkbox" id="myset_xwhitemark"> Change whitelisted website's title, favicon, and website border</label><br>
|
||||
<label><input type="checkbox" checked disabled> I don't like Man-in-the-middle attack.</label><br><!-- justajokedonttakethisseriouslyLOL //-->
|
||||
<br>
|
||||
Also detect:<br>
|
||||
<label><input type="checkbox" id="myset_xincapsula"> Incapsula MiTM</label><br>
|
||||
<label><input type="checkbox" id="myset_xgshield"> Google's Project Shield MiTM</label><br>
|
||||
<label><input type="checkbox" id="myset_xsucuri"> Sucuri MiTM</label><br>
|
||||
<br>
|
||||
When MiTM attempt is detected:<br>
|
||||
<label><input type="radio" name="acttype" id="myset_xsimplewarn_0" value="0"> Show security warning page</label><br>
|
||||
<label><input type="radio" name="acttype" id="myset_xsimplewarn_1" value="1"> Just change title, favicon, and website border</label><br>
|
||||
<label><input type="radio" name="acttype" id="myset_xsimplewarn_2" value="2"> Cancel request immediately</label><br>
|
||||
<br>
|
||||
<input type="submit" value=" Save ">
|
||||
</form><script src="setwhitelist.js"></script>
|
||||
</body></html>
|
|
@ -0,0 +1,52 @@
|
|||
function onError(e){console.log(`CFMITM_CFG Error:${e}`);}
|
||||
function saveWhitelist(e){
|
||||
e.preventDefault();
|
||||
//WHITELIST
|
||||
// check each line and remove bad fqdn (simple check)
|
||||
var cf_tmpdata=document.querySelector("#myset_cfwhite").value.split("\n");
|
||||
for (var i=0;i<cf_tmpdata.length;i++){
|
||||
if (!/^([0-9a-z.-]{1,})\.([a-z]{2,20})$/.test(cf_tmpdata[i])||cf_tmpdata[i].includes("..")||
|
||||
cf_tmpdata[i].endsWith(".cloudflare.com")||cf_tmpdata[i]=='cloudflare.com'||
|
||||
cf_tmpdata[i].endsWith(".incapsula.com")||cf_tmpdata[i]=='incapsula.com'||
|
||||
cf_tmpdata[i].endsWith(".withgoogle.com")||cf_tmpdata[i].endsWith(".google.com")){cf_tmpdata[i]='';}
|
||||
}
|
||||
cf_tmpdata=cf_tmpdata.slice().sort(function(a,b){return a>b}).reduce(function(a,b){if (a.slice(-1)[0]!==b){a.push(b);};return a;},[]);// -duplicate
|
||||
cf_tmpdata=cf_tmpdata.filter(v=>v!='');// -empty
|
||||
cf_tmpdata=cf_tmpdata.join("\n");
|
||||
browser.storage.local.set({myset_cfwhite: cf_tmpdata});document.querySelector("#myset_cfwhite").value=cf_tmpdata;
|
||||
//workaround - simplewarn didn't work as expected if ign3p is active
|
||||
if (document.querySelector("#myset_xsimplewarn_1").checked){document.querySelector("#myset_xign3p").checked=false;}
|
||||
//ADVANCED
|
||||
if (document.querySelector("#myset_xautoclean").checked){browser.storage.local.set({myset_xautoclean: "y"});}else{browser.storage.local.set({myset_xautoclean: "n"});}
|
||||
if (document.querySelector("#myset_xincapsula").checked){browser.storage.local.set({myset_xincapsula: "y"});}else{browser.storage.local.set({myset_xincapsula: "n"});}
|
||||
if (document.querySelector("#myset_xgshield").checked){browser.storage.local.set({myset_xgshield: "y"});}else{browser.storage.local.set({myset_xgshield: "n"});}
|
||||
if (document.querySelector("#myset_xsucuri").checked){browser.storage.local.set({myset_xsucuri: "y"});}else{browser.storage.local.set({myset_xsucuri: "n"});}
|
||||
if (document.querySelector("#myset_xign3p").checked){browser.storage.local.set({myset_xign3p: "y"});}else{browser.storage.local.set({myset_xign3p: "n"});}
|
||||
if (document.querySelector("#myset_xwhitemark").checked){browser.storage.local.set({myset_xwhitemark: "y"});}else{browser.storage.local.set({myset_xwhitemark: "n"});}
|
||||
//ACTION
|
||||
if (document.querySelector("#myset_xsimplewarn_0").checked){browser.storage.local.set({myset_xsimplewarn:0});}
|
||||
if (document.querySelector("#myset_xsimplewarn_1").checked){browser.storage.local.set({myset_xsimplewarn:1});}
|
||||
if (document.querySelector("#myset_xsimplewarn_2").checked){browser.storage.local.set({myset_xsimplewarn:2});}
|
||||
browser.runtime.sendMessage({relnow:'go'}).then(function(r){},onError);
|
||||
}
|
||||
function loadWhitelist(){
|
||||
function setCurrentChoice(r){
|
||||
//WHITELIST
|
||||
document.querySelector("#myset_cfwhite").value = r.myset_cfwhite||"";
|
||||
//ADVANCED
|
||||
if (r.myset_xautoclean=='y'){document.querySelector("#myset_xautoclean").checked=true;}else{document.querySelector("#myset_xautoclean").checked=false;}
|
||||
if (r.myset_xincapsula=='y'){document.querySelector("#myset_xincapsula").checked=true;}else{document.querySelector("#myset_xincapsula").checked=false;}
|
||||
if (r.myset_xgshield=='y'){document.querySelector("#myset_xgshield").checked=true;}else{document.querySelector("#myset_xgshield").checked=false;}
|
||||
if (r.myset_xsucuri=='y'){document.querySelector("#myset_xsucuri").checked=true;}else{document.querySelector("#myset_xsucuri").checked=false;}
|
||||
if (r.myset_xign3p=='y'){document.querySelector("#myset_xign3p").checked=true;}else{document.querySelector("#myset_xign3p").checked=false;}
|
||||
if (r.myset_xwhitemark=='y'){document.querySelector("#myset_xwhitemark").checked=true;}else{document.querySelector("#myset_xwhitemark").checked=false;}
|
||||
if (r.myset_xsimplewarn){switch(r.myset_xsimplewarn){
|
||||
case 1:document.querySelector("#myset_xsimplewarn_1").checked=true;break;
|
||||
case 2:document.querySelector("#myset_xsimplewarn_2").checked=true;break;
|
||||
default:document.querySelector("#myset_xsimplewarn_0").checked=true;break;
|
||||
}}else{document.querySelector("#myset_xsimplewarn_0").checked=true;}
|
||||
}
|
||||
var getting=browser.storage.local.get();getting.then(setCurrentChoice,onError);
|
||||
}
|
||||
document.addEventListener("DOMContentLoaded", loadWhitelist);
|
||||
document.querySelector("form").addEventListener("submit", saveWhitelist);
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,3 @@
|
|||
body{font:13px Verdana}
|
||||
label{-webkit-user-select:none;-moz-user-select:none}
|
||||
textarea{white-space:pre;overflow-wrap:normal;overflow-x:scroll}
|
Loading…
Reference in New Issue