crimeflare/cloudflare-tor
0
0
Fork 0
mirror of https://codeberg.org/crimeflare/cloudflare-tor synced 2025-11-04 10:27:05 +01:00
Code Issues Releases Activity

Import XPI and code from addons.mozilla.org

Browse source 
Initial commit.  Version 0.0.0-prealpha.

 - Glance over code to make sure it looks sane

 - Create git repository

 - Add substantive files

 - Fix icons (PNG CRC errors)

 - Add archival copy of xpi from addons.mozilla.org, with metadata

 - Add README.md, LICENSE.md

 - NOT YET TESTED BY MAINTAINER (@nym-zone)
This commit is contained in:
nullius 2017-12-11 20:45:10 +00:00
commit e2c115d0f2
No known key found for this signature in database
GPG key ID: C42793159F9EF949
12 changed files with 115 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
LICENSE.md Normal file
View file

@ -0,0 +1,11 @@
[Original license](https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/license/1.0.0):
# Block Cloudflare MiTM Attack 1.0.0
# Source Code License
# WTFPL
WTFPL
---
Any modifications by nullius <nullius@nym.zone> are released to the public domain. Copyright is irrevocably disclaimed on behalf of self, heirs, assigns, etc., etc. In other words, NO LICENSE! The public domain is not a license. I politely request that derivative works either stay in the public domain, or keep a liberal license.

12
README.md Normal file
View file

@ -0,0 +1,12 @@
# Block Cloudflare MITM Attack
**Pull requests are welcome!**
The purpose of this browser add-on is to block Cloudflare sites.
The TLS protocol promises end-to-end encryption between the client and an authenticated, identified endpoint server. The browsers lock icon is a UI widget which makes this promise to the user. Cloudflare is a mass-decryption chokepoint, which intercepts and decrypts the Web requests made by billions of people to millions of websites.
- Prior discussion: [Tor Browser Bug #24351: Block Global Active Adversary Cloudflare](https://trac.torproject.org/projects/tor/ticket/24351)
- Imported from [block_cloudflare_mitm_attack-1.0.0-an+fx.xpi](https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/), by an anonymous cypherpunk. “Cyperpunks write code.” Cheers!
- [Original announcement](https://trac.torproject.org/projects/tor/ticket/24351#comment:25)
- Thanks to [Debian Bug #831835](https://bugs.debian.org/831835) for some inspiration.

10
archive/amo.md Normal file
View file

@ -0,0 +1,10 @@
[https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/](https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/)
# Block Cloudflare MiTM Attack
## by [cypherpunks](https://addons.mozilla.org/en-US/firefox/user/JustATorUser/)
If the destination use Cloudflare, block future request.
Please read:
[https://trac.torproject.org/projects/tor/ticket/24351](https://trac.torproject.org/projects/tor/ticket/24351)
[http://www.crimeflare.com/](http://www.crimeflare.com/)

BIN
archive/block_cloudflare_mitm_attack-1.0.0-an+fx.xpi Normal file
View file

Binary file not shown.

17
archive/headers0.http Normal file
View file

@ -0,0 +1,17 @@
HTTP/1.1 302 FOUND
Content-Security-Policy: script-src https://ssl.google-analytics.com/ga.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://addons.cdn.mozilla.net; style-src 'self' 'unsafe-inline' https://addons.cdn.mozilla.net; default-src 'self'; frame-src 'self' https://www.google.com/recaptcha/; child-src 'self' https://www.google.com/recaptcha/; img-src 'self' data: blob: https://ssl.google-analytics.com https://addons.cdn.mozilla.net https://static.addons.mozilla.net https://sentry.prod.mozaws.net; media-src https://videos.cdn.mozilla.net; object-src 'none'; connect-src 'self' https://sentry.prod.mozaws.net; font-src 'self' https://addons.cdn.mozilla.net; form-action 'self' https://developer.mozilla.org; base-uri 'self' https://addons.mozilla.org; report-uri /__cspreport__
Content-Type: text/html; charset=utf-8
Date: Mon, 11 Dec 2017 18:27:56 GMT
ETag: "d41d8cd98f00b204e9800998ecf8427e"
Location: https://addons.cdn.mozilla.net/user-media/addons/902908/block_cloudflare_mitm_attack-1.0.0-an+fx.xpi?filehash=sha256%3A335868a2ef8966ecd11db6532bca642cbd1d9eb31d5f9f1d79d9bd0d77f15c45
Public-Key-Pins: max-age=5184000; includeSubDomains; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="
Server: nginx
strict-transport-security: max-age=31536000
Vary: User-Agent
x-content-type-options: nosniff
X-Frame-Options: DENY
X-Target-Digest: sha256:335868a2ef8966ecd11db6532bca642cbd1d9eb31d5f9f1d79d9bd0d77f15c45
x-xss-protection: 1; mode=block
Content-Length: 0
Connection: keep-alive

15
archive/headers1.http Normal file
View file

@ -0,0 +1,15 @@
HTTP/1.1 200 OK
Content-Type: application/x-xpinstall
Content-Length: 9767
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=86400
Content-Security-Policy: default-src 'none'; report-uri https://addons.mozilla.org/__cspreport__
Date: Mon, 11 Dec 2017 18:29:33 GMT
Expires: Tue, 12 Dec 2017 18:29:33 GMT
Last-Modified: Mon, 11 Dec 2017 14:30:08 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 3905f6b396c96f958286f8e228e61547.cloudfront.net (CloudFront)
X-Amz-Cf-Id: U05sJSn5Gc55Pittka0jqN1NF1a1_b5HNUDS4DLf3-I4U-dXOzJApw==

1
archive/sha256.txt Normal file
View file

@ -0,0 +1 @@
335868a2ef8966ecd11db6532bca642cbd1d9eb31d5f9f1d79d9bd0d77f15c45 block_cloudflare_mitm_attack-1.0.0-an+fx.xpi

1
archive/sha512.txt Normal file
View file

@ -0,0 +1 @@
55e0a9c04e891e9bf3abe5b72d38d4e3213e120adbbbb1422cf5bd21bac4008e546988b987d684cdf8838d773cc8bcd9d61767a53a0b7f5674abc361b1fb3a4c block_cloudflare_mitm_attack-1.0.0-an+fx.xpi

BIN
src/icons/icon-48.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.5 KiB

BIN
src/icons/icon-64.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2 KiB

15
src/manifest.json Normal file
View file

@ -0,0 +1,15 @@
{
"manifest_version": 2,
"name": "Block Cloudflare MiTM Attack",
"description": "If the destination use Cloudflare, block future request.",
"version": "1.0.0",
"homepage_url": "https://trac.torproject.org/projects/tor/ticket/24351",
"permissions": ["webRequest","webRequestBlocking","<all_urls>"],
"icons": {
"48": "icons/icon-48.png",
"64": "icons/icon-64.png"
},
"background": {
"scripts": ["stop_cf_mitm.js"]
}
}

33
src/stop_cf_mitm.js Normal file
View file

@ -0,0 +1,33 @@
/*
<<< Detect Cloudflare MiTM Attack >>>
by Sw
why? because...
https://trac.torproject.org/projects/tor/ticket/24351
http://www.crimeflare.com/
*/
//===============================================
function analyzemydata(res){
//console.log("mitmdetector: scanning: "+res.url);
var cflink=document.createElement('a');cflink.setAttribute('href',res.url);
var cf_hostname=cflink.hostname;
var cf_protocol=cflink.protocol;
var cf_gothead=res.responseHeaders;
cflink=null;
if ((cf_protocol=='http:'||cf_protocol=='https:') && cf_hostname.length>=4){
//console.log("mitmdetector: testing...: "+res.url);
var is_cloudflare_infected=0;// 2 to confirm
for(var i=0;i<cf_gothead.length;i++){
var cfv=cf_gothead[i];
if (cfv['name']=='cf-ray' && cfv['value']!=undefined){is_cloudflare_infected+=1;}
if (cfv['name']=='server' && cfv['value'].includes("cloudflare")){is_cloudflare_infected+=1;}
if (is_cloudflare_infected==2){break;}
}
if (is_cloudflare_infected>=1){
console.log('SECURITY_WARN: Cloudflare Detected: '+res.url);
return {redirectUrl: "https://0.0.0.0/"};// just drop the connection
}
}
return;
}
browser.webRequest.onHeadersReceived.addListener(analyzemydata,{urls: ["<all_urls>"]},["blocking","responseHeaders"]);
//