diff options
-rw-r--r-- | eval_test.js | 5 | ||||
-rw-r--r-- | main_background.js | 135 |
2 files changed, 138 insertions, 2 deletions
diff --git a/eval_test.js b/eval_test.js index 6a7b8d2..dd00891 100644 --- a/eval_test.js +++ b/eval_test.js @@ -146,7 +146,6 @@ var licenses = { // Objects which could be used to do nontrivial things // Bracket suffix notation could still be exploited to get some of these objects var reserved_objects = [ - "window", "fetch", "XMLHttpRequest", "chrome", // only on chrome @@ -155,7 +154,9 @@ var reserved_objects = [ ]; // Objects that can only be used with dot notation -var reserved_ +var dot_only = [ + "window" +] function get_final_page(html_string, callback){ diff --git a/main_background.js b/main_background.js index cf8ca80..8558382 100644 --- a/main_background.js +++ b/main_background.js @@ -19,6 +19,8 @@ function set_webex(){ } } +var addon_id = ""; + /* * * Called when something changes the persistent data of the add-on. @@ -317,16 +319,149 @@ function delete_removed_tab_info(tab_id, remove_info){ } } +/** +* Makes it so we can return redirect requests to local blob URLs +* +*/ + +var edit_these = { + "content-security-policy":true, + "connect-src":true +}; +function change_csp(e) { + var index = 0; + var csp = ""; + for(var i = 0; i < e["responseHeaders"].length; i++){ + if(edit_these[e["responseHeaders"][i]["name"].toLowerCase()] !== undefined){ + csp = e["responseHeaders"][i]["value"]; + index = i; + var b = csp.replace(/;/g,'","'); + b = JSON.parse('["' + b.substr(0,b.length) + '"]'); + for(var j = 0; j < b.length; j++){ + var matchres = b[j].match(/[\-\w]+/g); + if(matchres != null && matchres[0] == e["responseHeaders"][i]["name"].toLowerCase()){ + // Test to see if they have a hash and then delete it + // sha512 sha384 sha256 + b[j] = b[j].replace(/\s?'sha256-[\w+/]+=+'/g,""); + b[j] = b[j].replace(/\s?'sha384-[\w+/]+=+'/g,""); + b[j] = b[j].replace(/\s?'sha512-[\w+/]+=+'/g,""); + b[j] = b[j].replace(/;/g,""); + // This is the string that we add to every CSP + b[j] += " data: blob:"; + console.log(b[j]); + } + } + csp = ""; + for(var j = 0; j < b.length; j++){ + csp = csp + b[j] + ";"; + } + e["responseHeaders"][i]["value"] = csp; + } + } + if(csp == ""){ + console.log("%c no CSP.","color: red;"); + }else{ + console.log("%c new CSP:","color: green;"); + console.log(e["responseHeaders"][index]["value"]); + } + return {responseHeaders: e.responseHeaders}; +} + +function get_content(url){ + return new Promise((resolve, reject) => { + var xhr = new XMLHttpRequest(); + xhr.open("get",url); + xhr.onload = function(){ + resolve(this.responseText); + } + xhr.onerror = function(){ + reject(JSON.stringify(this)); + } + xhr.send(); + }); +} + +function get_blob_url(blob){ + return new Promise((resolve, reject) => { + //var url = URL.createObjectURL(blob); + var reader = new FileReader(); + reader.addEventListener("load", function(){ + console.log("Redirecting to:"); + console.log(reader.result.substr(0,100)); + resolve({"redirectUrl": reader.result}); + }); + reader.readAsDataURL(blob); + }); +} + +function read_script(a){ + var edited = "console.log('it worked');\n"; + var blob = new Blob([edited], {type : 'application/javascript'}); + return get_blob_url(blob); + //var url = URL.createObjectURL(blob); + //console.log(url); + //return {"redirectUrl": url}; + + + + function get_script(url){ + return new Promise((resolve, reject) => { + var response = get_content(url); + response.then(function(response) { + //var edited = "console.log('it worked');\n"+response; + var edited = "console.log('it worked');\n"; + var blob = new Blob([edited], {type : 'application/javascript'}); + resolve({"redirectUrl": get_blob_url(blob)}); + }); + }); + } + return get_script(a.url); +} + +function read_document(a){ + //console.log(a); + +} /** * Initializes various add-on functions * only meant to be called once when the script starts */ function init_addon(){ + set_webex(); webex.runtime.onConnect.addListener(connected); webex.storage.onChanged.addListener(options_listener); webex.tabs.onRemoved.addListener(delete_removed_tab_info); + + var targetPage = "https://developer.mozilla.org/en-US/Firefox/Developer_Edition"; + + + // gets the addon's ID (part of the local URL format) + var blob = new Blob(["asdf"], {type : 'application/json'}); + addon_id = URL.createObjectURL(blob).match(/[a-z]+/g)[3]; + console.log("{"+addon_id+"}"); + + // Updates the content security policy so we can redirect to local URLs + webex.webRequest.onHeadersReceived.addListener( + change_csp, + {urls: ["<all_urls>"]}, + ["blocking", "responseHeaders"] + ); + // Analyzes remote scripts + webex.webRequest.onBeforeRequest.addListener( + read_script, + {urls:["<all_urls>"], types:["script"]}, + ["blocking"] + ); + + // Analyzes the scripts inside of HTML + webex.webRequest.onBeforeRequest.addListener( + read_document, + {urls:["<all_urls>"], types:["main_frame"]}, + ["blocking"] + ); + } /** |