aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--eval_test.js5
-rw-r--r--main_background.js135
2 files changed, 138 insertions, 2 deletions
diff --git a/eval_test.js b/eval_test.js
index 6a7b8d2..dd00891 100644
--- a/eval_test.js
+++ b/eval_test.js
@@ -146,7 +146,6 @@ var licenses = {
// Objects which could be used to do nontrivial things
// Bracket suffix notation could still be exploited to get some of these objects
var reserved_objects = [
- "window",
"fetch",
"XMLHttpRequest",
"chrome", // only on chrome
@@ -155,7 +154,9 @@ var reserved_objects = [
];
// Objects that can only be used with dot notation
-var reserved_
+var dot_only = [
+ "window"
+]
function get_final_page(html_string, callback){
diff --git a/main_background.js b/main_background.js
index cf8ca80..8558382 100644
--- a/main_background.js
+++ b/main_background.js
@@ -19,6 +19,8 @@ function set_webex(){
}
}
+var addon_id = "";
+
/*
*
* Called when something changes the persistent data of the add-on.
@@ -317,16 +319,149 @@ function delete_removed_tab_info(tab_id, remove_info){
}
}
+/**
+* Makes it so we can return redirect requests to local blob URLs
+*
+*/
+
+var edit_these = {
+ "content-security-policy":true,
+ "connect-src":true
+};
+function change_csp(e) {
+ var index = 0;
+ var csp = "";
+ for(var i = 0; i < e["responseHeaders"].length; i++){
+ if(edit_these[e["responseHeaders"][i]["name"].toLowerCase()] !== undefined){
+ csp = e["responseHeaders"][i]["value"];
+ index = i;
+ var b = csp.replace(/;/g,'","');
+ b = JSON.parse('["' + b.substr(0,b.length) + '"]');
+ for(var j = 0; j < b.length; j++){
+ var matchres = b[j].match(/[\-\w]+/g);
+ if(matchres != null && matchres[0] == e["responseHeaders"][i]["name"].toLowerCase()){
+ // Test to see if they have a hash and then delete it
+ // sha512 sha384 sha256
+ b[j] = b[j].replace(/\s?'sha256-[\w+/]+=+'/g,"");
+ b[j] = b[j].replace(/\s?'sha384-[\w+/]+=+'/g,"");
+ b[j] = b[j].replace(/\s?'sha512-[\w+/]+=+'/g,"");
+ b[j] = b[j].replace(/;/g,"");
+ // This is the string that we add to every CSP
+ b[j] += " data: blob:";
+ console.log(b[j]);
+ }
+ }
+ csp = "";
+ for(var j = 0; j < b.length; j++){
+ csp = csp + b[j] + ";";
+ }
+ e["responseHeaders"][i]["value"] = csp;
+ }
+ }
+ if(csp == ""){
+ console.log("%c no CSP.","color: red;");
+ }else{
+ console.log("%c new CSP:","color: green;");
+ console.log(e["responseHeaders"][index]["value"]);
+ }
+ return {responseHeaders: e.responseHeaders};
+}
+
+function get_content(url){
+ return new Promise((resolve, reject) => {
+ var xhr = new XMLHttpRequest();
+ xhr.open("get",url);
+ xhr.onload = function(){
+ resolve(this.responseText);
+ }
+ xhr.onerror = function(){
+ reject(JSON.stringify(this));
+ }
+ xhr.send();
+ });
+}
+
+function get_blob_url(blob){
+ return new Promise((resolve, reject) => {
+ //var url = URL.createObjectURL(blob);
+ var reader = new FileReader();
+ reader.addEventListener("load", function(){
+ console.log("Redirecting to:");
+ console.log(reader.result.substr(0,100));
+ resolve({"redirectUrl": reader.result});
+ });
+ reader.readAsDataURL(blob);
+ });
+}
+
+function read_script(a){
+ var edited = "console.log('it worked');\n";
+ var blob = new Blob([edited], {type : 'application/javascript'});
+ return get_blob_url(blob);
+ //var url = URL.createObjectURL(blob);
+ //console.log(url);
+ //return {"redirectUrl": url};
+
+
+
+ function get_script(url){
+ return new Promise((resolve, reject) => {
+ var response = get_content(url);
+ response.then(function(response) {
+ //var edited = "console.log('it worked');\n"+response;
+ var edited = "console.log('it worked');\n";
+ var blob = new Blob([edited], {type : 'application/javascript'});
+ resolve({"redirectUrl": get_blob_url(blob)});
+ });
+ });
+ }
+ return get_script(a.url);
+}
+
+function read_document(a){
+ //console.log(a);
+
+}
/**
* Initializes various add-on functions
* only meant to be called once when the script starts
*/
function init_addon(){
+
set_webex();
webex.runtime.onConnect.addListener(connected);
webex.storage.onChanged.addListener(options_listener);
webex.tabs.onRemoved.addListener(delete_removed_tab_info);
+
+ var targetPage = "https://developer.mozilla.org/en-US/Firefox/Developer_Edition";
+
+
+ // gets the addon's ID (part of the local URL format)
+ var blob = new Blob(["asdf"], {type : 'application/json'});
+ addon_id = URL.createObjectURL(blob).match(/[a-z]+/g)[3];
+ console.log("{"+addon_id+"}");
+
+ // Updates the content security policy so we can redirect to local URLs
+ webex.webRequest.onHeadersReceived.addListener(
+ change_csp,
+ {urls: ["<all_urls>"]},
+ ["blocking", "responseHeaders"]
+ );
+ // Analyzes remote scripts
+ webex.webRequest.onBeforeRequest.addListener(
+ read_script,
+ {urls:["<all_urls>"], types:["script"]},
+ ["blocking"]
+ );
+
+ // Analyzes the scripts inside of HTML
+ webex.webRequest.onBeforeRequest.addListener(
+ read_document,
+ {urls:["<all_urls>"], types:["main_frame"]},
+ ["blocking"]
+ );
+
}
/**