diff --git a/chrome_addon/background.js b/chrome_addon/background.js
index b8dc7a9..6689fdd 100644
--- a/chrome_addon/background.js
+++ b/chrome_addon/background.js
@@ -1,3 +1,58 @@
+/*
+ Copyright (C) 2013-2017 Grégory Soutadé
+
+ This file is part of gPass.
+
+ gPass is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ gPass is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with gPass. If not, see .
+*/
+
+function url_block_callback(details)
+{
+ // console.log(JSON.stringify(details));
+ if (details.requestBody)
+ {
+ if (details.requestBody.formData)
+ {
+ for (var key in details.requestBody.formData)
+ {
+ for(var idx in details.requestBody.formData[key])
+ {
+ value = details.requestBody.formData[key][idx];
+ if (value.startsWith("@@") ||
+ value.startsWith("@_"))
+ return {cancel: true};
+ }
+ }
+ }
+
+ /*
+ // Analyse POST parameters
+ if (details.method == "POST" && details.requestBody.raw)
+ {
+ alert(details.requestBody.raw);
+ var postedString = decodeURIComponent(String.fromCharCode.apply(null,
+ new Uint8Array(details.requestBody.raw[0].bytes)));
+ if (postedString.indexOf("=@@") != -1 ||
+ postedString.indexOf("=@_") != -1)
+ return {cancel: true};
+ }
+*/
+ }
+
+ return {cancel: false};
+}
+
chrome.runtime.onMessage.addListener(
function(request, sender, sendResponse) {
@@ -14,4 +69,27 @@ chrome.runtime.onMessage.addListener(
window.setTimeout(function() {chrome.notifications.clear("gPass", function(){})}, 2000);
}
+ else if (request.type == "block_url")
+ {
+ chrome.tabs.getCurrent(function cb(tab) {
+ if (tab)
+ {
+ chrome.webRequest.onBeforeRequest.addListener(
+ url_block_callback,
+ {urls:[request.options.url],
+ "types":["main_frame"],
+ "tabId":tab.id,
+ "windowId":tab.windowId
+ },
+ ["blocking", "requestBody"]);
+ }
+ else
+ {
+ chrome.webRequest.onBeforeRequest.addListener(
+ url_block_callback,
+ {urls:[request.options.url], "types":["main_frame"]},
+ ["blocking", "requestBody"]);
+ }
+ });
+ }
});
diff --git a/chrome_addon/lib/main.js b/chrome_addon/lib/main.js
index 8e6363a..c4ef613 100644
--- a/chrome_addon/lib/main.js
+++ b/chrome_addon/lib/main.js
@@ -416,6 +416,8 @@ function on_sumbit(e)
function document_loaded(doc)
{
+ var has_login_form = false;
+
// If there is a password in the form, add a "submit" listener
for(var i=0; i");
}
document_loaded(document);
diff --git a/chrome_addon/lib/misc.js b/chrome_addon/lib/misc.js
index 14ea1f3..73f9ac8 100644
--- a/chrome_addon/lib/misc.js
+++ b/chrome_addon/lib/misc.js
@@ -29,6 +29,12 @@ function notify(text, data)
browser.runtime.sendMessage({type: "notification", options:{"message":text}});
}
+function block_url(url)
+{
+ debug("Block URL " + url);
+ browser.runtime.sendMessage({type: "block_url", options:{"url":url}});
+}
+
// https://stackoverflow.com/questions/6965107/converting-between-strings-and-arraybuffers
function ab2str(buf) {
return String.fromCharCode.apply(null, new Uint8Array(buf));
@@ -119,9 +125,6 @@ function _encrypt(mkey, iv, data)
while ((data.length % 16))
data += "\0";
- debug("Encrypt " + data);
- debug("Encrypt " + iv.length);
-
data = str2ab(data);
promise = mkey.then(function(mkey){
@@ -148,8 +151,6 @@ async function _decrypt(mkey, iv, data)
pkcs7_padding = new Uint8Array([16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16]);
pkcs7_padding = await _encrypt(mkey, nulliv, ab2str(pkcs7_padding));
- debug("Decrypt " + data);
-
data = str2ab(data + pkcs7_padding);
nulliv = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
@@ -173,6 +174,8 @@ async function encrypt_ecb(mkey, data)
{
var result = "";
+ console.log("Encrypt ECB " + data);
+
nulliv = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
while (data.length > 16)
@@ -191,6 +194,8 @@ async function encrypt_ecb(mkey, data)
async function decrypt_ecb(mkey, data)
{
var result = "";
+
+ console.log("Decrypt ECB " + data);
nulliv = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
@@ -208,7 +213,9 @@ async function decrypt_ecb(mkey, data)
}
async function encrypt_cbc(mkey, iv, data)
-{
+{
+ console.log("Encrypt CBC " + data);
+
var result = await _encrypt(mkey, str2ab(iv), data);
// Remove PKCS7 padding
@@ -217,6 +224,8 @@ async function encrypt_cbc(mkey, iv, data)
async function decrypt_cbc(mkey, iv, data)
{
+ console.log("Decrypt CBC " + data);
+
var result = await _decrypt(mkey, str2ab(iv), data);
// Remove PKCS7 padding
diff --git a/chrome_addon/manifest.json b/chrome_addon/manifest.json
index ed3bfae..45f76bc 100644
--- a/chrome_addon/manifest.json
+++ b/chrome_addon/manifest.json
@@ -11,7 +11,7 @@
"content_scripts": [
{
- "matches": ["https://*/*", "http://*/*"],
+ "matches": [""],
"js": ["lib/parseuri.js", "lib/misc.js", "compat.js", "lib/main.js"],
"run_at" : "document_idle",
"all_frames" : true
@@ -19,16 +19,18 @@
],
"background": {
- "persistent": false,
+ "persistent": true,
"scripts": ["background.js"]
},
"options_page": "options.html",
"permissions": [
- "https://*/",
- "http://*/",
+ "",
"notifications",
+ "webRequest",
+ "webRequestBlocking",
+ "tabs",
"storage"
]
}
diff --git a/firefox_webextension/background.js b/firefox_webextension/background.js
index f818f62..03068dc 100644
--- a/firefox_webextension/background.js
+++ b/firefox_webextension/background.js
@@ -1,3 +1,38 @@
+function url_block_callback(details)
+{
+ if (details.requestBody)
+ {
+ if (details.requestBody.formData)
+ {
+ for (var key in details.requestBody.formData)
+ {
+ for(var idx in details.requestBody.formData[key])
+ {
+ value = details.requestBody.formData[key][idx];
+ if (value.startsWith("@@") ||
+ value.startsWith("@_"))
+ return {cancel: true};
+ }
+ }
+ }
+
+ /*
+ // Analyse POST parameters
+ if (details.method == "POST" && details.requestBody.raw)
+ {
+ alert(details.requestBody.raw);
+ var postedString = decodeURIComponent(String.fromCharCode.apply(null,
+ new Uint8Array(details.requestBody.raw[0].bytes)));
+ if (postedString.indexOf("=@@") != -1 ||
+ postedString.indexOf("=@_") != -1)
+ return {cancel: true};
+ }
+*/
+ }
+
+ return {cancel: false};
+}
+
browser.runtime.onMessage.addListener(
function(request) {
@@ -14,4 +49,28 @@ browser.runtime.onMessage.addListener(
window.setTimeout(function() {browser.notifications.clear("gPass")}, 2000);
}
+ else if (request.type == "block_url")
+ {
+ browser.tabs.getCurrent().then(
+ function onGot(tab) {
+ if (tab)
+ {
+ browser.webRequest.onBeforeRequest.addListener(
+ url_block_callback,
+ {urls:[request.options.url],
+ "types":["main_frame"],
+ "tabId":tab.id,
+ "windowId":tab.windowId
+ },
+ ["blocking", "requestBody"]);
+ }
+ else
+ {
+ browser.webRequest.onBeforeRequest.addListener(
+ url_block_callback,
+ {urls:[request.options.url], types:["main_frame"]},
+ ["blocking", "requestBody"]);
+ }
+ });
+ }
});
diff --git a/firefox_webextension/manifest.json b/firefox_webextension/manifest.json
index d494b7a..1c38a8b 100644
--- a/firefox_webextension/manifest.json
+++ b/firefox_webextension/manifest.json
@@ -11,7 +11,7 @@
"content_scripts": [
{
- "matches": ["https://*/*", "http://*/*"],
+ "matches": [""],
"js": ["lib/parseuri.js", "lib/misc.js", "compat.js", "lib/main.js"],
"run_at" : "document_idle",
"all_frames" : true
@@ -26,9 +26,11 @@
"options_ui": { "page":"options.html" },
"permissions": [
- "https://*/",
- "http://*/",
+ "",
"notifications",
+ "webRequest",
+ "webRequestBlocking",
+ "tabs",
"storage",
"activeTab"
]