Block URL request if masterkey is present in parameters
This commit is contained in:
parent
7a7d2fd724
commit
e341963675
|
@ -1,3 +1,58 @@
|
||||||
|
/*
|
||||||
|
Copyright (C) 2013-2017 Grégory Soutadé
|
||||||
|
|
||||||
|
This file is part of gPass.
|
||||||
|
|
||||||
|
gPass is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
gPass is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with gPass. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
function url_block_callback(details)
|
||||||
|
{
|
||||||
|
// console.log(JSON.stringify(details));
|
||||||
|
if (details.requestBody)
|
||||||
|
{
|
||||||
|
if (details.requestBody.formData)
|
||||||
|
{
|
||||||
|
for (var key in details.requestBody.formData)
|
||||||
|
{
|
||||||
|
for(var idx in details.requestBody.formData[key])
|
||||||
|
{
|
||||||
|
value = details.requestBody.formData[key][idx];
|
||||||
|
if (value.startsWith("@@") ||
|
||||||
|
value.startsWith("@_"))
|
||||||
|
return {cancel: true};
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
// Analyse POST parameters
|
||||||
|
if (details.method == "POST" && details.requestBody.raw)
|
||||||
|
{
|
||||||
|
alert(details.requestBody.raw);
|
||||||
|
var postedString = decodeURIComponent(String.fromCharCode.apply(null,
|
||||||
|
new Uint8Array(details.requestBody.raw[0].bytes)));
|
||||||
|
if (postedString.indexOf("=@@") != -1 ||
|
||||||
|
postedString.indexOf("=@_") != -1)
|
||||||
|
return {cancel: true};
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
}
|
||||||
|
|
||||||
|
return {cancel: false};
|
||||||
|
}
|
||||||
|
|
||||||
chrome.runtime.onMessage.addListener(
|
chrome.runtime.onMessage.addListener(
|
||||||
function(request, sender, sendResponse) {
|
function(request, sender, sendResponse) {
|
||||||
|
|
||||||
|
@ -14,4 +69,27 @@ chrome.runtime.onMessage.addListener(
|
||||||
|
|
||||||
window.setTimeout(function() {chrome.notifications.clear("gPass", function(){})}, 2000);
|
window.setTimeout(function() {chrome.notifications.clear("gPass", function(){})}, 2000);
|
||||||
}
|
}
|
||||||
|
else if (request.type == "block_url")
|
||||||
|
{
|
||||||
|
chrome.tabs.getCurrent(function cb(tab) {
|
||||||
|
if (tab)
|
||||||
|
{
|
||||||
|
chrome.webRequest.onBeforeRequest.addListener(
|
||||||
|
url_block_callback,
|
||||||
|
{urls:[request.options.url],
|
||||||
|
"types":["main_frame"],
|
||||||
|
"tabId":tab.id,
|
||||||
|
"windowId":tab.windowId
|
||||||
|
},
|
||||||
|
["blocking", "requestBody"]);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
chrome.webRequest.onBeforeRequest.addListener(
|
||||||
|
url_block_callback,
|
||||||
|
{urls:[request.options.url], "types":["main_frame"]},
|
||||||
|
["blocking", "requestBody"]);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
|
|
@ -416,6 +416,8 @@ function on_sumbit(e)
|
||||||
|
|
||||||
function document_loaded(doc)
|
function document_loaded(doc)
|
||||||
{
|
{
|
||||||
|
var has_login_form = false;
|
||||||
|
|
||||||
// If there is a password in the form, add a "submit" listener
|
// If there is a password in the form, add a "submit" listener
|
||||||
for(var i=0; i<doc.forms.length; i++)
|
for(var i=0; i<doc.forms.length; i++)
|
||||||
{
|
{
|
||||||
|
@ -426,11 +428,22 @@ function document_loaded(doc)
|
||||||
var field = fields[a];
|
var field = fields[a];
|
||||||
if (field.getAttribute("type") == "password")
|
if (field.getAttribute("type") == "password")
|
||||||
{
|
{
|
||||||
|
block_url(form.action);
|
||||||
|
old_cb = form.onsubmit;
|
||||||
|
if (old_cb)
|
||||||
|
form.removeEventListener("submit", old_cb);
|
||||||
form.addEventListener("submit", on_sumbit);
|
form.addEventListener("submit", on_sumbit);
|
||||||
|
if (old_cb)
|
||||||
|
form.addEventListener("submit", old_cb);
|
||||||
|
has_login_form = true;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Request can be sent to another URL... */
|
||||||
|
if (has_login_form)
|
||||||
|
block_url("<all_urls>");
|
||||||
}
|
}
|
||||||
|
|
||||||
document_loaded(document);
|
document_loaded(document);
|
||||||
|
|
|
@ -29,6 +29,12 @@ function notify(text, data)
|
||||||
browser.runtime.sendMessage({type: "notification", options:{"message":text}});
|
browser.runtime.sendMessage({type: "notification", options:{"message":text}});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function block_url(url)
|
||||||
|
{
|
||||||
|
debug("Block URL " + url);
|
||||||
|
browser.runtime.sendMessage({type: "block_url", options:{"url":url}});
|
||||||
|
}
|
||||||
|
|
||||||
// https://stackoverflow.com/questions/6965107/converting-between-strings-and-arraybuffers
|
// https://stackoverflow.com/questions/6965107/converting-between-strings-and-arraybuffers
|
||||||
function ab2str(buf) {
|
function ab2str(buf) {
|
||||||
return String.fromCharCode.apply(null, new Uint8Array(buf));
|
return String.fromCharCode.apply(null, new Uint8Array(buf));
|
||||||
|
@ -119,9 +125,6 @@ function _encrypt(mkey, iv, data)
|
||||||
while ((data.length % 16))
|
while ((data.length % 16))
|
||||||
data += "\0";
|
data += "\0";
|
||||||
|
|
||||||
debug("Encrypt " + data);
|
|
||||||
debug("Encrypt " + iv.length);
|
|
||||||
|
|
||||||
data = str2ab(data);
|
data = str2ab(data);
|
||||||
|
|
||||||
promise = mkey.then(function(mkey){
|
promise = mkey.then(function(mkey){
|
||||||
|
@ -148,8 +151,6 @@ async function _decrypt(mkey, iv, data)
|
||||||
pkcs7_padding = new Uint8Array([16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16]);
|
pkcs7_padding = new Uint8Array([16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16]);
|
||||||
pkcs7_padding = await _encrypt(mkey, nulliv, ab2str(pkcs7_padding));
|
pkcs7_padding = await _encrypt(mkey, nulliv, ab2str(pkcs7_padding));
|
||||||
|
|
||||||
debug("Decrypt " + data);
|
|
||||||
|
|
||||||
data = str2ab(data + pkcs7_padding);
|
data = str2ab(data + pkcs7_padding);
|
||||||
|
|
||||||
nulliv = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
|
nulliv = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
|
||||||
|
@ -173,6 +174,8 @@ async function encrypt_ecb(mkey, data)
|
||||||
{
|
{
|
||||||
var result = "";
|
var result = "";
|
||||||
|
|
||||||
|
console.log("Encrypt ECB " + data);
|
||||||
|
|
||||||
nulliv = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
|
nulliv = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
|
||||||
|
|
||||||
while (data.length > 16)
|
while (data.length > 16)
|
||||||
|
@ -192,6 +195,8 @@ async function decrypt_ecb(mkey, data)
|
||||||
{
|
{
|
||||||
var result = "";
|
var result = "";
|
||||||
|
|
||||||
|
console.log("Decrypt ECB " + data);
|
||||||
|
|
||||||
nulliv = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
|
nulliv = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
|
||||||
|
|
||||||
while (data.length > 16)
|
while (data.length > 16)
|
||||||
|
@ -209,6 +214,8 @@ async function decrypt_ecb(mkey, data)
|
||||||
|
|
||||||
async function encrypt_cbc(mkey, iv, data)
|
async function encrypt_cbc(mkey, iv, data)
|
||||||
{
|
{
|
||||||
|
console.log("Encrypt CBC " + data);
|
||||||
|
|
||||||
var result = await _encrypt(mkey, str2ab(iv), data);
|
var result = await _encrypt(mkey, str2ab(iv), data);
|
||||||
|
|
||||||
// Remove PKCS7 padding
|
// Remove PKCS7 padding
|
||||||
|
@ -217,6 +224,8 @@ async function encrypt_cbc(mkey, iv, data)
|
||||||
|
|
||||||
async function decrypt_cbc(mkey, iv, data)
|
async function decrypt_cbc(mkey, iv, data)
|
||||||
{
|
{
|
||||||
|
console.log("Decrypt CBC " + data);
|
||||||
|
|
||||||
var result = await _decrypt(mkey, str2ab(iv), data);
|
var result = await _decrypt(mkey, str2ab(iv), data);
|
||||||
|
|
||||||
// Remove PKCS7 padding
|
// Remove PKCS7 padding
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
|
|
||||||
"content_scripts": [
|
"content_scripts": [
|
||||||
{
|
{
|
||||||
"matches": ["https://*/*", "http://*/*"],
|
"matches": ["<all_urls>"],
|
||||||
"js": ["lib/parseuri.js", "lib/misc.js", "compat.js", "lib/main.js"],
|
"js": ["lib/parseuri.js", "lib/misc.js", "compat.js", "lib/main.js"],
|
||||||
"run_at" : "document_idle",
|
"run_at" : "document_idle",
|
||||||
"all_frames" : true
|
"all_frames" : true
|
||||||
|
@ -19,16 +19,18 @@
|
||||||
],
|
],
|
||||||
|
|
||||||
"background": {
|
"background": {
|
||||||
"persistent": false,
|
"persistent": true,
|
||||||
"scripts": ["background.js"]
|
"scripts": ["background.js"]
|
||||||
},
|
},
|
||||||
|
|
||||||
"options_page": "options.html",
|
"options_page": "options.html",
|
||||||
|
|
||||||
"permissions": [
|
"permissions": [
|
||||||
"https://*/",
|
"<all_urls>",
|
||||||
"http://*/",
|
|
||||||
"notifications",
|
"notifications",
|
||||||
|
"webRequest",
|
||||||
|
"webRequestBlocking",
|
||||||
|
"tabs",
|
||||||
"storage"
|
"storage"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,38 @@
|
||||||
|
function url_block_callback(details)
|
||||||
|
{
|
||||||
|
if (details.requestBody)
|
||||||
|
{
|
||||||
|
if (details.requestBody.formData)
|
||||||
|
{
|
||||||
|
for (var key in details.requestBody.formData)
|
||||||
|
{
|
||||||
|
for(var idx in details.requestBody.formData[key])
|
||||||
|
{
|
||||||
|
value = details.requestBody.formData[key][idx];
|
||||||
|
if (value.startsWith("@@") ||
|
||||||
|
value.startsWith("@_"))
|
||||||
|
return {cancel: true};
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
// Analyse POST parameters
|
||||||
|
if (details.method == "POST" && details.requestBody.raw)
|
||||||
|
{
|
||||||
|
alert(details.requestBody.raw);
|
||||||
|
var postedString = decodeURIComponent(String.fromCharCode.apply(null,
|
||||||
|
new Uint8Array(details.requestBody.raw[0].bytes)));
|
||||||
|
if (postedString.indexOf("=@@") != -1 ||
|
||||||
|
postedString.indexOf("=@_") != -1)
|
||||||
|
return {cancel: true};
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
}
|
||||||
|
|
||||||
|
return {cancel: false};
|
||||||
|
}
|
||||||
|
|
||||||
browser.runtime.onMessage.addListener(
|
browser.runtime.onMessage.addListener(
|
||||||
function(request) {
|
function(request) {
|
||||||
|
|
||||||
|
@ -14,4 +49,28 @@ browser.runtime.onMessage.addListener(
|
||||||
|
|
||||||
window.setTimeout(function() {browser.notifications.clear("gPass")}, 2000);
|
window.setTimeout(function() {browser.notifications.clear("gPass")}, 2000);
|
||||||
}
|
}
|
||||||
|
else if (request.type == "block_url")
|
||||||
|
{
|
||||||
|
browser.tabs.getCurrent().then(
|
||||||
|
function onGot(tab) {
|
||||||
|
if (tab)
|
||||||
|
{
|
||||||
|
browser.webRequest.onBeforeRequest.addListener(
|
||||||
|
url_block_callback,
|
||||||
|
{urls:[request.options.url],
|
||||||
|
"types":["main_frame"],
|
||||||
|
"tabId":tab.id,
|
||||||
|
"windowId":tab.windowId
|
||||||
|
},
|
||||||
|
["blocking", "requestBody"]);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
browser.webRequest.onBeforeRequest.addListener(
|
||||||
|
url_block_callback,
|
||||||
|
{urls:[request.options.url], types:["main_frame"]},
|
||||||
|
["blocking", "requestBody"]);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
|
|
||||||
"content_scripts": [
|
"content_scripts": [
|
||||||
{
|
{
|
||||||
"matches": ["https://*/*", "http://*/*"],
|
"matches": ["<all_urls>"],
|
||||||
"js": ["lib/parseuri.js", "lib/misc.js", "compat.js", "lib/main.js"],
|
"js": ["lib/parseuri.js", "lib/misc.js", "compat.js", "lib/main.js"],
|
||||||
"run_at" : "document_idle",
|
"run_at" : "document_idle",
|
||||||
"all_frames" : true
|
"all_frames" : true
|
||||||
|
@ -26,9 +26,11 @@
|
||||||
"options_ui": { "page":"options.html" },
|
"options_ui": { "page":"options.html" },
|
||||||
|
|
||||||
"permissions": [
|
"permissions": [
|
||||||
"https://*/",
|
"<all_urls>",
|
||||||
"http://*/",
|
|
||||||
"notifications",
|
"notifications",
|
||||||
|
"webRequest",
|
||||||
|
"webRequestBlocking",
|
||||||
|
"tabs",
|
||||||
"storage",
|
"storage",
|
||||||
"activeTab"
|
"activeTab"
|
||||||
]
|
]
|
||||||
|
|
Loading…
Reference in New Issue
Block a user