Merge branch 'master' of mia26/cloudflare-tor into master

This commit is contained in:
Jeff Cliff 2019-03-27 03:43:44 +00:00 committed by Gogs
commit 42f58b31ff
6 changed files with 94 additions and 51 deletions

View File

@ -27,7 +27,7 @@ Disqualify:
"[I dont trust Cloudflare with IPFS](https://blog.kareldonk.com/i-dont-trust-cloudflare-with-ipfs/)" by [Karel Donk](https://blog.kareldonk.com/)
"[Cloudflare IPFS experiment](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/cloudflare-IPFS-experiment.html)" by [Joe](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/index.html)
"[Cloudflare IPFS experiment](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/cloudflare-IPFS-experiment.html)" by [Joe](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/index.html) - ([archive](http://archive.fo/139z1))
"[Don't Trust CloudFlare](https://write.lain.haus/thufie/dont-trust-cloudflare)" by [@lunaterra@cyberia.social](https://cyberia.social/@lunaterra)

View File

@ -1,68 +1,101 @@
abby.ns.cloudflare.com
adrian.ns.cloudflare.com
aida.ns.cloudflare.com
alan.ns.cloudflare.com
albert.ns.cloudflare.com
alex.ns.cloudflare.com
alina.ns.cloudflare.com
alla.ns.cloudflare.com
amanda.ns.cloudflare.com
amber.ns.cloudflare.com
amy.ns.cloudflare.com
andy.ns.cloudflare.com
anna.ns.cloudflare.com
apollo.ns.cloudflare.com
arch.ns.cloudflare.com
aria.ns.cloudflare.com
art.ns.cloudflare.com
asa.ns.cloudflare.com
athena.ns.cloudflare.com
austin.ns.cloudflare.com
ben.ns.cloudflare.com
bella.ns.cloudflare.com
ben.ns.cloudflare.com
beth.ns.cloudflare.com
bob.ns.cloudflare.com
norman.ns.cloudflare.com
brit.ns.cloudflare.com
chan.ns.cloudflare.com
coby.ns.cloudflare.com
coco.ns.cloudflare.com
cody.ns.cloudflare.com
cory.ns.cloudflare.com
darwin.ns.cloudflare.com
dee.ns.cloudflare.com
dom.ns.cloudflare.com
demi.ns.cloudflare.com
dina.ns.cloudflare.com
dom.ns.cloudflare.com
dora.ns.cloudflare.com
dorthy.ns.cloudflare.com
drew.ns.cloudflare.com
duke.ns.cloudflare.com
ed.ns.cloudflare.com
edna.ns.cloudflare.com
elinore.ns.cloudflare.com
elmo.ns.cloudflare.com
emma.ns.cloudflare.com
etta.ns.cloudflare.com
fay.ns.cloudflare.com
foo.ns.cloudflare.com
fred.ns.cloudflare.com
gabe.ns.cloudflare.com
gail.ns.cloudflare.com
glen.ns.cloudflare.com
guy.ns.cloudflare.com
hank.ns.cloudflare.com
heather.ns.cloudflare.com
hugh.ns.cloudflare.com
ian.ns.cloudflare.com
igor.ns.cloudflare.com
iris.ns.cloudflare.com
jasmine.ns.cloudflare.com
jeff.ns.cloudflare.com
jerry.ns.cloudflare.com
jill.ns.cloudflare.com
jim.ns.cloudflare.com
john.ns.cloudflare.com
jonah.ns.cloudflare.com
josh.ns.cloudflare.com
kate.ns.cloudflare.com
kevin.ns.cloudflare.com
kim.ns.cloudflare.com
kip.ns.cloudflare.com
leah.ns.cloudflare.com
lee.ns.cloudflare.com
leia.ns.cloudflare.com
lex.ns.cloudflare.com
lily.ns.cloudflare.com
lucy.ns.cloudflare.com
matt.ns.cloudflare.com
max.ns.cloudflare.com
megan.ns.cloudflare.com
melinda.ns.cloudflare.com
miki.ns.cloudflare.com
nelly.ns.cloudflare.com
newt.ns.cloudflare.com
nina.ns.cloudflare.com
norm.ns.cloudflare.com
norman.ns.cloudflare.com
olga.ns.cloudflare.com
pam.ns.cloudflare.com
paul.ns.cloudflare.com
pete.ns.cloudflare.com
peyton.ns.cloudflare.com
rachel.ns.cloudflare.com
rick.ns.cloudflare.com
rob.ns.cloudflare.com
rose.ns.cloudflare.com
seth.ns.cloudflare.com
sofia.ns.cloudflare.com
tegan.ns.cloudflare.com
terin.ns.cloudflare.com
theo.ns.cloudflare.com
zoe.ns.cloudflare.com
kevin.ns.cloudflare.com
megan.ns.cloudflare.com
peyton.ns.cloudflare.com
tegan.ns.cloudflare.com
aida.ns.cloudflare.com

View File

@ -1,4 +1,14 @@
const apiurl = 'https://searxes.danwin1210.me/collab/open/ismitm.php';
let apiurl = 'https://searxes.danwin1210.me/collab/open/ismitm.php';
let TORapiurl = 'http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/open/ismitm.php';
fetch('http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/open/hi.php', {
method: 'GET',
mode: 'cors'
}).then(r => r.text()).then(r => {
if (r == 'hi') {
apiurl = TORapiurl;
}
}).catch(() => {});
function is_infected(f) {
return new Promise((g, b) => {
@ -9,9 +19,7 @@ function is_infected(f) {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: 'f=' + f
}).then(function (r) {
return r.json();
}).then(function (r) {
}).then(r => r.json()).then(r => {
if (r[0]) {
g(r[1]);
} else {
@ -66,6 +74,4 @@ browser.storage.local.clear().then(() => {
}, () => {});
}
});
}, (e) => {
console.log(e);
});
}, () => {});

View File

@ -1,34 +1,32 @@
if (document.body) {
if (!['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb', 'addons.mozilla.org'].includes(location.hostname)) {
let cs = (function () {
let s = document.createElement('style');
document.head.appendChild(s);
return s.sheet;
})();
if (cs) {
cs.insertRule("a[data-mitm]{text-decoration-line:line-through !important;text-decoration-color:red !important;text-decoration-style:double !important}", 0);
cs.insertRule("a[data-mitm]::before{content:'[MITM!]';font-weight:bold !important;color:red !important}", 1);
cs.insertRule("a[data-mitm]:hover::before{content:'[Privacy Risk!!]'}", 2);
cs.insertRule("a[data-mitm]:hover{color:red !important}", 3);
}
let asked = ['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb'];
document.querySelectorAll("a[href^='http://']:not([data-mitm]),a[href^='https://']:not([data-mitm]),a[href^='//']:not([data-mitm])").forEach(a => {
let aF = (new URL(a.href)).hostname;
if (!/^(.*)\.(onion|i2p|invalid|test|local|localhost|([0-9]{1,3})|bbs|chan|cyb|dyn|geek|gopher|indy|libre|neo|null|o|oss|oz|parody|pirate|bit|lib|coin|emc|bazar|fur)$/.test(aF) && !asked.includes(aF)) {
asked.push(aF);
browser.runtime.sendMessage(aF);
}
});
browser.runtime.onMessage.addListener((request, sender, sendResponse) => {
if (request.length == 2) {
if (request[1]) {
document.querySelectorAll("a[href^='http://" + request[0] + "/']:not([data-mitm]),a[href^='https://" + request[0] + "/']:not([data-mitm]),a[href^='//" + request[0] + "/']:not([data-mitm])").forEach(a => {
a.dataset.mitm = 1;
a.title = 'DANGER! DANGER! MITM!';
});
}
}
sendResponse(null);
});
if (document.body && !['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb'].includes(location.hostname)) {
let cs = (function () {
let s = document.createElement('style');
document.head.appendChild(s);
return s.sheet;
})();
if (cs) {
cs.insertRule("a[data-mitm]{text-decoration-line:line-through !important;text-decoration-color:red !important;text-decoration-style:double !important}", 0);
cs.insertRule("a[data-mitm]::before{content:'[MITM!]';font-weight:bold !important;color:red !important}", 1);
cs.insertRule("a[data-mitm]:hover::before{content:'[Privacy Risk!!]'}", 2);
cs.insertRule("a[data-mitm]:hover{color:red !important}", 3);
}
let asked = ['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb', 'addons.mozilla.org'];
document.querySelectorAll("a[href^='http://']:not([data-mitm]),a[href^='https://']:not([data-mitm]),a[href^='//']:not([data-mitm])").forEach(a => {
let aF = (new URL(a.href)).hostname;
if (!/^(.*)\.(onion|i2p|invalid|test|local|localhost|([0-9]{1,3})|bbs|chan|cyb|dyn|geek|gopher|indy|libre|neo|null|o|oss|oz|parody|pirate|bit|lib|coin|emc|bazar|fur)$/.test(aF) && !asked.includes(aF)) {
asked.push(aF);
browser.runtime.sendMessage(aF);
}
});
browser.runtime.onMessage.addListener((request, sender, sendResponse) => {
if (request.length == 2) {
if (request[1]) {
document.querySelectorAll("a[href^='http://" + request[0] + "/']:not([data-mitm]),a[href^='https://" + request[0] + "/']:not([data-mitm]),a[href^='//" + request[0] + "/']:not([data-mitm])").forEach(a => {
a.dataset.mitm = 1;
a.title = 'DANGER! DANGER! MITM!';
});
}
}
sendResponse(null);
});
}

View File

@ -2,7 +2,7 @@
"manifest_version": 2,
"name": "Are links vulnerable to MITM attack?",
"description": "Scan FQDN using Searxes' API",
"version": "1.0.3",
"version": "1.0.4",
"homepage_url": "https://notabug.org/themusicgod1/cloudflare-tor/src/master/ismitmlink",
"author": "Maslin Bossé",
"permissions": [

View File

@ -144,10 +144,16 @@ Let's talk about _other software's privacy_...
- Chrome is a [spyware](https://www.gnu.org/proprietary/malware-google.en.html).
- Brave Browser [whitelist Facebook/Twitter trackers](https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/).
- SRWare Iron make too many [phones home connection](https://spyware.neocities.org/articles/iron.html). It also connect to google domains.
- Brave Browser [whitelist Facebook/Twitter trackers](https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/). Here's [more issues](https://spyware.neocities.org/articles/brave.html).
- Microsoft Edge lets Facebook [run Flash code behind users' backs](https://www.zdnet.com/article/microsoft-edge-lets-facebook-run-flash-code-behind-users-backs/).
- Vivaldi [does not respect your privacy](https://spyware.neocities.org/articles/vivaldi.html).
Therefore we recommend "Tor Browser" only. Nothing else.
------------
###### "Mozilla Firefox" user