diff options
| -rw-r--r-- | LICENSE.md | 11 | ||||
| -rw-r--r-- | README.md | 12 | ||||
| -rw-r--r-- | archive/amo.md | 10 | ||||
| -rw-r--r-- | archive/block_cloudflare_mitm_attack-1.0.0-an+fx.xpi | bin | 0 -> 9767 bytes | |||
| -rw-r--r-- | archive/headers0.http | 17 | ||||
| -rw-r--r-- | archive/headers1.http | 15 | ||||
| -rw-r--r-- | archive/sha256.txt | 1 | ||||
| -rw-r--r-- | archive/sha512.txt | 1 | ||||
| -rw-r--r-- | src/icons/icon-48.png | bin | 0 -> 1587 bytes | |||
| -rw-r--r-- | src/icons/icon-64.png | bin | 0 -> 2037 bytes | |||
| -rw-r--r-- | src/manifest.json | 15 | ||||
| -rw-r--r-- | src/stop_cf_mitm.js | 33 |
12 files changed, 115 insertions, 0 deletions
diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 00000000..418134fb --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,11 @@ +[Original license](https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/license/1.0.0): + +# Block Cloudflare MiTM Attack 1.0.0 +# Source Code License +# WTFPL + +WTFPL + +--- + +Any modifications by nullius <nullius@nym.zone> are released to the public domain. Copyright is irrevocably disclaimed on behalf of self, heirs, assigns, etc., etc. In other words, NO LICENSE! The public domain is not a license. I politely request that derivative works either stay in the public domain, or keep a liberal license. diff --git a/README.md b/README.md new file mode 100644 index 00000000..ab7beafc --- /dev/null +++ b/README.md @@ -0,0 +1,12 @@ +# Block Cloudflare MITM Attack + +**Pull requests are welcome!** + +The purpose of this browser add-on is to block Cloudflare sites. + +The TLS protocol promises end-to-end encryption between the client and an authenticated, identified endpoint server. The browser’s lock icon is a UI widget which makes this promise to the user. Cloudflare is a mass-decryption chokepoint, which intercepts and decrypts the Web requests made by billions of people to millions of websites. + +- Prior discussion: [Tor Browser Bug #24351: Block Global Active Adversary Cloudflare](https://trac.torproject.org/projects/tor/ticket/24351) +- Imported from [block_cloudflare_mitm_attack-1.0.0-an+fx.xpi](https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/), by an anonymous cypherpunk. “Cyperpunks write code.” Cheers! +- [Original announcement](https://trac.torproject.org/projects/tor/ticket/24351#comment:25) +- Thanks to [Debian Bug #831835](https://bugs.debian.org/831835) for some inspiration. diff --git a/archive/amo.md b/archive/amo.md new file mode 100644 index 00000000..d8bde287 --- /dev/null +++ b/archive/amo.md @@ -0,0 +1,10 @@ +[https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/](https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/) + +# Block Cloudflare MiTM Attack +## by [cypherpunks](https://addons.mozilla.org/en-US/firefox/user/JustATorUser/) + +If the destination use Cloudflare, block future request. + +Please read: +[https://trac.torproject.org/projects/tor/ticket/24351](https://trac.torproject.org/projects/tor/ticket/24351) +[http://www.crimeflare.com/](http://www.crimeflare.com/) diff --git a/archive/block_cloudflare_mitm_attack-1.0.0-an+fx.xpi b/archive/block_cloudflare_mitm_attack-1.0.0-an+fx.xpi Binary files differnew file mode 100644 index 00000000..225bd419 --- /dev/null +++ b/archive/block_cloudflare_mitm_attack-1.0.0-an+fx.xpi diff --git a/archive/headers0.http b/archive/headers0.http new file mode 100644 index 00000000..598564aa --- /dev/null +++ b/archive/headers0.http @@ -0,0 +1,17 @@ +HTTP/1.1 302 FOUND
+Content-Security-Policy: script-src https://ssl.google-analytics.com/ga.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://addons.cdn.mozilla.net; style-src 'self' 'unsafe-inline' https://addons.cdn.mozilla.net; default-src 'self'; frame-src 'self' https://www.google.com/recaptcha/; child-src 'self' https://www.google.com/recaptcha/; img-src 'self' data: blob: https://ssl.google-analytics.com https://addons.cdn.mozilla.net https://static.addons.mozilla.net https://sentry.prod.mozaws.net; media-src https://videos.cdn.mozilla.net; object-src 'none'; connect-src 'self' https://sentry.prod.mozaws.net; font-src 'self' https://addons.cdn.mozilla.net; form-action 'self' https://developer.mozilla.org; base-uri 'self' https://addons.mozilla.org; report-uri /__cspreport__
+Content-Type: text/html; charset=utf-8
+Date: Mon, 11 Dec 2017 18:27:56 GMT
+ETag: "d41d8cd98f00b204e9800998ecf8427e"
+Location: https://addons.cdn.mozilla.net/user-media/addons/902908/block_cloudflare_mitm_attack-1.0.0-an+fx.xpi?filehash=sha256%3A335868a2ef8966ecd11db6532bca642cbd1d9eb31d5f9f1d79d9bd0d77f15c45
+Public-Key-Pins: max-age=5184000; includeSubDomains; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="
+Server: nginx
+strict-transport-security: max-age=31536000
+Vary: User-Agent
+x-content-type-options: nosniff
+X-Frame-Options: DENY
+X-Target-Digest: sha256:335868a2ef8966ecd11db6532bca642cbd1d9eb31d5f9f1d79d9bd0d77f15c45
+x-xss-protection: 1; mode=block
+Content-Length: 0
+Connection: keep-alive
+
diff --git a/archive/headers1.http b/archive/headers1.http new file mode 100644 index 00000000..8c0a71cb --- /dev/null +++ b/archive/headers1.http @@ -0,0 +1,15 @@ +HTTP/1.1 200 OK
+Content-Type: application/x-xpinstall
+Content-Length: 9767
+Connection: keep-alive
+Accept-Ranges: bytes
+Cache-Control: max-age=86400
+Content-Security-Policy: default-src 'none'; report-uri https://addons.mozilla.org/__cspreport__
+Date: Mon, 11 Dec 2017 18:29:33 GMT
+Expires: Tue, 12 Dec 2017 18:29:33 GMT
+Last-Modified: Mon, 11 Dec 2017 14:30:08 GMT
+Server: nginx
+X-Cache: Miss from cloudfront
+Via: 1.1 3905f6b396c96f958286f8e228e61547.cloudfront.net (CloudFront)
+X-Amz-Cf-Id: U05sJSn5Gc55Pittka0jqN1NF1a1_b5HNUDS4DLf3-I4U-dXOzJApw==
+
diff --git a/archive/sha256.txt b/archive/sha256.txt new file mode 100644 index 00000000..07440040 --- /dev/null +++ b/archive/sha256.txt @@ -0,0 +1 @@ +335868a2ef8966ecd11db6532bca642cbd1d9eb31d5f9f1d79d9bd0d77f15c45 block_cloudflare_mitm_attack-1.0.0-an+fx.xpi diff --git a/archive/sha512.txt b/archive/sha512.txt new file mode 100644 index 00000000..e9c3d46e --- /dev/null +++ b/archive/sha512.txt @@ -0,0 +1 @@ +55e0a9c04e891e9bf3abe5b72d38d4e3213e120adbbbb1422cf5bd21bac4008e546988b987d684cdf8838d773cc8bcd9d61767a53a0b7f5674abc361b1fb3a4c block_cloudflare_mitm_attack-1.0.0-an+fx.xpi diff --git a/src/icons/icon-48.png b/src/icons/icon-48.png Binary files differnew file mode 100644 index 00000000..31dcc7fa --- /dev/null +++ b/src/icons/icon-48.png diff --git a/src/icons/icon-64.png b/src/icons/icon-64.png Binary files differnew file mode 100644 index 00000000..44dc2ae2 --- /dev/null +++ b/src/icons/icon-64.png diff --git a/src/manifest.json b/src/manifest.json new file mode 100644 index 00000000..27b114bc --- /dev/null +++ b/src/manifest.json @@ -0,0 +1,15 @@ +{ +"manifest_version": 2, +"name": "Block Cloudflare MiTM Attack", +"description": "If the destination use Cloudflare, block future request.", +"version": "1.0.0", +"homepage_url": "https://trac.torproject.org/projects/tor/ticket/24351", +"permissions": ["webRequest","webRequestBlocking","<all_urls>"], +"icons": { + "48": "icons/icon-48.png", + "64": "icons/icon-64.png" +}, +"background": { + "scripts": ["stop_cf_mitm.js"] +} +}
\ No newline at end of file diff --git a/src/stop_cf_mitm.js b/src/stop_cf_mitm.js new file mode 100644 index 00000000..f00c9eb2 --- /dev/null +++ b/src/stop_cf_mitm.js @@ -0,0 +1,33 @@ +/* + <<< Detect Cloudflare MiTM Attack >>> + by Sw + why? because... + https://trac.torproject.org/projects/tor/ticket/24351 + http://www.crimeflare.com/ +*/ +//=============================================== +function analyzemydata(res){ +//console.log("mitmdetector: scanning: "+res.url); +var cflink=document.createElement('a');cflink.setAttribute('href',res.url); +var cf_hostname=cflink.hostname; +var cf_protocol=cflink.protocol; +var cf_gothead=res.responseHeaders; +cflink=null; +if ((cf_protocol=='http:'||cf_protocol=='https:') && cf_hostname.length>=4){ +//console.log("mitmdetector: testing...: "+res.url); +var is_cloudflare_infected=0;// 2 to confirm +for(var i=0;i<cf_gothead.length;i++){ +var cfv=cf_gothead[i]; +if (cfv['name']=='cf-ray' && cfv['value']!=undefined){is_cloudflare_infected+=1;} +if (cfv['name']=='server' && cfv['value'].includes("cloudflare")){is_cloudflare_infected+=1;} +if (is_cloudflare_infected==2){break;} +} +if (is_cloudflare_infected>=1){ +console.log('SECURITY_WARN: Cloudflare Detected: '+res.url); +return {redirectUrl: "https://0.0.0.0/"};// just drop the connection +} +} +return; +} +browser.webRequest.onHeadersReceived.addListener(analyzemydata,{urls: ["<all_urls>"]},["blocking","responseHeaders"]); +//
\ No newline at end of file |
