From e2c115d0f2b9780fcf636aba1370654f5250bdb2 Mon Sep 17 00:00:00 2001
From: nullius <nullius@nym.zone>
Date: Mon, 11 Dec 2017 20:45:10 +0000
Subject: Import XPI and code from addons.mozilla.org

Initial commit.  Version 0.0.0-prealpha.

 - Glance over code to make sure it looks sane

 - Create git repository

 - Add substantive files

 - Fix icons (PNG CRC errors)

 - Add archival copy of xpi from addons.mozilla.org, with metadata

 - Add README.md, LICENSE.md

 - NOT YET TESTED BY MAINTAINER (@nym-zone)
---
 src/icons/icon-48.png | Bin 0 -> 1587 bytes
 src/icons/icon-64.png | Bin 0 -> 2037 bytes
 src/manifest.json     |  15 +++++++++++++++
 src/stop_cf_mitm.js   |  33 +++++++++++++++++++++++++++++++++
 4 files changed, 48 insertions(+)
 create mode 100644 src/icons/icon-48.png
 create mode 100644 src/icons/icon-64.png
 create mode 100644 src/manifest.json
 create mode 100644 src/stop_cf_mitm.js

(limited to 'src')

diff --git a/src/icons/icon-48.png b/src/icons/icon-48.png
new file mode 100644
index 00000000..31dcc7fa
Binary files /dev/null and b/src/icons/icon-48.png differ
diff --git a/src/icons/icon-64.png b/src/icons/icon-64.png
new file mode 100644
index 00000000..44dc2ae2
Binary files /dev/null and b/src/icons/icon-64.png differ
diff --git a/src/manifest.json b/src/manifest.json
new file mode 100644
index 00000000..27b114bc
--- /dev/null
+++ b/src/manifest.json
@@ -0,0 +1,15 @@
+{
+"manifest_version": 2,
+"name": "Block Cloudflare MiTM Attack",
+"description": "If the destination use Cloudflare, block future request.",
+"version": "1.0.0",
+"homepage_url": "https://trac.torproject.org/projects/tor/ticket/24351",
+"permissions": ["webRequest","webRequestBlocking","<all_urls>"],
+"icons": {
+ "48": "icons/icon-48.png",
+ "64": "icons/icon-64.png"
+},
+"background": {
+ "scripts": ["stop_cf_mitm.js"]
+}
+}
\ No newline at end of file
diff --git a/src/stop_cf_mitm.js b/src/stop_cf_mitm.js
new file mode 100644
index 00000000..f00c9eb2
--- /dev/null
+++ b/src/stop_cf_mitm.js
@@ -0,0 +1,33 @@
+/*
+		<<< Detect Cloudflare MiTM Attack >>>
+						by Sw
+	why? because...
+	https://trac.torproject.org/projects/tor/ticket/24351
+	http://www.crimeflare.com/
+*/
+//===============================================
+function analyzemydata(res){
+//console.log("mitmdetector: scanning: "+res.url);
+var cflink=document.createElement('a');cflink.setAttribute('href',res.url);
+var cf_hostname=cflink.hostname;
+var cf_protocol=cflink.protocol;
+var cf_gothead=res.responseHeaders;
+cflink=null;
+if ((cf_protocol=='http:'||cf_protocol=='https:') && cf_hostname.length>=4){
+//console.log("mitmdetector: testing...: "+res.url);
+var is_cloudflare_infected=0;// 2 to confirm
+for(var i=0;i<cf_gothead.length;i++){
+var cfv=cf_gothead[i];
+if (cfv['name']=='cf-ray' && cfv['value']!=undefined){is_cloudflare_infected+=1;}
+if (cfv['name']=='server' && cfv['value'].includes("cloudflare")){is_cloudflare_infected+=1;}
+if (is_cloudflare_infected==2){break;}
+}
+if (is_cloudflare_infected>=1){
+console.log('SECURITY_WARN: Cloudflare Detected: '+res.url);
+return {redirectUrl: "https://0.0.0.0/"};// just drop the connection
+}
+}
+return;
+}
+browser.webRequest.onHeadersReceived.addListener(analyzemydata,{urls: ["<all_urls>"]},["blocking","responseHeaders"]);
+//
\ No newline at end of file
-- 
cgit v1.2.3