Uncloack CNAME hostnames

5 files changed, 56 insertions, 9 deletions

diff --git a/js/background.js b/js/background.js
index 7ac9ef2..9f14a36 100644
--- a/js/background.js
+++ b/js/background.js
@@ -174,6 +174,7 @@ var ηMatrix = (function () {
             processHyperlinkAuditing: true,
             processReferer: false,
             disableUpdateIcon: false,
+            resolveCname: false,
         },
 
         rawSettingsDefault: rawSettingsDefault,
diff --git a/js/settings.js b/js/settings.js
index 8a8d25a..6984b2e 100644
--- a/js/settings.js
+++ b/js/settings.js
@@ -83,6 +83,7 @@
         case 'iconBadgeEnabled':
         case 'processHyperlinkAuditing':
         case 'disableUpdateIcon':
+        case 'resolveCname':
             changeUserSettings(target.id, target.checked);
             break;
         case 'collapseBlocked':
diff --git a/js/vapi-background.js b/js/vapi-background.js
index e5e6998..061ae29 100644
--- a/js/vapi-background.js
+++ b/js/vapi-background.js
@@ -313,12 +313,7 @@
 
             return this.mimeTypeMap[mime.slice(0, pos)] || 0;
         },
-        observe: function (channel, topic) {
-            if (channel instanceof Ci.nsIHttpChannel === false) {
-                return;
-            }
-
-            let URI = channel.URI;
+        operate: function (channel, URI, topic) {
             let channelData = this.channelDataFromChannel(channel);
 
             if (topic.lastIndexOf('http-on-examine-', 0) === 0) {
@@ -423,6 +418,46 @@
             // Carry data for behind-the-scene redirects
             channel.setProperty(this.REQDATAKEY, [tabId, rawType]);
         },
+        observe: function (channel, topic) {
+            if (channel instanceof Ci.nsIHttpChannel === false) {
+                return;
+            }
+
+            let URI = channel.URI;
+            let channelData = this.channelDataFromChannel(channel);
+
+            if (ηMatrix.userSettings.resolveCname === true) {
+                let CC = Components.classes;
+                let CI = Components.interfaces;
+
+                let dns = CC['@mozilla.org/network/dns-service;1']
+                    .createInstance(CI.nsIDNSService);
+
+                let listener = {
+                    onLookupComplete: function (req, rec, stat) {
+                        if (!Components.isSuccessCode(stat)) {
+                            console.error("can't resolve canonical name");
+                            return;
+                        }
+                        let addr = rec.canonicalName;
+
+                        let ios = CC['@mozilla.org/network/io-service;1']
+                            .createInstance(CI.nsIIOService);
+
+                        let uri = ios.newURI(URI.scheme+'://'+addr, null, null);
+
+                        vAPI.httpObserver.operate(channel, uri, topic);
+                    },
+                };
+
+                dns.asyncResolve(URI.host,
+                                 CI.nsIDNSService.RESOLVE_CANONICAL_NAME,
+                                 listener,
+                                 null);
+            } else {
+                this.operate(channel, URI, topic);
+            }
+        },
         asyncOnChannelRedirect: function (oldChannel, newChannel,
                                           flags, callback) {
             // contentPolicy.shouldLoad doesn't detect redirects, this
diff --git a/locale/en/messages.properties b/locale/en/messages.properties
index 3672cf1..ad277f1 100644
--- a/locale/en/messages.properties
+++ b/locale/en/messages.properties
@@ -63,7 +63,7 @@ statsPageOthers=Others
 statsPageDetailed=Logger
 statsPageLogSizePrompt1=Remember the last
 statsPageLogSizePrompt2=HTTP requests <b>per page</b>.
-statsPageLogSizeHelp=<p>You can inspect details of the most recent raw HTTP requests which have been made by a web page (see below).</p><p>This is mostly useful to advanced users who want to investigate exactly what a web page has been doing. But logging these HTTP requests requires memory, and if you don't care about this technical information, then memory is being wasted.</p><p>Hence this field which lets you adjust the maximum number of the most recent HTTP requests which are to be logged for further inspection.</p><p>Enter &ldquo;<code>0</code>&rdquo; to turn off detailed logging (and consequently reduce the memory footprint of <i>ηMatrix</i>).</p>
+statsPageLogSizeHelp=<p>You can inspect details of the most recent raw HTTP requests which have been made by a web page (see below).</p><p>This is mostly useful to advanced users who want to investigate exactly what a web page has been doing. But logging these HTTP requests requires memory, and if you don&apos;t care about this technical information, then memory is being wasted.</p><p>Hence this field which lets you adjust the maximum number of the most recent HTTP requests which are to be logged for further inspection.</p><p>Enter &ldquo;<code>0</code>&rdquo; to turn off detailed logging (and consequently reduce the memory footprint of <i>ηMatrix</i>).</p>
 statsPageRefresh=Refresh
 settingsPageTitle=ηMatrix &ndash; Settings
 settingsMatrixDisplayHeader=Matrix
@@ -98,7 +98,7 @@ privacyDeleteBlockedLocalStoragePrompt=Delete <a href='https://en.wikipedia.org/
 privacyDeleteBlockedLocalStorageHelp=TODO
 privacyClearCachePrompt1=Clear browser cache every
 privacyClearCachePrompt2=minutes.
-privacyClearCacheHelp=<p>Some web sites are really bent on tracking you, so much that they will use not-so-nice tricks to work around whatever measures you take in order to not be tracked.</p><p>A few of these tricks rely<sup>[1, 2]</sup> on the <a href='https://en.wikipedia.org/wiki/Web_cache'>browser cache</a>, which content is often long lasting since rarely will users take the time to regularly clear their browser cache.</p><p>There is little inconvenience to clear the browser cache regularly (likelihood is that you won't notice when it happens), and the benefit is to prevent these obnoxious trackers from invading your privacy.</p><p>Check this option to have <i>ηMatrix</i> do it for you, at the interval you wish.</p><p>[1] <a href='https://grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache'>&ldquo;Preventing Web Tracking via the Browser Cache&rdquo;</a>\n[2] <a href='http://lucb1e.com/rp/cookielesscookies/'>&ldquo;Cookieless cookies&rdquo;</a></p>
+privacyClearCacheHelp=<p>Some web sites are really bent on tracking you, so much that they will use not-so-nice tricks to work around whatever measures you take in order to not be tracked.</p><p>A few of these tricks rely<sup>[1, 2]</sup> on the <a href='https://en.wikipedia.org/wiki/Web_cache'>browser cache</a>, which content is often long lasting since rarely will users take the time to regularly clear their browser cache.</p><p>There is little inconvenience to clear the browser cache regularly (likelihood is that you won&apos;t notice when it happens), and the benefit is to prevent these obnoxious trackers from invading your privacy.</p><p>Check this option to have <i>ηMatrix</i> do it for you, at the interval you wish.</p><p>[1] <a href='https://grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache'>&ldquo;Preventing Web Tracking via the Browser Cache&rdquo;</a>\n[2] <a href='http://lucb1e.com/rp/cookielesscookies/'>&ldquo;Cookieless cookies&rdquo;</a></p>
 privacyProcessRefererPrompt=Spoof <a href='https://en.wikipedia.org/wiki/HTTP_referer'>HTTP referrer</a> string of third-party requests.
 privacyProcessRefererHelp=From Wikipedia:<blockquote>HTTP referer is an HTTP header field that identifies the address of the webpage that linked to the resource being requested. ... <b>Because referer information can violate privacy, some web browsers allow the user to disable the sending of referer information.</b></blockquote>If this setting is checked, <i>ηMatrix</i> will spoof the HTTP referrer information if the domain name of the HTTP referrer is third-party to the domain name of net request.
 privacyNoMixedContentPrompt=Strict HTTPS: forbid mixed content.
@@ -179,4 +179,8 @@ genericSubmit=Submit
 genericRevert=Revert
 errorCantConnectTo=Network error: Unable to connect to {{url}}
 genericApplyChanges=Apply changes
-noscriptSpoofHelp=<p>When a browser does not support scripts, a web page can display some content by using the &lt;noscript&gt; tag. For example, some websites will redirect users to a &ldquo;scriptless&rdquo; version.</p><p>When ηMatrix blocks scripts, the browser will still advertise itself as supporting script execution unless this option is selected.</p><p>When selected, ηMatrix will tell the website that the browser does not support scripts, which is what you definitely want to do if you are blocking 1st-party scripts. As such, the &lt;noscript&gt; tag will work as intended.</p><p>Not selecting this option when 1st-party scripts are blocked means the website will break mysteriously in case it is meant to redirect to a scriptless version.</p>
+noscriptSpoofHelp=<p>When a browser does not support scripts, a web page can display some content by using the &lt;noscript&gt; tag. For example, some websites will redirect users to a &ldquo;scriptless&rdquo; version.</p><p>When ηMatrix blocks scripts, the browser will still advertise itself as supporting script execution unless this option is selected.</p><p>When selected, ηMatrix will tell the website that the browser does not support scripts, which is what you definitely want to do if you are blocking 1st-party scripts. As such, the &lt;noscript&gt; tag will work as intended.</p><p>Not selecting this option when 1st-party scripts are blocked means the website will break misteryously in case it is meant to redirect to a scriptless version.</p>
+settingsUpdateIcon=Do not change the toolbar icon
+updateIconHelp=<p>By default, the extension will change its icon based on how many requests are blocked on the selected page.</p><p>Selecting this option will prevent ηMatrix from changing its icon.</p><p>When the page does not have requests (e.g. the extension&lsquo;s dashboard) the icon will still be changed to the &ldquo;disabled&rdquo; state.</p>
+resolveCnameLabel=Resolve CNAME records
+resolveCnameHelp=<p>When resolving an address with DNS, some webistes use a CNAME record to redirect the resolution to a different address than the one asked for by the user.</p><p>This mechanism has legitimate uses and is convenient in a number of cases, but it can also be abused by unscrupolous criminals by &ldquo;hiding&rdquo; (cloaking) the address of a tracker behind a legitimate address.</p><p>When this setting is enabled, ηMatrix will query the DNS when a new address is met, resulting in it using the canonical name (CNAME) of the website.</p><p><b>Please note</b>: this will break your whitelist.</p>
diff --git a/settings.html b/settings.html
index fec5109..a32e545 100644
--- a/settings.html
+++ b/settings.html
@@ -164,6 +164,12 @@
                 <span class="whatisthis"></span>
                 <div class="whatisthis-expandable para" data-i18n="privacyProcessHyperlinkAuditingHelp"></div>
             </li>
+            <li>
+                <input id="resolveCname" type="checkbox" data-setting-bool>
+                <label data-i18n="resolveCnameLabel" for="resolveCname"></label>
+	        <span class="whatisthis"></span>
+	        <div class="whatisthis-expandable para" data-i18n="resolveCnameHelp"></div>
+            </li>
         </ul>
 
         <script src="js/vapi-common.js"></script>