commit e2c115d0f2b9780fcf636aba1370654f5250bdb2 Author: nullius Date: Mon Dec 11 20:45:10 2017 +0000 Import XPI and code from addons.mozilla.org Initial commit. Version 0.0.0-prealpha. - Glance over code to make sure it looks sane - Create git repository - Add substantive files - Fix icons (PNG CRC errors) - Add archival copy of xpi from addons.mozilla.org, with metadata - Add README.md, LICENSE.md - NOT YET TESTED BY MAINTAINER (@nym-zone) diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 000000000..418134fb0 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,11 @@ +[Original license](https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/license/1.0.0): + +# Block Cloudflare MiTM Attack 1.0.0 +# Source Code License +# WTFPL + +WTFPL + +--- + +Any modifications by nullius are released to the public domain. Copyright is irrevocably disclaimed on behalf of self, heirs, assigns, etc., etc. In other words, NO LICENSE! The public domain is not a license. I politely request that derivative works either stay in the public domain, or keep a liberal license. diff --git a/README.md b/README.md new file mode 100644 index 000000000..ab7beafc2 --- /dev/null +++ b/README.md @@ -0,0 +1,12 @@ +# Block Cloudflare MITM Attack + +**Pull requests are welcome!** + +The purpose of this browser add-on is to block Cloudflare sites. + +The TLS protocol promises end-to-end encryption between the client and an authenticated, identified endpoint server. The browser’s lock icon is a UI widget which makes this promise to the user. Cloudflare is a mass-decryption chokepoint, which intercepts and decrypts the Web requests made by billions of people to millions of websites. + +- Prior discussion: [Tor Browser Bug #24351: Block Global Active Adversary Cloudflare](https://trac.torproject.org/projects/tor/ticket/24351) +- Imported from [block_cloudflare_mitm_attack-1.0.0-an+fx.xpi](https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/), by an anonymous cypherpunk. “Cyperpunks write code.” Cheers! +- [Original announcement](https://trac.torproject.org/projects/tor/ticket/24351#comment:25) +- Thanks to [Debian Bug #831835](https://bugs.debian.org/831835) for some inspiration. diff --git a/archive/amo.md b/archive/amo.md new file mode 100644 index 000000000..d8bde2873 --- /dev/null +++ b/archive/amo.md @@ -0,0 +1,10 @@ +[https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/](https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/) + +# Block Cloudflare MiTM Attack +## by [cypherpunks](https://addons.mozilla.org/en-US/firefox/user/JustATorUser/) + +If the destination use Cloudflare, block future request. + +Please read: +[https://trac.torproject.org/projects/tor/ticket/24351](https://trac.torproject.org/projects/tor/ticket/24351) +[http://www.crimeflare.com/](http://www.crimeflare.com/) diff --git a/archive/block_cloudflare_mitm_attack-1.0.0-an+fx.xpi b/archive/block_cloudflare_mitm_attack-1.0.0-an+fx.xpi new file mode 100644 index 000000000..225bd4198 Binary files /dev/null and b/archive/block_cloudflare_mitm_attack-1.0.0-an+fx.xpi differ diff --git a/archive/headers0.http b/archive/headers0.http new file mode 100644 index 000000000..598564aa6 --- /dev/null +++ b/archive/headers0.http @@ -0,0 +1,17 @@ +HTTP/1.1 302 FOUND +Content-Security-Policy: script-src https://ssl.google-analytics.com/ga.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://addons.cdn.mozilla.net; style-src 'self' 'unsafe-inline' https://addons.cdn.mozilla.net; default-src 'self'; frame-src 'self' https://www.google.com/recaptcha/; child-src 'self' https://www.google.com/recaptcha/; img-src 'self' data: blob: https://ssl.google-analytics.com https://addons.cdn.mozilla.net https://static.addons.mozilla.net https://sentry.prod.mozaws.net; media-src https://videos.cdn.mozilla.net; object-src 'none'; connect-src 'self' https://sentry.prod.mozaws.net; font-src 'self' https://addons.cdn.mozilla.net; form-action 'self' https://developer.mozilla.org; base-uri 'self' https://addons.mozilla.org; report-uri /__cspreport__ +Content-Type: text/html; charset=utf-8 +Date: Mon, 11 Dec 2017 18:27:56 GMT +ETag: "d41d8cd98f00b204e9800998ecf8427e" +Location: https://addons.cdn.mozilla.net/user-media/addons/902908/block_cloudflare_mitm_attack-1.0.0-an+fx.xpi?filehash=sha256%3A335868a2ef8966ecd11db6532bca642cbd1d9eb31d5f9f1d79d9bd0d77f15c45 +Public-Key-Pins: max-age=5184000; includeSubDomains; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=" +Server: nginx +strict-transport-security: max-age=31536000 +Vary: User-Agent +x-content-type-options: nosniff +X-Frame-Options: DENY +X-Target-Digest: sha256:335868a2ef8966ecd11db6532bca642cbd1d9eb31d5f9f1d79d9bd0d77f15c45 +x-xss-protection: 1; mode=block +Content-Length: 0 +Connection: keep-alive + diff --git a/archive/headers1.http b/archive/headers1.http new file mode 100644 index 000000000..8c0a71cb9 --- /dev/null +++ b/archive/headers1.http @@ -0,0 +1,15 @@ +HTTP/1.1 200 OK +Content-Type: application/x-xpinstall +Content-Length: 9767 +Connection: keep-alive +Accept-Ranges: bytes +Cache-Control: max-age=86400 +Content-Security-Policy: default-src 'none'; report-uri https://addons.mozilla.org/__cspreport__ +Date: Mon, 11 Dec 2017 18:29:33 GMT +Expires: Tue, 12 Dec 2017 18:29:33 GMT +Last-Modified: Mon, 11 Dec 2017 14:30:08 GMT +Server: nginx +X-Cache: Miss from cloudfront +Via: 1.1 3905f6b396c96f958286f8e228e61547.cloudfront.net (CloudFront) +X-Amz-Cf-Id: U05sJSn5Gc55Pittka0jqN1NF1a1_b5HNUDS4DLf3-I4U-dXOzJApw== + diff --git a/archive/sha256.txt b/archive/sha256.txt new file mode 100644 index 000000000..07440040c --- /dev/null +++ b/archive/sha256.txt @@ -0,0 +1 @@ +335868a2ef8966ecd11db6532bca642cbd1d9eb31d5f9f1d79d9bd0d77f15c45 block_cloudflare_mitm_attack-1.0.0-an+fx.xpi diff --git a/archive/sha512.txt b/archive/sha512.txt new file mode 100644 index 000000000..e9c3d46ea --- /dev/null +++ b/archive/sha512.txt @@ -0,0 +1 @@ +55e0a9c04e891e9bf3abe5b72d38d4e3213e120adbbbb1422cf5bd21bac4008e546988b987d684cdf8838d773cc8bcd9d61767a53a0b7f5674abc361b1fb3a4c block_cloudflare_mitm_attack-1.0.0-an+fx.xpi diff --git a/src/icons/icon-48.png b/src/icons/icon-48.png new file mode 100644 index 000000000..31dcc7fa7 Binary files /dev/null and b/src/icons/icon-48.png differ diff --git a/src/icons/icon-64.png b/src/icons/icon-64.png new file mode 100644 index 000000000..44dc2ae25 Binary files /dev/null and b/src/icons/icon-64.png differ diff --git a/src/manifest.json b/src/manifest.json new file mode 100644 index 000000000..27b114bcc --- /dev/null +++ b/src/manifest.json @@ -0,0 +1,15 @@ +{ +"manifest_version": 2, +"name": "Block Cloudflare MiTM Attack", +"description": "If the destination use Cloudflare, block future request.", +"version": "1.0.0", +"homepage_url": "https://trac.torproject.org/projects/tor/ticket/24351", +"permissions": ["webRequest","webRequestBlocking",""], +"icons": { + "48": "icons/icon-48.png", + "64": "icons/icon-64.png" +}, +"background": { + "scripts": ["stop_cf_mitm.js"] +} +} \ No newline at end of file diff --git a/src/stop_cf_mitm.js b/src/stop_cf_mitm.js new file mode 100644 index 000000000..f00c9eb20 --- /dev/null +++ b/src/stop_cf_mitm.js @@ -0,0 +1,33 @@ +/* + <<< Detect Cloudflare MiTM Attack >>> + by Sw + why? because... + https://trac.torproject.org/projects/tor/ticket/24351 + http://www.crimeflare.com/ +*/ +//=============================================== +function analyzemydata(res){ +//console.log("mitmdetector: scanning: "+res.url); +var cflink=document.createElement('a');cflink.setAttribute('href',res.url); +var cf_hostname=cflink.hostname; +var cf_protocol=cflink.protocol; +var cf_gothead=res.responseHeaders; +cflink=null; +if ((cf_protocol=='http:'||cf_protocol=='https:') && cf_hostname.length>=4){ +//console.log("mitmdetector: testing...: "+res.url); +var is_cloudflare_infected=0;// 2 to confirm +for(var i=0;i=1){ +console.log('SECURITY_WARN: Cloudflare Detected: '+res.url); +return {redirectUrl: "https://0.0.0.0/"};// just drop the connection +} +} +return; +} +browser.webRequest.onHeadersReceived.addListener(analyzemydata,{urls: [""]},["blocking","responseHeaders"]); +// \ No newline at end of file