2021-11-07 17:20:58 +01:00
|
|
|
import { StolenDataEntry } from "./stolen-data-entry";
|
2021-10-04 18:51:51 +02:00
|
|
|
import { getshorthost, parseCookie, Request } from "./util";
|
2021-10-03 09:03:56 +02:00
|
|
|
|
2021-11-08 20:14:28 +01:00
|
|
|
export type HAREntry = {
|
|
|
|
|
pageref: string;
|
|
|
|
|
startedDateTime: string;
|
|
|
|
|
request: {
|
|
|
|
|
bodySize: number;
|
|
|
|
|
cookies: {}[];
|
|
|
|
|
headers: {}[];
|
|
|
|
|
headersSize: number;
|
|
|
|
|
httpVersion: string;
|
|
|
|
|
method: string;
|
|
|
|
|
postData: {
|
|
|
|
|
mimeType: string;
|
|
|
|
|
params: { name: string; value: string }[];
|
|
|
|
|
text: string;
|
|
|
|
|
};
|
|
|
|
|
queryString: { name: string; value: string }[];
|
|
|
|
|
url: string;
|
|
|
|
|
};
|
|
|
|
|
response: {}; // not relevant
|
|
|
|
|
cache: {};
|
|
|
|
|
timings: {};
|
|
|
|
|
time: number;
|
|
|
|
|
_securityState: string;
|
|
|
|
|
serverIPAddress: string;
|
|
|
|
|
connection: string;
|
|
|
|
|
};
|
|
|
|
|
|
2021-10-06 17:22:33 +02:00
|
|
|
const whitelisted_cookies = [
|
|
|
|
|
/^Accept.*$/,
|
|
|
|
|
/^Host$/,
|
|
|
|
|
/^Connection$/,
|
|
|
|
|
/^Sec-Fetch-.*$/,
|
|
|
|
|
/^Content-Type$/,
|
|
|
|
|
/^Cookie$/, // we're extracting it in getCookie separately anyway
|
|
|
|
|
/^User-Agent$/,
|
|
|
|
|
];
|
|
|
|
|
|
2021-10-03 09:03:56 +02:00
|
|
|
export default class ExtendedRequest {
|
|
|
|
|
public tabId: number;
|
|
|
|
|
public url: string;
|
2021-11-07 15:45:26 +01:00
|
|
|
public shorthost: string;
|
2021-10-03 09:03:56 +02:00
|
|
|
public requestHeaders: Request["requestHeaders"];
|
2021-11-07 17:59:16 +01:00
|
|
|
public originalURL: string;
|
2021-11-07 19:03:00 +01:00
|
|
|
public origin: string;
|
2021-10-04 18:51:51 +02:00
|
|
|
public initialized = false;
|
2021-11-07 11:18:53 +01:00
|
|
|
public stolenData: StolenDataEntry[];
|
2021-10-03 09:03:56 +02:00
|
|
|
|
2021-10-04 18:51:51 +02:00
|
|
|
async init() {
|
|
|
|
|
await this.cacheOrigin();
|
|
|
|
|
this.initialized = true;
|
2021-11-07 11:18:53 +01:00
|
|
|
this.stolenData = this.getAllStolenData();
|
2021-10-04 18:51:51 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async cacheOrigin(): Promise<void> {
|
2021-10-03 09:03:56 +02:00
|
|
|
let url: string;
|
|
|
|
|
if (this.data.tabId && this.data.tabId >= 0) {
|
|
|
|
|
const tab = await browser.tabs.get(this.data.tabId);
|
|
|
|
|
url = tab.url;
|
|
|
|
|
} else {
|
|
|
|
|
url = (this.data as any).frameAncestors[0].url;
|
|
|
|
|
}
|
2021-11-07 19:03:00 +01:00
|
|
|
this.originalURL = url;
|
|
|
|
|
this.origin = new URL(url).origin;
|
2021-10-03 09:03:56 +02:00
|
|
|
}
|
|
|
|
|
|
2021-10-04 18:51:51 +02:00
|
|
|
isThirdParty() {
|
2021-10-03 09:03:56 +02:00
|
|
|
const request_url = new URL(this.data.url);
|
2021-11-07 19:03:00 +01:00
|
|
|
const origin_url = new URL(this.originalURL);
|
2021-10-03 09:03:56 +02:00
|
|
|
if (request_url.host.includes(origin_url.host)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if (getshorthost(request_url.host) == getshorthost(origin_url.host)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return (
|
|
|
|
|
request_url.origin != origin_url.origin ||
|
|
|
|
|
(this.data as any).urlClassification.thirdParty.length > 0
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
getReferer() {
|
|
|
|
|
return this.data.requestHeaders.filter((h) => h.name === "Referer")[0]
|
|
|
|
|
.value;
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-04 18:51:51 +02:00
|
|
|
exposesOrigin() {
|
2021-11-07 19:03:00 +01:00
|
|
|
const url = new URL(this.origin);
|
2021-10-04 18:51:51 +02:00
|
|
|
const host = url.host;
|
|
|
|
|
const path = url.pathname;
|
|
|
|
|
return (
|
|
|
|
|
this.getReferer().includes(host) ||
|
2021-11-07 11:18:53 +01:00
|
|
|
this.stolenData.filter(
|
2021-10-04 18:51:51 +02:00
|
|
|
(entry) => entry.value.includes(host) || entry.value.includes(path)
|
|
|
|
|
).length > 0
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-07 11:18:53 +01:00
|
|
|
private getAllStolenData(): StolenDataEntry[] {
|
2021-10-04 18:51:51 +02:00
|
|
|
return [
|
|
|
|
|
...this.getPathParams(),
|
|
|
|
|
...this.getCookieData(),
|
|
|
|
|
...this.getQueryParams(),
|
2021-10-06 17:22:33 +02:00
|
|
|
...this.getHeadersData(),
|
2021-10-04 18:51:51 +02:00
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
getCookieData(): StolenDataEntry[] {
|
|
|
|
|
if (!this.hasCookie() || this.getCookie() === undefined) {
|
|
|
|
|
return [];
|
|
|
|
|
}
|
|
|
|
|
return Object.entries(parseCookie(this.getCookie()))
|
|
|
|
|
.map(([key, value]) => [key, value || ""])
|
|
|
|
|
.map(([key, value]) => new StolenDataEntry(this, "cookie", key, value));
|
2021-10-03 09:03:56 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
hasReferer() {
|
|
|
|
|
return this.data.requestHeaders.some((h) => h.name === "Referer");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
hasCookie() {
|
|
|
|
|
return this.data.requestHeaders.some((h) => h.name === "Cookie");
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-04 18:51:51 +02:00
|
|
|
getCookie(): string {
|
2021-10-03 09:03:56 +02:00
|
|
|
return this.requestHeaders.find((h) => h.name == "Cookie")?.value;
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-03 20:13:36 +02:00
|
|
|
getPathParams(): StolenDataEntry[] {
|
|
|
|
|
const url = new URL(this.data.url);
|
|
|
|
|
const path = url.pathname;
|
|
|
|
|
if (!path.includes(";")) {
|
|
|
|
|
return [];
|
|
|
|
|
}
|
|
|
|
|
return path
|
|
|
|
|
.split(";")
|
|
|
|
|
.map((e) => e.split("="))
|
2021-10-04 18:51:51 +02:00
|
|
|
.map(([key, value]) => [key, value || ""])
|
2021-10-03 20:13:36 +02:00
|
|
|
.map(
|
|
|
|
|
([key, value]) =>
|
2021-10-04 18:51:51 +02:00
|
|
|
new StolenDataEntry(this, "pathname", key, decodeURIComponent(value))
|
2021-10-03 20:13:36 +02:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-04 18:51:51 +02:00
|
|
|
getQueryParams(): StolenDataEntry[] {
|
|
|
|
|
const url = new URL(this.data.url);
|
|
|
|
|
return Array.from((url.searchParams as any).entries())
|
|
|
|
|
.map(([key, value]) => [key, value || ""])
|
|
|
|
|
.map(([key, value]) => {
|
|
|
|
|
try {
|
|
|
|
|
value = decodeURIComponent(value);
|
|
|
|
|
} catch (e) {}
|
|
|
|
|
return new StolenDataEntry(this, "queryparams", key, value);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-06 17:22:33 +02:00
|
|
|
getHeadersData(): StolenDataEntry[] {
|
|
|
|
|
return this.data.requestHeaders
|
|
|
|
|
.filter((header) => {
|
|
|
|
|
for (const regex of whitelisted_cookies) {
|
|
|
|
|
if (regex.test(header.name)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
})
|
|
|
|
|
.map(
|
|
|
|
|
(header) =>
|
|
|
|
|
new StolenDataEntry(this, "header", header.name, header.value)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-03 09:03:56 +02:00
|
|
|
constructor(public data: Request) {
|
|
|
|
|
this.tabId = data.tabId;
|
|
|
|
|
this.url = data.url;
|
|
|
|
|
this.requestHeaders = data.requestHeaders;
|
2021-11-07 15:45:26 +01:00
|
|
|
this.shorthost = getshorthost(data.url);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
hasMark() {
|
|
|
|
|
return this.stolenData.some((data) => data.hasMark());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
getMarkedEntries() {
|
|
|
|
|
return this.stolenData.filter((data) => data.hasMark());
|
2021-10-03 09:03:56 +02:00
|
|
|
}
|
2021-11-07 17:18:17 +01:00
|
|
|
|
|
|
|
|
getHost() {
|
|
|
|
|
return new URL(this.url).host;
|
|
|
|
|
}
|
2021-11-08 20:14:28 +01:00
|
|
|
|
|
|
|
|
matchesHAREntry(har: HAREntry): boolean {
|
|
|
|
|
const rq = this.data;
|
|
|
|
|
const hrq = har.request;
|
|
|
|
|
return rq.url == hrq.url;
|
|
|
|
|
}
|
2021-10-03 09:03:56 +02:00
|
|
|
}
|
