rentgen/problematic.js

56 lines
1.4 KiB
JavaScript
Raw Normal View History

2021-04-23 14:56:41 +02:00
console.log("PROBLEMATIC REQUESTS");
2021-05-16 07:54:41 +02:00
// const isThirdParty = (arg) => arg.urlClassification.thirdParty.length > 0;
async function isThirdParty(request) {
const request_url = new URL(request.url);
const origin_url = new URL(await getOrigin(request));
return (
request_url.origin != origin_url.origin ||
request.urlClassification.thirdParty.length > 0
);
}
2021-04-23 14:56:41 +02:00
const hasCookie = (arg) => arg.requestHeaders.some((h) => h.name === "Cookie");
const hasReferer = (arg) =>
arg.requestHeaders.some((h) => h.name === "Referer");
const getReferer = (arg) =>
arg.requestHeaders.filter((h) => h.name === "Referer")[0].value;
2021-05-16 07:54:41 +02:00
2021-04-23 14:56:41 +02:00
const getOrigin = async (arg) => {
let url;
if (arg.tabId) {
const tab = await browser.tabs.get(arg.tabId);
url = tab.url;
} else {
url = arg.frameAncestors[0].url;
}
2021-05-16 07:54:41 +02:00
return url;
2021-04-23 14:56:41 +02:00
};
const exposesOrigin = async (arg) => {
2021-05-16 07:54:41 +02:00
return getReferer(arg).includes(new URL(await getOrigin(arg)).host);
2021-04-23 14:56:41 +02:00
};
browser.webRequest.onBeforeSendHeaders.addListener(
async (request) => {
if (
2021-05-16 07:54:41 +02:00
(await isThirdParty(request)) &&
2021-04-23 14:56:41 +02:00
hasReferer(request) &&
(await exposesOrigin(request))
) {
const has_cookie = hasCookie(request);
fn = has_cookie ? console.warn : console.log;
2021-05-16 07:54:41 +02:00
fn(
"Leaked referrer! Has cookie:",
hasCookie(request),
request.url,
"referer was",
getReferer(request)
);
2021-04-23 14:56:41 +02:00
}
},
{ urls: ["<all_urls>"] },
["requestHeaders"]
);