rentgen/extended-request.ts

307 lines
7.6 KiB
TypeScript
Raw Normal View History

import { StolenDataEntry } from "./stolen-data-entry";
2021-11-22 17:54:15 +01:00
import {
flattenObjectEntries,
getshorthost,
parseCookie,
Request,
} from "./util";
2021-10-03 09:03:56 +02:00
type NameValue = { name: string; value: string };
2021-11-08 20:14:28 +01:00
export type HAREntry = {
pageref: string;
startedDateTime: string;
request: {
bodySize: number;
cookies: NameValue[];
headers: NameValue[];
2021-11-08 20:14:28 +01:00
headersSize: number;
httpVersion: string;
method: string;
postData?: {
2021-11-08 20:14:28 +01:00
mimeType: string;
params: NameValue[];
2021-11-08 20:14:28 +01:00
text: string;
};
queryString: NameValue[];
2021-11-08 20:14:28 +01:00
url: string;
};
response: {
status: number;
statusText: string;
httpVersion: string;
headers: NameValue[];
cookies: NameValue[];
content: {
mimeType: string;
size: number;
encoding: "base64";
text: string;
};
redirectURL: "";
headersSize: number;
bodySize: number;
}; // not relevant
2021-11-08 20:14:28 +01:00
cache: {};
timings: {};
time: number;
_securityState: string;
serverIPAddress: string;
connection: string;
};
const whitelisted_cookies = [
/^Accept.*$/,
/^Host$/,
/^Connection$/,
/^Sec-Fetch-.*$/,
/^Content-Type$/,
/^Cookie$/, // we're extracting it in getCookie separately anyway
/^User-Agent$/,
];
2021-10-03 09:03:56 +02:00
export default class ExtendedRequest {
public tabId: number;
public url: string;
2021-11-07 15:45:26 +01:00
public shorthost: string;
2021-10-03 09:03:56 +02:00
public requestHeaders: Request["requestHeaders"];
public originalURL: string;
2021-11-07 19:03:00 +01:00
public origin: string;
2021-10-04 18:51:51 +02:00
public initialized = false;
public stolenData: StolenDataEntry[];
2021-11-24 14:15:55 +01:00
public originalPathname: string;
2021-10-03 09:03:56 +02:00
constructor(public data: Request) {
this.tabId = data.tabId;
this.url = data.url;
this.requestHeaders = data.requestHeaders;
this.shorthost = getshorthost(data.url);
}
2021-10-04 18:51:51 +02:00
async init() {
await this.cacheOrigin();
this.initialized = true;
this.stolenData = this.getAllStolenData();
2021-10-04 18:51:51 +02:00
}
async cacheOrigin(): Promise<void> {
2021-10-03 09:03:56 +02:00
let url: string;
if (this.data.tabId && this.data.tabId >= 0) {
const tab = await browser.tabs.get(this.data.tabId);
url = tab.url;
} else if ((this.data as any)?.frameAncestors) {
url = (this.data as any).frameAncestors[0].url || "";
2021-10-03 09:03:56 +02:00
} else {
const headers = Object.fromEntries(
this.data.requestHeaders.map(({ name, value }) => [name, value])
);
if (headers.Referer) {
url = headers.Referer;
} else {
url = this.data.url;
}
2021-10-03 09:03:56 +02:00
}
2021-11-07 19:03:00 +01:00
this.originalURL = url;
this.origin = new URL(url).origin;
2021-11-24 14:15:55 +01:00
this.originalPathname = new URL(url).pathname;
2021-10-03 09:03:56 +02:00
}
2021-10-04 18:51:51 +02:00
isThirdParty() {
2021-10-03 09:03:56 +02:00
const request_url = new URL(this.data.url);
2021-11-07 19:03:00 +01:00
const origin_url = new URL(this.originalURL);
2021-10-03 09:03:56 +02:00
if (request_url.host.includes(origin_url.host)) {
return false;
}
if (getshorthost(request_url.host) == getshorthost(origin_url.host)) {
return false;
}
return (
request_url.origin != origin_url.origin ||
(this.data as any).urlClassification.thirdParty.length > 0
);
}
getReferer() {
return (
2021-11-09 21:57:19 +01:00
this.data.requestHeaders.filter((h) => h.name === "Referer")[0]?.value ||
"missing-referrer"
);
2021-10-03 09:03:56 +02:00
}
2021-10-04 18:51:51 +02:00
exposesOrigin() {
const url = new URL(this.originalURL);
2021-10-04 18:51:51 +02:00
const host = url.host;
const path = url.pathname;
2021-11-09 21:57:19 +01:00
const shorthost = getshorthost(host);
if (this.getReferer().includes(shorthost)) {
return true;
}
for (const entry of this.stolenData) {
if (
entry.value.includes(host) ||
entry.value.includes(path) ||
entry.value.includes(shorthost)
) {
return true;
}
}
return false;
2021-10-04 18:51:51 +02:00
}
private getAllStolenData(): StolenDataEntry[] {
2021-10-04 18:51:51 +02:00
return [
...this.getPathParams(),
...this.getCookieData(),
...this.getQueryParams(),
...this.getHeadersData(),
2021-10-04 18:51:51 +02:00
];
}
getCookieData(): StolenDataEntry[] {
if (!this.hasCookie() || this.getCookie() === undefined) {
return [];
}
2021-11-22 17:54:15 +01:00
return flattenObjectEntries(
Object.entries(parseCookie(this.getCookie()))
.map(([key, value]) => [key, value || ""])
.map(([key, value]) => {
return [key, StolenDataEntry.parseValue(value)];
})
).map(([key, value]) => new StolenDataEntry(this, "cookie", key, value));
2021-10-03 09:03:56 +02:00
}
hasReferer() {
return this.data.requestHeaders.some((h) => h.name === "Referer");
}
hasCookie() {
return this.data.requestHeaders.some((h) => h.name === "Cookie");
}
2021-10-04 18:51:51 +02:00
getCookie(): string {
2021-10-03 09:03:56 +02:00
return this.requestHeaders.find((h) => h.name == "Cookie")?.value;
}
2021-10-03 20:13:36 +02:00
getPathParams(): StolenDataEntry[] {
const url = new URL(this.data.url);
const path = url.pathname;
if (!path.includes(";")) {
return [];
}
2021-11-22 17:54:15 +01:00
return flattenObjectEntries(
path
.split(";")
.map((e) => e.split("="))
.map(([key, value]) => [key, value || ""])
.map(([key, value]) => {
return [key, StolenDataEntry.parseValue(decodeURIComponent(value))];
})
).map(([key, value]) => new StolenDataEntry(this, "pathname", key, value));
2021-10-03 20:13:36 +02:00
}
2021-10-04 18:51:51 +02:00
getQueryParams(): StolenDataEntry[] {
const url = new URL(this.data.url);
2021-11-22 17:54:15 +01:00
return flattenObjectEntries(
Array.from((url.searchParams as any).entries())
.map(([key, value]) => [key, value || ""])
.map(([key, value]) => {
return [key, StolenDataEntry.parseValue(decodeURIComponent(value))];
})
).map(([key, value]) => {
return new StolenDataEntry(this, "queryparams", key, value);
});
2021-10-04 18:51:51 +02:00
}
getHeadersData(): StolenDataEntry[] {
2021-11-22 17:54:15 +01:00
return flattenObjectEntries(
this.data.requestHeaders
.filter((header) => {
for (const regex of whitelisted_cookies) {
if (regex.test(header.name)) {
return false;
}
}
2021-11-22 17:54:15 +01:00
return true;
})
.map((header) => {
return [
header.name,
StolenDataEntry.parseValue(decodeURIComponent(header.value)),
];
})
).map(([key, value]) => new StolenDataEntry(this, "header", key, value));
}
2021-11-07 15:45:26 +01:00
hasMark() {
2021-11-22 17:54:15 +01:00
return this.stolenData.some((data) => data.isMarked);
2021-11-07 15:45:26 +01:00
}
getMarkedEntries() {
2021-11-22 17:54:15 +01:00
return this.stolenData.filter((data) => data.isMarked);
2021-10-03 09:03:56 +02:00
}
getHost() {
return new URL(this.url).host;
}
2021-11-08 20:14:28 +01:00
matchesHAREntry(har: HAREntry): boolean {
const rq = this.data;
const hrq = har.request;
return rq.url == hrq.url;
}
toHAR(): HAREntry {
return {
pageref: "page_1",
startedDateTime: `${new Date().toJSON().replace("Z", "+01:00")}`,
request: {
bodySize: 0,
method: this.data.method,
url: this.data.url,
headersSize: 100,
httpVersion: "HTTP/2",
headers: this.data.requestHeaders as NameValue[],
cookies: this.getCookieData().map((cookie) => ({
name: cookie.name,
value: cookie.value,
})),
queryString: this.getQueryParams().map((param) => ({
name: param.name,
value: param.value,
})),
},
response: {
status: 200,
statusText: "OK",
httpVersion: "HTTP/2",
headers: [],
cookies: [],
content: {
mimeType: "text/plain",
size: 15,
encoding: "base64",
text: "ZG9lc24ndCBtYXR0ZXIK",
},
redirectURL: "",
headersSize: 15,
bodySize: 15,
},
cache: {},
timings: {
blocked: -1,
dns: 0,
connect: 0,
ssl: 0,
send: 0,
wait: 79,
receive: 0,
},
time: 79,
_securityState: "secure",
serverIPAddress: "31.13.92.36",
connection: "443",
};
}
2021-10-03 09:03:56 +02:00
}