From b0638b1d2a3f34c463a5e7e21d260195c4e2e3e6 Mon Sep 17 00:00:00 2001
From: Kuba Orlik <kontakt@kuba-orlik.name>
Date: Fri, 23 Apr 2021 14:56:41 +0200
Subject: [PATCH] Initial commit

---
 .gitignore     |   1 +
 border-48.png  | Bin 0 -> 225 bytes
 manifest.json  |  31 +++++++++++++++++++++++++++++++
 problematic.js |  41 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 73 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 border-48.png
 create mode 100644 manifest.json
 create mode 100644 problematic.js

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..6ab38c8
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.log
diff --git a/border-48.png b/border-48.png
new file mode 100644
index 0000000000000000000000000000000000000000..90687de26d71e91b7c82565772a7df470ae277a6
GIT binary patch
literal 225
zcmeAS@N?(olHy`uVBq!ia0vp^1|ZDA1|-9oezpTCmSQK*5Dp-y;YjHK@;M7UB8wRq
zxP?KOkzv*x37}xJr;B4qM&sM7j(iOY0?rpNR{Ym~eNUieh4I>d+mEvHuIy!K@bZ41
z<G=gpjAyae-$dK=GF;u(nO|M2nf#xLWrf-0#+>J}N$e^&*#q7kxbW`Aeg?)>n&l0$
z8xrIlb~3+dVExT-N;ZLA=LS%o!8+lf-GRA$F@Klex9jiV-^0Mj@Zdh*s&<Z;Pny1y
QfX-p?boFyt=akR{0F1y+Z~y=R

literal 0
HcmV?d00001

diff --git a/manifest.json b/manifest.json
new file mode 100644
index 0000000..42d0386
--- /dev/null
+++ b/manifest.json
@@ -0,0 +1,31 @@
+{
+  "manifest_version": 2,
+  "name": "Problematyczne requesty",
+  "version": "1.0",
+
+  "description": "Adds a red border to all webpages matching mozilla.org.",
+
+  "icons": {
+    "48": "icons/border-48.png"
+  },
+
+  "background": {
+    "scripts": ["problematic.js"]
+  },
+
+  "browser_action": {
+    "default_icon": "border-48.png",
+    "default_title": "Pokaż problematyczne requesty",
+    "default_popup": "popup/choose_beast.html"
+  },
+  "icons": {
+    "48": "icons/border-48.png"
+  },
+  "permissions": [
+    "proxy",
+    "storage",
+    "<all_urls>",
+    "webRequest",
+    "webRequestBlocking"
+  ]
+}
diff --git a/problematic.js b/problematic.js
new file mode 100644
index 0000000..da7b8ff
--- /dev/null
+++ b/problematic.js
@@ -0,0 +1,41 @@
+console.log("PROBLEMATIC REQUESTS");
+
+const isThirdParty = (arg) => arg.urlClassification.thirdParty.length > 0;
+const hasCookie = (arg) => arg.requestHeaders.some((h) => h.name === "Cookie");
+const hasReferer = (arg) =>
+  arg.requestHeaders.some((h) => h.name === "Referer");
+
+const getReferer = (arg) =>
+  arg.requestHeaders.filter((h) => h.name === "Referer")[0].value;
+const getOrigin = async (arg) => {
+  let url;
+  if (arg.tabId) {
+    const tab = await browser.tabs.get(arg.tabId);
+    url = tab.url;
+  } else {
+    url = arg.frameAncestors[0].url;
+  }
+
+  return new URL(url).host;
+};
+
+const exposesOrigin = async (arg) => {
+  return getReferer(arg).includes(await getOrigin(arg));
+};
+
+browser.webRequest.onBeforeSendHeaders.addListener(
+  async (request) => {
+    // console.log(request.url, request.tabId);
+    if (
+      isThirdParty(request) &&
+      hasReferer(request) &&
+      (await exposesOrigin(request))
+    ) {
+      const has_cookie = hasCookie(request);
+      fn = has_cookie ? console.warn : console.log;
+      fn("Leaked referrer! Has cookie:", hasCookie(request), request.url);
+    }
+  },
+  { urls: ["<all_urls>"] },
+  ["requestHeaders"]
+);