Commit 08df554e authored by Edvard Rejthar's avatar Edvard Rejthar

premistil jsem git repository o uroven vys, aby mohlo korektne zabirat i...

premistil jsem git repository o uroven vys, aby mohlo korektne zabirat i extension ve slozce ~/.mozilla/...
Package folder s extension totiz lze do projektu pridat, ale nepovedlo se mi jej elegantne dat soucasne i do stavajiciho .gitu. Obezlicky se softlinky nebo s tvorenim vedlejsi branch pro extension mi prisly nesystemove. Tak jsem proste folder .git soupnul o adresar vys a snad se to nejak popere.

No a pak se mi podelalo Netbeans a odmitlo udelat jakoukoli dalsi upravu na remote server. Vzdal jsem se az po nekolika hodinach a vracim se do prikazove radky. :(
parent 8047a14e
/*
* Prepisuje hackery vyuzivane funkce jako unescape nebo eval a bonzuje to vys.
* */
//window.opener
//document.location
//unescape
//*******
// Prepsat nebezpecne funkce
//*******
//squawk - bonznout
mdmaugSquawk = function(cmd, message) {
document.getElementsByTagName("html")[0].dispatchEvent(new CustomEvent("mdmaug_spy", {'detail': JSON.stringify({'cmd': cmd, 'message': message})}));
};
//mdmaugWrapper - man in the middle nebezpečných funkcí
mdmaugWrapper = function (fn) {
var swap = fn;
return function () {
mdmaugSquawk(swap.name, arguments);
return swap.apply(null, arguments);
};
};
unescape = mdmaugWrapper(unescape);
//Eval
//X kupodivu se mi nepodarilo funkci napsat jako jeden wrapper:
//X mdmaugDeepWrapper = function (fn) {var swap = fn;return function () {detail = JSON.stringify({'cmd': swap.name, 'message': arguments});document.getElementsByTagName("html")[0].dispatchEvent(new CustomEvent("mdmaug_spy", {'detail': detail}));if (arguments[0].indexOf("arguments.callee") != -1) {arguments[0] = arguments[0].replace("arguments.callee", arguments.callee.caller.name);}return swap.apply(null, arguments);};};
//X eval2 = mdmaugDeepWrapper(eval);
//X funkci model z firebugu: mdmaugWrapper = function(fn){var swap = fn;return function(){console.log("start",swap.name);arguments[0]= arguments[0].replace("arguments.callee",arguments.callee.caller.name); return swap.apply(null, arguments);};function jooa(a) {console.log("RESULT",eval2(b));}jooa();
evalClone = unsafeWindow.eval;
eval = function (cmd) {
mdmaugSquawk("eval", cmd);
if (arguments.length > 0) {
if (arguments[0].indexOf("arguments.callee") != -1) {
arguments[0] = arguments[0].replace("arguments.callee", arguments.callee.caller.name);//"0"); // arguments.callee.caller
}
}
return evalClone(cmd);
};
document.write = function(str) {
mdmaugSquawk("document.write", str);
document.getElementsByTagName("html")[0].innerHTML= str;//simuluje chovani
};
// Upichnout funkce do stranky
exportFunction(unescape, unsafeWindow, {defineAs: "unescape"});
exportFunction(eval, unsafeWindow, {defineAs: "eval"});
exportFunction(evalClone, unsafeWindow, {defineAs: "evalClone"});
exportFunction(document.write, unsafeWindow, {defineAs: "document.write"});
unsafeWindow.addEventListener("DOMContentLoaded", function() {
unsafeWindow.addEventListener("DOMContentLoaded", function () {
alert('got cnn');
});
unsafeWindow.location.replace('http://cnn.com');
});
// Listener - prebira zpravy od nebezpecnych funkci a propaguje je vzhuru do main.js
var target = document.getElementsByTagName("html")[0];
target.addEventListener('mdmaug_spy', function (e) {
detail = JSON.parse(e.detail);
if (Object.keys(detail.message).length == 1 && detail.message["0"]) {
detail.message = detail.message["0"];
}
if (detail.message) {
self.postMessage({href: document.location.href, cmd: detail.cmd, message: detail.message});
}
}, false, true);
/*
* Prepisuje hackery vyuzivane funkce jako unescape nebo eval a bonzuje to vys.
* */
//window.opener
//document.location
//unescape
//*******
// Prepsat nebezpecne funkce
//*******
//mdmaugWrapper
mdmaugWrapper = function(fn){
var swap = fn;
return function(){
alert(swap.name);
alert(arguments);
document.getElementsByTagName("html")[0].dispatchEvent(new CustomEvent("mdmaug_spy", {'message': swap.name}));
return swap.apply(null, arguments);
};
};
unescape = mdmaugWrapper(unescape);
mdmaugArgumentsWrapper = function(fn){
var swap = fn;
return function(){
document.getElementsByTagName("html")[0].dispatchEvent(new CustomEvent("mdmaug_spy", {'cmd': swap.name, 'message': arguments}));
arguments[0]= arguments[0].replace("arguments.callee",arguments.callee.caller.name);
return swap.apply(null, arguments);
};
};
eval = mdmaugArgumentsWrapper(eval);
/*//unescape
unescapeClone = unsafeWindow.unescape;
unescape = function(str) { //XXX take decodeURI(Component)!!!!
return unescapeClone(str);
};*/
/*
evalClone = unsafeWindow.eval;
eval = function(cmd) {
//alert("eval " + cmd);
//document.getElementsByTagName("html")[0].setAttribute("mdmaug","eval: " + cmd); // + Math.floor(Math.random(10)*10000)
document.getElementsByTagName("html")[0].dispatchEvent(new CustomEvent("mdmaug_spy", {'detail': 'eval:' + cmd}));
if (arguments.length > 0) {
if(arguments[0].indexOf("arguments.callee") != -1) {
//vyskytuje se arguments.callee, ktereho neumime prohnat evalem
// Co vsechno muze utocnik s nim delat -> muze ho priradit: eval('a=arguments.callee; b')
// Muze ho returnovat: eval('arguments.callee')
// Kombinace.
// Zatim to delame tak, ze ho nahradime nulou (kdyby byl prirazovat) a vratime ho (je v arguments.callee.caller), ale zbytek cmd evaluujeme
// Tato metoda půjde rozšířit podle toho, jak se zjistí, že se viry chovají. Mohu si postupně psát takový vlastní eval.
arguments[0] = arguments[0].replace("arguments.callee",arguments.callee.caller.name);//"0"); // arguments.callee.caller
//evalClone(arguments[0]);
//return arguments.callee.caller;
}
}
//cmd = cmd.replace("arguments.callee",""); // arguments.callee.caller
return evalClone(cmd);
};
*/
exportFunction(unescape, unsafeWindow, {defineAs: "unescape"});
/*exportFunction(unescapeClone, unsafeWindow, {defineAs: "unescapeClone"});
exportFunction(eval, unsafeWindow, {defineAs: "eval"});
exportFunction(evalClone, unsafeWindow, {defineAs: "evalClone"});
*/
var target = document.getElementsByTagName("html")[0];
target.addEventListener('mdmaug_spy', function (e) {
//alert(e.detail);
console.error("prijem", e);
alert(e.pokus);
alert(e.message[0]);
//console.error("JOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO " + e.detail);
self.postMessage({href: document.location.href, cmd: e.cmd, detail: e.message});
}, false, true);
/*window.MutationObserver = window.MutationObserver || window.WebKitMutationObserver || window.MozMutationObserver;
observer = new MutationObserver(function(mutation) {
alert("mutation ");
alert(target.getAttribute("mdmaug"));
alert("END");
}),
// configuration of the observer:
config = {
attributes: true // this is to watch for attribute changes.
};
// pass in the element you wanna watch as well as the options
observer.observe(target, config);
// later, you can stop observing
// observer.disconnect();
*/
\ No newline at end of file
/*
* Prepisuje hackery vyuzivane funkce jako unescape nebo eval a bonzuje to vys.
* */
//window.opener
//document.location
//unescape
//*******
// Prepsat nebezpecne funkce
//*******
//mdmaugWrapper
mdmaugWrapper = function (fn) {
var swap = fn;
return function () {
alert(swap.name);
alert(arguments[0]);
detail = JSON.stringify({'cmd': swap.name, 'message': arguments});
//{'cmd': swap.name, 'message': arguments, 'pokus': "joo"} {'cmd': , 'message':}
document.getElementsByTagName("html")[0].dispatchEvent(new CustomEvent("mdmaug_spy", {'detail': detail}));
alert("arguments");
return swap.apply(null, arguments);
};
};
mdmaugDeepWrapper = function (fn) {
var swap = fn;
return function () {
detail = JSON.stringify({'cmd': swap.name, 'message': arguments});
document.getElementsByTagName("html")[0].dispatchEvent(new CustomEvent("mdmaug_spy", {'detail': detail}));
args = arguments;
alert("Args:");
if (args[0].indexOf("arguments.callee") != -1) {
args[0] = args[0].replace("arguments.callee", arguments.callee.caller.name);
}
alert(args[0]());
alert(swap.apply(null, args));
alert(args[0]);
return swap.apply(null, args);
};
};
eval = mdmaugDeepWrapper(eval);
unescape = mdmaugWrapper(unescape);
/*//unescape
unescapeClone = unsafeWindow.unescape;
unescape = function(str) { //XXX take decodeURI(Component)!!!!
return unescapeClone(str);
};*/
/*
evalClone = unsafeWindow.eval;
eval = function(cmd) {
//alert("eval " + cmd);
//document.getElementsByTagName("html")[0].setAttribute("mdmaug","eval: " + cmd); // + Math.floor(Math.random(10)*10000)
document.getElementsByTagName("html")[0].dispatchEvent(new CustomEvent("mdmaug_spy", {'detail': 'eval:' + cmd}));
if (arguments.length > 0) {
if(arguments[0].indexOf("arguments.callee") != -1) {
//vyskytuje se arguments.callee, ktereho neumime prohnat evalem
// Co vsechno muze utocnik s nim delat -> muze ho priradit: eval('a=arguments.callee; b')
// Muze ho returnovat: eval('arguments.callee')
// Kombinace.
// Zatim to delame tak, ze ho nahradime nulou (kdyby byl prirazovat) a vratime ho (je v arguments.callee.caller), ale zbytek cmd evaluujeme
// Tato metoda půjde rozšířit podle toho, jak se zjistí, že se viry chovají. Mohu si postupně psát takový vlastní eval.
arguments[0] = arguments[0].replace("arguments.callee",arguments.callee.caller.name);//"0"); // arguments.callee.caller
//evalClone(arguments[0]);
//return arguments.callee.caller;
}
}
//cmd = cmd.replace("arguments.callee",""); // arguments.callee.caller
return evalClone(cmd);
};
*/
exportFunction(unescape, unsafeWindow, {defineAs: "unescape"});
//exportFunction(unescapeClone, unsafeWindow, {defineAs: "unescapeClone"});
exportFunction(eval, unsafeWindow, {defineAs: "eval"});
// exportFunction(evalClone, unsafeWindow, {defineAs: "evalClone"});
var target = document.getElementsByTagName("html")[0];
target.addEventListener('mdmaug_spy', function (e) {
detail = JSON.parse(e.detail);
if (Object.keys(detail.message).length == 1 && detail.message["0"]) {
detail.message = detail.message["0"];
}
if (detail.message) {
self.postMessage({href: document.location.href, cmd: detail.cmd, message: detail.message});
}
}, false, true);
/*
* Prepisuje hackery vyuzivane funkce jako unescape nebo eval a bonzuje to vys.
* */
//window.opener
//document.location
//unescape
unescapeClone = unsafeWindow.unescape;
unescape = function(str) { //XXX take decodeURI(Component)!!!!
document.getElementsByTagName("html")[0].dispatchEvent(new CustomEvent("mdmaug_spy", {'detail': 'unescape:' + str}));
return unescapeClone(str);
};
exportFunction(unescape, unsafeWindow, {defineAs: "unescape"});
exportFunction(unescapeClone, unsafeWindow, {defineAs: "unescapeClone"});
exportFunction(eval, unsafeWindow, {defineAs: "eval"});
exportFunction(evalClone, unsafeWindow, {defineAs: "evalClone"});
var target = document.getElementsByTagName("html")[0];
target.addEventListener('mdmaug_spy', function (e) {
//alert(e.detail);
//console.error("JOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO " + e.detail);
self.postMessage({href: document.location.href,detail: e.detail});
}, false);
/*window.MutationObserver = window.MutationObserver || window.WebKitMutationObserver || window.MozMutationObserver;
observer = new MutationObserver(function(mutation) {
alert("mutation ");
alert(target.getAttribute("mdmaug"));
alert("END");
}),
// configuration of the observer:
config = {
attributes: true // this is to watch for attribute changes.
};
// pass in the element you wanna watch as well as the options
observer.observe(target, config);
// later, you can stop observing
// observer.disconnect();
*/
\ No newline at end of file
// *****
// init
// *****
var base64 = require("sdk/base64");
var pageMod = require("sdk/page-mod");
var buttons = require('sdk/ui/button/action');
var tabs = require("sdk/tabs");
const {Cr, Cc, Cu, Ci, CC} = require("chrome");
const {TextDecoder, TextEncoder, OS} = Cu.import("resource://gre/modules/osfile.jsm", {});
const {Task} = Cu.import("resource://gre/modules/Task.jsm", {});
let {setTimeout} = require('sdk/timers');
let encoder = new TextEncoder(); // This encoder can be reused for several writes
// **********
//profile dir
// **********
outputDir = "/tmp/mdm/";
profile = OS.Constants.Path.profileDir;
profileName = profile.substr(profile.lastIndexOf("/") + 1);
console.log("profile name: " + profileName);
outputDir += profileName + "-log/"
OS.File.makeDir(outputDir)
// **********
// informacni button v liste nahore
// **********
var button = buttons.ActionButton({
id: "mozilla-link",
label: "Mdmaug CZ.NIC module",
icon: {
"16": "./icon-16.png",
"32": "./icon-32.png",
"64": "./icon-64.png"
},
onClick: function (state) {
alert("Mdmaug activated"); //tabs.open("https://www.mozilla.org/");
}
});
// **********
// traffic listener
// **********
trafficBlacklist = ["http://www.google.com/adsense/","https://fbstatic-a.akamaihd.net/rsrc.php", "http://clients1.google.com/ocsp", "https://safebrowsing-cache.google.com/safebrowsing/", "https://safebrowsing.google.com/safebrowsing/", "https://tiles.services.mozilla.com/"];
mimeWhitelist = ["text/html", "text/xhtml", "application/xhtml", "text/javascript", "application/javascript", "application/x-javascript"]; //mozna muze byt rozsireno
lastRequest = ""; //jeden soubor prijde v nekolika streamech za sebou
function startsWithArray(value, values) {
for (var i = 0; i < values.length; i++) {//blacklist veleznamych domen
if (value.startsWith(values[i])){
return true;
}
}
return false;
}
// SNIFFER
function TracingListener() {
//this.receivedData = [];
}
TracingListener.prototype = {
originalListener: null,
receivedData: null, // array for incoming data.
onDataAvailable: function(request, context, inputStream, offset, count){
var bis = CC("@mozilla.org/binaryinputstream;1", "nsIBinaryInputStream");
var ss = CC("@mozilla.org/storagestream;1", "nsIStorageStream");
var binaryInputStream = new bis();
var storageStream = new ss();
binaryInputStream.setInputStream(inputStream);
storageStream.init(8192, count, null);
var bo = CC("@mozilla.org/binaryoutputstream;1","nsIBinaryOutputStream");
var binaryOutputStream = new bo();
binaryOutputStream.setOutputStream(storageStream.getOutputStream(0));
// Copy received data as they come.
var data = binaryInputStream.readBytes(count);
//loggovani stranek, o ktere stojime
if (startsWithArray(request.getResponseHeader("Content-Type"), mimeWhitelist) && !startsWithArray(request.originalURI.spec, trafficBlacklist)) {//safebrowsing nas nezajima a je ho na kazde strance plno
//if (1){ //XXX XXX XXX
//ulozit nactenou stranku
console.error("current last", request.originalURI.spec, lastRequest);//XX debug
if (request.originalURI.spec != lastRequest) {//novy request, vytisknout do souboru hlavicku
lastRequest = request.originalURI.spec;
console.error("request", request.originalURI.spec);
header = request.originalURI.spec + " " + request.getResponseHeader("Content-Type") + "\n";
console.error("("+profileName+") " + header);//xx debug
} else {
header = ""; //preskakujeme hlavicku
}
filename = request.originalURI.spec.replace(/[^a-z0-9]/gi, '').substring(0, 50).toLowerCase() + ".tmp";
//append_log_text(outputDir + profileName + ".txt", header + data);
//console.error("the file",outputDir + filename);
append_log_text(outputDir + filename, header + data);
}
//console.log("data",data);
//
//console.log(data);
binaryOutputStream.writeBytes(data, count);
this.originalListener.onDataAvailable(request, context, storageStream.newInputStream(0), offset, count);
},
onStartRequest: function(request, context) {
this.receivedData = [];
this.originalListener.onStartRequest(request, context);
},
onStopRequest: function(request, context, statusCode)
{
/* try XX Zde selhavala metoda parseQuery. Mozna kvulito tomu ted nezachytim postRequesty. Kod jsem vzal mozna odsud: http://stackoverflow.com/questions/2167203/ns-error-failure
{
request.QueryInterface(Ci.nsIHttpChannel);
if (request.originalURI)
{
// console.log("HUUUUUUUUUU",Date.parse(request.getResponseHeader("Date")));
var data = null;
if (request.requestMethod.toLowerCase() == "post")
{
var postText = this.readPostTextFromRequest(request, context);
if (postText)
data = ((String)(postText)).parseQuery();
}
var date = Date.parse(request.getResponseHeader("Date"));
var responseSource = this.receivedData.join('');
//fix leading spaces bug
responseSource = responseSource.replace(/^\s+(\S[\s\S]+)/, "$1");
// console.log(request.originalURI.spec);
}
}
catch (e)
{
console.error("error", e);
} */
this.originalListener.onStopRequest(request, context, statusCode);
},
QueryInterface: function (aIID) {
if (aIID.equals(Ci.nsIStreamListener) ||
aIID.equals(Ci.nsISupports)) {
return this;
}
throw Cr.NS_NOINTERFACE;
},
readPostTextFromRequest : function(request, context) {
try
{
var is = request.QueryInterface(Ci.nsIUploadChannel).uploadStream;
if (is)
{
var ss = is.QueryInterface(Ci.nsISeekableStream);
var prevOffset;
if (ss)
{
prevOffset = ss.tell();
ss.seek(Ci.nsISeekableStream.NS_SEEK_SET, 0);
}
// Read data from the stream..
var charset = "UTF-8";
var text = this.readFromStream(is, charset, true);
// Seek locks the file so, seek to the beginning only if necko hasn't read it yet,
// since necko doesn't seek to 0 before reading (at lest not till 459384 is fixed).
if (ss && prevOffset == 0)
ss.seek(Ci.nsISeekableStream.NS_SEEK_SET, 0);
return text;
}
else {
dump("Failed to Query Interface for upload stream.\n"); //dump console.error
}
}
catch (exc)
{
dumpError(exc);// console.error dumpError(exc);
}
return null;
},
readFromStream : function(stream, charset, noClose) {
var sis = CCSV("@mozilla.org/binaryinputstream;1", "nsIBinaryInputStream");
sis.setInputStream(stream);
var segments = [];
for (var count = stream.available(); count; count = stream.available())
segments.push(sis.readBytes(count));
if (!noClose)
sis.close();
var text = segments.join("");
return text;
}
}
hRO = { observe: function(request, aTopic, aData){
try {
if (aTopic == "http-on-examine-response") {
request.QueryInterface(Ci.nsIHttpChannel);
if (request.originalURI) {
var newListener = new TracingListener();
request.QueryInterface(Ci.nsITraceableChannel);
newListener.originalListener = request.setNewListener(newListener);
}
}
} catch (e) {
console.log("\nhRO error: \n\tMessage: " + e.message + "\n\tFile: " + e.fileName + " line: " + e.lineNumber + "\n");
}
},
QueryInterface: function(aIID){
if (aIID.equals(Ci.nsIObserver) ||
aIID.equals(Ci.nsISupports)) {
return this;
}
throw Cr.NS_NOINTERFACE;
},
};
var observerService = Cc["@mozilla.org/observer-service;1"]
.getService(Ci.nsIObserverService);
observerService.addObserver(hRO,
"http-on-examine-response", false);
// */
//
// LOG TO FILE
//
function append_log_text(filename, text) {
var encoder = new TextEncoder();
var data = encoder.encode(text);
filename = OS.Path.join(OS.Constants.Path.tmpDir, filename);
Task.spawn(function() {
let file = yield OS.File.open(filename, {write: true});
yield file.write(data);
yield file.close();
//console.log("written to", filename);
}).then(null, function(e) console.error(e));
}
//presmerovani na prvni strance
pageMod.PageMod({
include: "http://localhost/*",
//kdyz zacina na "localhost/redirect/", je to jen presmerovani
//contentScript: "alert(55);if(location.href.indexOf('http://localhost/redirect/') == 0) {location.href = location.href.substr(26);}",
});
/*
// script sniffer: kazda stranka uda presny kod