javascript - Browser still leaking real user agent -


i writing privacy extension requires me spoof user agent property of browser aka navigator.useragent (yes know user-agent http header , have dealt that).

my issue page might not have main frame variable of iframes well. in manifest file using all_frames: true inject content script frames , match_about_blank: true inject frames url of "about:blank".

i using browserleaks test extension seems spoof user agent correctly using window option when using iframe.contentwindow method shows real user agent.

i believe might because iframe sandboxed , not allowed inject sandboxed iframes. huge problem since sites evade extensions , deny them access sandboxed iframe.

this error on chromium:

blocked script execution in 'about:blank' because document's frame sandboxed , 'allow-scripts' permission not set.

from chrome developer

match_about_blank:

optional. whether insert content script on about:blank , about:srcdoc. content scripts injected on pages when inherit url matched 1 of declared patterns in matches field. inherit url url of document created frame or window. content scripts cannot inserted in sandboxed frames. defaults false.

or perhaps script running in iframes including sandboxed ones script not running enough i.e. not run_at: document_start.

from mdn

match_about_blank:

match_about_blank supported in firefox version 52. note in firefox, content scripts won't injected empty iframes @ "document_start" if specify value in run_at.

my title says chrome extension going firefox too. posted documentation both mdn , chrome since wording different. on chrome when test on github.com errors regarding sandboxing on iframe on firefox no errors of such, still doesn't spoof property inside iframe want to. ideas?

manifest.json

{     "name": "shape shifter",     "version": "0.0.1",     "description": "anti browser fingerprinting web extension. generates randomised values http request headers , javascript api's.",     "manifest_version": 2,     "icons": {         "16": "icons/crossed_eye_16x16.png",         "32": "icons/crossed_eye_32x32.png",         "48": "icons/crossed_eye_48x48.png",         "128": "icons/crossed_eye_128x128.png"     },     "background": {         "persistent": true,         "scripts": ["js/background.js"]     },     "browser_action": {         "default_title": "shape shifter",         "default_icon": {             "16": "icons/crossed_eye_16x16.png",             "32": "icons/crossed_eye_32x32.png"         },         "default_popup": "html/popup.html"     },     "content_scripts": [         {             "all_frames": true,             "match_about_blank": true,             "run_at": "document_end",             "matches": ["<all_urls>"],             "js": ["js/inject.js"]         }     ],     "permissions": [         "webrequest",         "webrequestblocking",         "<all_urls>"     ],     "web_accessible_resources": [         "js/lib/seedrandom.min.js",         "js/random.js",         "js/api/document.js",         "js/api/navigator.js",         "js/api/canvas.js",         "js/api/history.js",         "js/api/battery.js",         "js/api/audio.js",         "js/api/element.js"     ] }

inject.js (my content script)

console.log("content script running ...");  function inject(filepath, seed) {   // dynamically create script   var script = document.createelement('script');    // give script seed value use spoofing   script.setattribute("data-seed", seed);    // give script url javascript code run   script.src = chrome.extension.geturl(filepath);    // listen script loading event   script.onload = function() {     // remove script page page scripts don't see     this.remove();   };    // add script tag dom   (document.head || document.documentelement).appendchild(script); }  function getseed(origin) {     // storage object     var storage = window.sessionstorage;      // try seed sessionstorage     var seed = storage.getitem(origin);      // have seed in storage origin or not?     if (seed === null) {         // initialise 32 byte buffer         seed = new uint8array(32);          // fill cryptographically random values         window.crypto.getrandomvalues(seed);          // save storage         storage.setitem(origin, seed);     }      return seed; }  var seed = getseed(window.location.hostname);  inject("js/lib/seedrandom.min.js", seed); console.log("[info] injected seed random ...");  inject("js/random.js", seed); console.log("[info] injected random ...");  inject("js/api/document.js", seed); console.log("[info] injected document api ...");  inject("js/api/navigator.js", seed); console.log("[info] injected navigator api ...");  inject("js/api/canvas.js", seed); console.log("[info] injected canvas api ...");  inject("js/api/history.js", seed); console.log("[info] injected history api ...");  inject("js/api/battery.js", seed); console.log("[info] injected battery api ...");  inject("js/api/audio.js", seed); console.log("[info] injected audio api ...");  inject("js/api/element.js", seed); console.log("[info] injected element api ...");


Comments

Post a Comment

Popular posts from this blog

ubuntu - PHP script to find files of certain extensions in a directory, returns populated array when run in browser, but empty array when run from terminal -

i running os ububtu 16.04. ultimate goal able run php script cron job every minute. here php script located @ /var/www/html/tests/test/index.php : <?php $directorypath = $_server['document_root']."/tests/test/data/"; echo "directorypath: $directorypath<br><br>";//check $imagefilepathsarray = glob($directorypath . "*.{png,gif}", glob_brace); echo "<br><br>imagefilepathsarray: "; print_r($imagefilepathsarray);//check ?> when open php script in browser visiting url my-ip-address/tests/test/index.php , get: directorypath: /var/www/html/tests/test/data/ imagefilepathsarray:array( [0] => /var/www/html/tests/test/data/pic.png [1] => /var/www/html/tests/test/data/pic.gif ) before writing cron job in crontab file, need check if can run anywhere using terminal . opened ubuntu terminal @ /home/ location, , executed in terminal: sudo php /var/www/html/tests/test/index.php i got following out...
Read more

php - How can i create a user dashboard -

today have questions you, want create user dashboard site, include (obviously), users data, example -email -username -and others stuff how can information, , print them in html page? if can, how can these information via php sessions? shuld use session? example, if user login, , start new session ( session_start() ), how can data print in dashboard? should use php "project"? in advice, have day , thank time!
Read more

javascript - How to detect toggling of the fullscreen-toolbar in jQuery Mobile? -

i have jquery mobile page fixed full-screen toolbar, data-tap-toggle enabled. straight under toolbar have positioned banner should slide upwards when toolbar hiding , slide downward when toolbar showing. jquery mobile toggles toolbar applying , removing ui-fixed-hidden class - sadly, can't find in documentation of toolbar widget toggle , hide or show event that. how can detect when toolbar toggled, reposition banner? .banner { position: fixed; background-color: darkseagreen; top: 46px; min-height: 48px; width: 100%; text-align: center; line-height: 48px; } <!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> <link rel="stylesheet" href="https://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.css"> <script src="https://code.jquery.com/jquery-1....
Read more