gPass

gPass Commit Details

Date:2017-07-08 08:43:26 (1 year 11 months ago)
Author:Grégory Soutadé
Branch:master
Commit:e341963675f8f79513921007349e83e505da5342
Parents: 7a7d2fd72406bc41dde4caad4e28a2894e6babeb
Message:Block URL request if masterkey is present in parameters

Changes:
Mchrome_addon/background.js (2 diffs)
Mchrome_addon/lib/main.js (2 diffs)
Mchrome_addon/lib/misc.js (7 diffs)
Mchrome_addon/manifest.json (2 diffs)
Mfirefox_webextension/background.js (2 diffs)
Mfirefox_webextension/manifest.json (2 diffs)

File differences

chrome_addon/background.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
156
257
358
......
1469
1570
1671
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
1795
/*
Copyright (C) 2013-2017 Grégory Soutadé
This file is part of gPass.
gPass is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gPass is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gPass. If not, see <http://www.gnu.org/licenses/>.
*/
function url_block_callback(details)
{
// console.log(JSON.stringify(details));
if (details.requestBody)
{
if (details.requestBody.formData)
{
for (var key in details.requestBody.formData)
{
for(var idx in details.requestBody.formData[key])
{
value = details.requestBody.formData[key][idx];
if (value.startsWith("@@") ||
value.startsWith("@_"))
return {cancel: true};
}
}
}
/*
// Analyse POST parameters
if (details.method == "POST" && details.requestBody.raw)
{
alert(details.requestBody.raw);
var postedString = decodeURIComponent(String.fromCharCode.apply(null,
new Uint8Array(details.requestBody.raw[0].bytes)));
if (postedString.indexOf("=@@") != -1 ||
postedString.indexOf("=@_") != -1)
return {cancel: true};
}
*/
}
return {cancel: false};
}
chrome.runtime.onMessage.addListener(
function(request, sender, sendResponse) {
window.setTimeout(function() {chrome.notifications.clear("gPass", function(){})}, 2000);
}
else if (request.type == "block_url")
{
chrome.tabs.getCurrent(function cb(tab) {
if (tab)
{
chrome.webRequest.onBeforeRequest.addListener(
url_block_callback,
{urls:[request.options.url],
"types":["main_frame"],
"tabId":tab.id,
"windowId":tab.windowId
},
["blocking", "requestBody"]);
}
else
{
chrome.webRequest.onBeforeRequest.addListener(
url_block_callback,
{urls:[request.options.url], "types":["main_frame"]},
["blocking", "requestBody"]);
}
});
}
});
chrome_addon/lib/main.js
416416
417417
418418
419
420
419421
420422
421423
......
426428
427429
428430
431
432
433
434
429435
436
437
438
430439
431440
432441
433442
443
444
445
446
434447
435448
436449
function document_loaded(doc)
{
var has_login_form = false;
// If there is a password in the form, add a "submit" listener
for(var i=0; i<doc.forms.length; i++)
{
var field = fields[a];
if (field.getAttribute("type") == "password")
{
block_url(form.action);
old_cb = form.onsubmit;
if (old_cb)
form.removeEventListener("submit", old_cb);
form.addEventListener("submit", on_sumbit);
if (old_cb)
form.addEventListener("submit", old_cb);
has_login_form = true;
break;
}
}
}
/* Request can be sent to another URL... */
if (has_login_form)
block_url("<all_urls>");
}
document_loaded(document);
chrome_addon/lib/misc.js
2929
3030
3131
32
33
34
35
36
37
3238
3339
3440
......
119125
120126
121127
122
123
124
125128
126129
127130
......
148151
149152
150153
151
152
153154
154155
155156
......
173174
174175
175176
177
178
176179
177180
178181
......
191194
192195
193196
197
198
194199
195200
196201
......
208213
209214
210215
211
216
217
218
212219
213220
214221
......
217224
218225
219226
227
228
220229
221230
222231
browser.runtime.sendMessage({type: "notification", options:{"message":text}});
}
function block_url(url)
{
debug("Block URL " + url);
browser.runtime.sendMessage({type: "block_url", options:{"url":url}});
}
// https://stackoverflow.com/questions/6965107/converting-between-strings-and-arraybuffers
function ab2str(buf) {
return String.fromCharCode.apply(null, new Uint8Array(buf));
while ((data.length % 16))
data += "\0";
debug("Encrypt " + data);
debug("Encrypt " + iv.length);
data = str2ab(data);
promise = mkey.then(function(mkey){
pkcs7_padding = new Uint8Array([16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16]);
pkcs7_padding = await _encrypt(mkey, nulliv, ab2str(pkcs7_padding));
debug("Decrypt " + data);
data = str2ab(data + pkcs7_padding);
nulliv = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
{
var result = "";
console.log("Encrypt ECB " + data);
nulliv = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
while (data.length > 16)
async function decrypt_ecb(mkey, data)
{
var result = "";
console.log("Decrypt ECB " + data);
nulliv = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
}
async function encrypt_cbc(mkey, iv, data)
{
{
console.log("Encrypt CBC " + data);
var result = await _encrypt(mkey, str2ab(iv), data);
// Remove PKCS7 padding
async function decrypt_cbc(mkey, iv, data)
{
console.log("Decrypt CBC " + data);
var result = await _decrypt(mkey, str2ab(iv), data);
// Remove PKCS7 padding
chrome_addon/manifest.json
1111
1212
1313
14
14
1515
1616
1717
......
1919
2020
2121
22
22
2323
2424
2525
2626
2727
2828
29
30
29
3130
31
32
33
3234
3335
3436
"content_scripts": [
{
"matches": ["https://*/*", "http://*/*"],
"matches": ["<all_urls>"],
"js": ["lib/parseuri.js", "lib/misc.js", "compat.js", "lib/main.js"],
"run_at" : "document_idle",
"all_frames" : true
],
"background": {
"persistent": false,
"persistent": true,
"scripts": ["background.js"]
},
"options_page": "options.html",
"permissions": [
"https://*/",
"http://*/",
"<all_urls>",
"notifications",
"webRequest",
"webRequestBlocking",
"tabs",
"storage"
]
}
firefox_webextension/background.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
136
237
338
......
1449
1550
1651
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
1776
function url_block_callback(details)
{
if (details.requestBody)
{
if (details.requestBody.formData)
{
for (var key in details.requestBody.formData)
{
for(var idx in details.requestBody.formData[key])
{
value = details.requestBody.formData[key][idx];
if (value.startsWith("@@") ||
value.startsWith("@_"))
return {cancel: true};
}
}
}
/*
// Analyse POST parameters
if (details.method == "POST" && details.requestBody.raw)
{
alert(details.requestBody.raw);
var postedString = decodeURIComponent(String.fromCharCode.apply(null,
new Uint8Array(details.requestBody.raw[0].bytes)));
if (postedString.indexOf("=@@") != -1 ||
postedString.indexOf("=@_") != -1)
return {cancel: true};
}
*/
}
return {cancel: false};
}
browser.runtime.onMessage.addListener(
function(request) {
window.setTimeout(function() {browser.notifications.clear("gPass")}, 2000);
}
else if (request.type == "block_url")
{
browser.tabs.getCurrent().then(
function onGot(tab) {
if (tab)
{
browser.webRequest.onBeforeRequest.addListener(
url_block_callback,
{urls:[request.options.url],
"types":["main_frame"],
"tabId":tab.id,
"windowId":tab.windowId
},
["blocking", "requestBody"]);
}
else
{
browser.webRequest.onBeforeRequest.addListener(
url_block_callback,
{urls:[request.options.url], types:["main_frame"]},
["blocking", "requestBody"]);
}
});
}
});
firefox_webextension/manifest.json
1111
1212
1313
14
14
1515
1616
1717
......
2626
2727
2828
29
30
29
3130
31
32
33
3234
3335
3436
"content_scripts": [
{
"matches": ["https://*/*", "http://*/*"],
"matches": ["<all_urls>"],
"js": ["lib/parseuri.js", "lib/misc.js", "compat.js", "lib/main.js"],
"run_at" : "document_idle",
"all_frames" : true
"options_ui": { "page":"options.html" },
"permissions": [
"https://*/",
"http://*/",
"<all_urls>",
"notifications",
"webRequest",
"webRequestBlocking",
"tabs",
"storage",
"activeTab"
]

Archive Download the corresponding diff file