From f7db81a03b76b6b55a374e28ec86fe3a409f1b0a Mon Sep 17 00:00:00 2001 From: FoxRefire <155989196+FoxRefire@users.noreply.github.com> Date: Fri, 26 Apr 2024 10:53:24 +0900 Subject: [PATCH 1/3] Records requestBody from POST requests --- background.js | 21 ++++++++++++++++++++- popup.js | 1 + 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/background.js b/background.js index b67b6f2..9df0a2a 100644 --- a/background.js +++ b/background.js @@ -1,15 +1,19 @@ let psshs=[]; let requests=[]; +let bodys=[]; let pageURL=""; function convertHeaders(obj){ return JSON.stringify(Object.fromEntries(obj.map(header => [header.name, header.value]))) } + +//Get URL and headers from POST requests chrome.webRequest.onBeforeSendHeaders.addListener( function(details) { if (details.method === "POST") { requests.push({ url:details.url, - headers:convertHeaders(details.requestHeaders) + headers:convertHeaders(details.requestHeaders), + body:bodys.find((b) => b.id == details.requestId).body }); } }, @@ -17,6 +21,20 @@ chrome.webRequest.onBeforeSendHeaders.addListener( ["requestHeaders"] ); +//Get requestBody from POST requests +chrome.webRequest.onBeforeRequest.addListener( + function(details) { + if (details.method === "POST") { + bodys.push({ + body:btoa(String.fromCharCode(...new Uint8Array(details.requestBody.raw[0]['bytes']))), + id:details.requestId + }); + } + }, + {urls: [""]}, + ["requestBody"] +); + //Receive PSSH from content.js chrome.runtime.onMessage.addListener( function (request, sender, sendResponse) { @@ -24,6 +42,7 @@ chrome.runtime.onMessage.addListener( case "RESET": psshs=[]; requests=[]; + bodys=[]; break; case "PSSH": psshs.push(request.text) diff --git a/popup.js b/popup.js index d52ef34..f3280e7 100644 --- a/popup.js +++ b/popup.js @@ -11,6 +11,7 @@ async function guess(){ let vars=`pssh="${document.getElementById('pssh').value}"\n` vars+=`licUrl="${requests[userInputs['license']]['url']}"\n` vars+=`licHeaders='${requests[userInputs['license']]['headers'].replace(/\\/g, "\\\\")}'\n` + vars+=`licBody="${requests[userInputs['license']]['body']}"\n` let pre=await fetch('python/pre.py').then(res=>res.text()) let after=await fetch('python/after.py').then(res=>res.text()) let scheme=await fetch(`python/schemes/${document.getElementById("scheme").value}.py`).then(res=>res.text()) From d272e8f2e6f4527e8f3236ca9423fd7dc9d65373 Mon Sep 17 00:00:00 2001 From: FoxRefire <155989196+FoxRefire@users.noreply.github.com> Date: Fri, 26 Apr 2024 21:59:34 +0900 Subject: [PATCH 2/3] Attempt for RedBee --- content.js | 18 ++++++++++++++++++ popup.html | 1 + popup.js | 6 ++++++ python/schemes/RedBee.py | 14 ++++++++++++++ 4 files changed, 39 insertions(+) create mode 100644 python/schemes/RedBee.py diff --git a/content.js b/content.js index a9a8cca..a27b513 100644 --- a/content.js +++ b/content.js @@ -17,3 +17,21 @@ document.addEventListener('pssh', (e) => { pageURL: document.URL },null); }); + +//Fetch from original origin +chrome.runtime.onMessage.addListener( + async function (request, sender, sendResponse) { + if(request.type=="FETCH"){ + console.log("DEBUG") + let res = await fetch(request.u, { + method: request.m, + headers: request.h, + body: request.b + }).then((r)=>r.json()).then((r)=>{ + btoa(String.fromCharCode(...new Uint8Array(r))) + }) + sendResponse({res: res}); + return true + } + } +); diff --git a/popup.html b/popup.html index b108403..6fb5f05 100644 --- a/popup.html +++ b/popup.html @@ -27,6 +27,7 @@

diff --git a/popup.js b/popup.js index f3280e7..7535d69 100644 --- a/popup.js +++ b/popup.js @@ -33,6 +33,12 @@ function copyResult(){ navigator.clipboard.writeText(this.value); } +window.corsFetch = (u, m, h, b) => { + chrome.runtime.sendMessage({type:"FETCH", u:u, m:m, h:h, b:b}, function(response) { + console.log(response) + }); +} + if(psshs.length!=0){ document.addEventListener('DOMContentLoaded', function() { document.getElementById('noEME').style.display='none'; diff --git a/python/schemes/RedBee.py b/python/schemes/RedBee.py new file mode 100644 index 0000000..3a3e00a --- /dev/null +++ b/python/schemes/RedBee.py @@ -0,0 +1,14 @@ +import base64 +import re +import js +req = base64.b64decode(licBody.encode()).decode() +b64challenge = base64.b64encode(challenge).decode() +req = re.sub(r'(?<=\"message\":\").*(?=\"})', b64challenge, req) +print(req) +# res = await (await pyfetch(licUrl, +# method="POST", +# headers=licHeaders, +# body=req +# )).json() +res = js.window.corsFetch(licUrl, "POST", licHeaders, req) +licence = base64.b64decode(res['license'].encode()) From f710d007ea91e65767d401fac80b9d2f2aad4e0a Mon Sep 17 00:00:00 2001 From: FoxRefire <155989196+FoxRefire@users.noreply.github.com> Date: Sun, 28 Apr 2024 05:58:48 +0900 Subject: [PATCH 3/3] Fix corsFetch --- content.js | 15 ++++++++------- manifest.json | 3 ++- popup.js | 10 +++++++--- python/schemes/RedBee.py | 11 ++++++----- 4 files changed, 23 insertions(+), 16 deletions(-) diff --git a/content.js b/content.js index a27b513..b98d7d2 100644 --- a/content.js +++ b/content.js @@ -20,18 +20,19 @@ document.addEventListener('pssh', (e) => { //Fetch from original origin chrome.runtime.onMessage.addListener( - async function (request, sender, sendResponse) { + function (request, sender, sendResponse) { if(request.type=="FETCH"){ - console.log("DEBUG") - let res = await fetch(request.u, { + console.log("DEBUG:"+JSON.stringify(request)) + let res = fetch(request.u, { method: request.m, headers: request.h, body: request.b - }).then((r)=>r.json()).then((r)=>{ - btoa(String.fromCharCode(...new Uint8Array(r))) + }).then((r)=>r.arrayBuffer()).then((r)=>{ + sendResponse( + btoa(String.fromCharCode(...new Uint8Array(r))) + ); }) - sendResponse({res: res}); - return true } + return true } ); diff --git a/manifest.json b/manifest.json index d381166..273fa2c 100644 --- a/manifest.json +++ b/manifest.json @@ -11,7 +11,8 @@ "", "activeTab", "windows", - "storage" + "storage", + "tabs" ], "background": { "scripts": ["background.js"], diff --git a/popup.js b/popup.js index 7535d69..1d04baa 100644 --- a/popup.js +++ b/popup.js @@ -34,9 +34,13 @@ function copyResult(){ } window.corsFetch = (u, m, h, b) => { - chrome.runtime.sendMessage({type:"FETCH", u:u, m:m, h:h, b:b}, function(response) { - console.log(response) - }); + return new Promise((resolve, reject) => { + chrome.tabs.query({ url:pageURL }, (tabs) => { + chrome.tabs.sendMessage(tabs[0].id, {type:"FETCH", u:u, m:m, h:h, b:b}, (res) => { + resolve(res) + }) + }) + }) } if(psshs.length!=0){ diff --git a/python/schemes/RedBee.py b/python/schemes/RedBee.py index 3a3e00a..ac0cece 100644 --- a/python/schemes/RedBee.py +++ b/python/schemes/RedBee.py @@ -1,14 +1,15 @@ import base64 -import re import js -req = base64.b64decode(licBody.encode()).decode() +from pyodide.ffi import to_js +req = json.loads(base64.b64decode(licBody.encode()).decode()) b64challenge = base64.b64encode(challenge).decode() -req = re.sub(r'(?<=\"message\":\").*(?=\"})', b64challenge, req) -print(req) +req['message'] = b64challenge # res = await (await pyfetch(licUrl, # method="POST", # headers=licHeaders, # body=req # )).json() -res = js.window.corsFetch(licUrl, "POST", licHeaders, req) +res = await js.corsFetch(licUrl, "POST", to_js(licHeaders), json.dumps(req)) +res = json.loads(base64.b64decode(res.encode()).decode()) +print(res) licence = base64.b64decode(res['license'].encode())