https://github.com/terrafrost/firefox-x-forwarded-for-spoofer
That's an addon I'm trying to revive that's not working in the latest version of Firefox and I'm trying to find out why.
Near as I can tell the component isn't working and I've no idea as to why.
I've tried making the chrome.manifest file read as follows:
content x-forwarded-for chrome/content/
overlay chrome://browser/content/browser.xul chrome://x-forwarded-for/content/overlay.xul
locale x-forwarded-for en-US chrome/locale/en-US/
component ec8030f7-c20a-464f-9b0e-13a3a9e97384 components/x-forwarded-for.js
contract #x-forwarded-for#frostjedi.com/x-forwarded-for.js;1 ec8030f7-c20a-464f-9b0e-13a3a9e97384
I've also tried #frostjedi.com/x-forwarded-for;1 (which is what x-forwarded-for.js has as the contract id but that didn't help) to no avail.
Any ideas?
The ID you list in chrome.manifest should be the component ID, not the extension ID. Also, the contract ID seems to be incorrect, probably a copy&paste mistake. The correct lines would be:
component {f3bbf109-6d66-46ca-960e-4b78014023b3} components/x-forwarded-for.js
contract #frostjedi.com/x-forwarded-for;1 {f3bbf109-6d66-46ca-960e-4b78014023b3}
The component itself needs to be modified as well - to be compatible with Firefox 4 and above it should expose an NSGetFactory function instead of NSGetModule. It is highly recommendable to use XPCOMUtils.jsm module for that, it will do most of the work for you. You can throw out the entire module definition and replace it by the following lines:
Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
var NSGetFactory = XPCOMUtils.generateNSGetFactory([XForwardedForProxy]);
Note that you no longer have to declare component ID and contract ID in the component itself, the entries in chrome.manifest are sufficient for Firefox 4 and above.
For reference: XPCOM changes in Gecko 2.0
Related
I am trying to setup swagger for the product I'm developing and cannot wrap my head around it.
I started with the most basic config as described here. The swagger.json was generated correctly under https://localhost/MyWebAPI/swagger/v1/swagger.json, but when navigating to https://localhost/MyWebAPI/swagger/index.html I get a blank site. Did some digging and most of the answers were revolving around setting up SwaggerEndpoint, RoutePrefix or some uri templates but none of them worked for me so I finally did what should have done in the first place and checked code of the site itself.
It is there... The url's seems correct:
var configObject = JSON.parse('{"urls":[{"url":"v1/swagger.json","name":"MyApp v1"}],"deepLinking":false,"persistAuthorization":false,"displayOperationId":false,"defaultModelsExpandDepth":1,"defaultModelExpandDepth":1,"defaultModelRendering":"example","displayRequestDuration":false,"docExpansion":"list","showExtensions":false,"showCommonExtensions":false,"supportedSubmitMethods":["get","put","post","delete","options","head","patch","trace"],"tryItOutEnabled":false}');
var oauthConfigObject = JSON.parse('{"scopeSeparator":" ","scopes":[],"useBasicAuthenticationWithAccessCodeGrant":false,"usePkceWithAuthorizationCodeGrant":false}');
// Workaround for https://github.com/swagger-api/swagger-ui/issues/5945
configObject.urls.forEach(function (item) {
if (item.url.startsWith("http") || item.url.startsWith("/")) return;
item.url = window.location.href.replace("index.html", item.url).split('#')[0];
});
The issue is and I kid you not the line with interceptors that is actually split into several lines and the browser wouldn't recognise it as a correct string.
Obviously I tried to pass null as the entire section, but that just brakes everything two lines later. I am in shambles...
I tried with several versions of Swashbuckle (currently using 6.5.0, but tried with some previous ones starting from 6.1.5). Any ideas how to fix it as I guess this must be generally working but there's just something weird/wrong that I'm missing.
Right... one of the most stupid things I've encountered lately. I started reading Swashbuckle source code and the only class that when serialised wouldn't get the JsonSerializerOptions as defined in Swashbuckle project is InterceptorFunctions, so it used mine... and mine would have WriteIndented set as true...
I want to block image and Javascript from third-part on load, and edit user.js in profile folder to merge with pref.js when Firefox startup.
Here's my code in user.js:
user_pref("capability.policy.policynames", "noimage, nojs, nohrefs");
user_pref("capability.policy.nojs.sites", "http://abc.xyz https://abc.xyz");
user_pref("capability.policy.nojs.javascript.enabled", "noAccess");
user_pref("capability.policy.noimage.sites", "http://abc.xyz https://abc.xyz");
user_pref("capability.policy.noimage.permissions.image", 3);
user_pref("capability.policy.nohrefs.sites", "http://abc.xyz https://abc.xyz");
user_pref("capability.policy.nohrefs.HTMLAnchorElement.href", "noAccess");
I check it in "about:config" and see it show but it's didn't work in fact at anytime.
How to make it work ?
Reference links:
http://kb.mozillazine.org/index.php?title=Category:Preferences&until=Places.frecency.unvisitedTypedBonus
http://www-archive.mozilla.org/projects/security/components/ConfigPolicy.html
In case someone is still looking for an answer, the capability.policy.nojsbroken.javascript.enabled is gone since Firefox 29, please refeer to this answer.
I want to know if users are using hola better internet to browse my site. Hola! is an extension that uses a peer to peer network so users can appear to be browsing from different countries. I am worried however that some bots are using this plugin as a proxy. From what I read it does not send the X-FORWARDED-FOR header, and does not seem to announce itself on the navigator.plugins - verified with panopticlick. This seems like a huge security issue, as this plugin has 42 million users..
I see people using it to see netflix from other countries, I guess they would love to stop it too.
How do I detect users who are using this plugin?
--EDIT--
Also, see this - luminati.io - what seems to be the worlds largest botnet for hire... i cant see how they wont piss off google like this. But this does look like a great security risk to any site on the web.
Looking at the source code of the plugin there is this:
function hola_ext_present(){
// Only <html> is present at document_start time, use it as a
// storage to communicate presence of extension to web page.
document.documentElement.setAttribute('hola_ext_present', 'true');
}
so basically something like:
document.documentElement.getAttribute('hola_ext_present');
will tell you if it is present or not.
I know this should be done on server side, but what I can think for now is doing it on the client side since hola when successfully loaded it creates an attribute on html tag named hola_ext_inject.
So using jquery :
$(function() {
var hola_inject = $('html').attr('hola_ext_inject');
if (typeof hola_inject !== typeof undefined && hola_inject !== false) {
console.log('plugin exist');
}
});
Facing multiple issues with IE 8 (detailed version 8.0.7601.17514). Please note everything works fine in other browsers.
Yammer embed my feed control is not working. Sometimes it shows result and sometimes not.
REST API call not working and giving error as below. However I used new js sdk and new yam.platform.request.
Error is : yam.request is null or not an object. source : platform_js_sdk.js
Thanks in advance for your help!
I found out that the div that you embed yammer feed has to be above the yammer request script
eg.
<div id="embedded-feed" style="height:400px;width:500px;"></div>
<script>
yam.connect.embedFeed(
{ container: '#embedded-feed',
network: 'fourleaf.com' // network permalink (see below)
});
</script>
Otherwise, IE will not be able to find the div to show the feed (but chrome works fine..)
I know this is possible via a simple registry change to accomplish this as long as IE/firefox is being used. However, I am wondering if there is a reliable way to do so for other browsers,
I am specifically looking for a way to do this via an installer, so editing a preference inside a specific browser will not cut it.
Here is the best I can come up with:
IE: http://msdn.microsoft.com/en-us/library/aa767914(VS.85).aspx
FireFox: http://kb.mozillazine.org/Register_protocol
Chrome: Since every other browser in seems to support the same convention, I created a bug for chrome.
Opera: I can't find any documentation, but it appears to follow the same method as IE/Firefox (see above links)
Safari: Same thing as opera, it works, but I can't find any documentation on it
Yes. Here is how to do it with FireFox:
http://kb.mozillazine.org/Register_protocol
and Opera:
http://www.opera.com/support/kb/view/535/
If someone looks like a solution for an intranet web site (for all browsers, not only IE), that contains hyperlinks to a shared server folders (like in my case) this is a possible solution:
register protocol (URI scheme) via registry (this can be done for all corporative users i suppose). For example, "myfile:" scheme. (thanks to Greg Dean's answer)
The hyperlink href attribute will then should look like
<a href='myfile:\\mysharedserver\sharedfolder\' target='_self'>Shared server</a>
Write a console application that redirects argument to windows explorer (see step 1 for example of such application)
This is piece of mine test app:
const string prefix = "myfile:";
static string ProcessInput(string s)
{
// TODO Verify and validate the input
// string as appropriate for your application.
if (s.StartsWith(prefix))
s = s.Substring(prefix.Length);
s = System.Net.WebUtility.UrlDecode(s);
Process.Start("explorer", s);
return s;
}
I think this app can be easily installed by your admins for all intranet users :)
I couldn't set up scheme setting to open such links in explorer without this separate app.