Script from fake Bitcoin hack (scam) by Mohammed Jihad

1. // LOG LEVELS ---
2.  
3. VERB=1;
4. DBUG=2;
5. INFO=3;
6. NOTE=4;
7. WARN=5;
8.  
9. // PREFERENCE BRANCHES
10. let PREFBRANCH_ROOT=0;
11. let PREFBRANCH_RULE_TOGGLE=1;
12. let PREFBRANCH_NONE=2;
13.  
14. //---------------
15.  
16. https_domains = {}; // maps domain patterns (with at most one
17. // wildcard) to RuleSets
18.  
19. https_everywhere_blacklist = {}; // URLs we've given up on rewriting because
20. // of redirection loops
21.  
22. https_blacklist_domains = {}; // domains for which there is at least one
23. // blacklisted URL
24.  
25. //
26. const CI = Components.interfaces;
27. const CC = Components.classes;
28. const CU = Components.utils;
29. const CR = Components.results;
30. const Ci = Components.interfaces;
31. const Cc = Components.classes;
32. const Cu = Components.utils;
33. const Cr = Components.results;
34.  
35. Cu.import("resource://gre/modules/Services.jsm");
36. Cu.import("resource://gre/modules/FileUtils.jsm");
37.  
38. const CP_SHOULDPROCESS = 4;
39.  
40. const SERVICE_CTRID = "@eff.org/https-everywhere;1";
41. const SERVICE_ID=Components.ID("{32c165b4-fe5e-4964-9250-603c410631b4}");
42. const SERVICE_NAME = "Encrypts your communications with a number of major websites";
43.  
44. const LLVAR = "LogLevel";
45.  
46. const IOS = CC["@mozilla.org/network/io-service;1"].getService(CI.nsIIOService);
47. const OS = CC['@mozilla.org/observer-service;1'].getService(CI.nsIObserverService);
48. const LOADER = CC["@mozilla.org/moz/jssubscript-loader;1"].getService(CI.mozIJSSubScriptLoader);
49. const _INCLUDED = {};
50.  
51. // NoScript uses this blob to include js constructs that stored in the chrome/
52. // directory, but are not attached to the Firefox UI (normally, js located
53. // there is attached to an Overlay and therefore is part of the UI).
54.  
55. // Reasons for this: things in components/ directory cannot be split into
56. // separate files; things in chrome/ can be
57.  
58. const INCLUDE = function(name) {
59. if (arguments.length > 1)
60. for (var j = 0, len = arguments.length; j < len; j++)
61. INCLUDE(arguments[j]);
62. else if (!_INCLUDED[name]) {
63. // we used to try/catch here, but that was less useful because it didn't
64. // produce line numbers for syntax errors
65. LOADER.loadSubScript("chrome://https-everywhere/content/code/"
66. + name + ".js");
67. _INCLUDED[name] = true;
68. }
69. };
70.  
71. const WP_STATE_START = CI.nsIWebProgressListener.STATE_START;
72. const WP_STATE_STOP = CI.nsIWebProgressListener.STATE_STOP;
73. const WP_STATE_DOC = CI.nsIWebProgressListener.STATE_IS_DOCUMENT;
74. const WP_STATE_START_DOC = WP_STATE_START | WP_STATE_DOC;
75. const WP_STATE_RESTORING = CI.nsIWebProgressListener.STATE_RESTORING;
76.  
77. const LF_VALIDATE_ALWAYS = CI.nsIRequest.VALIDATE_ALWAYS;
78. const LF_LOAD_BYPASS_ALL_CACHES = CI.nsIRequest.LOAD_BYPASS_CACHE | CI.nsICachingChannel.LOAD_BYPASS_LOCAL_CACHE;
79.  
80. const NS_OK = 0;
81. const NS_BINDING_ABORTED = 0x804b0002;
82. const NS_BINDING_REDIRECTED = 0x804b0003;
83. const NS_ERROR_UNKNOWN_HOST = 0x804b001e;
84. const NS_ERROR_REDIRECT_LOOP = 0x804b001f;
85. const NS_ERROR_CONNECTION_REFUSED = 0x804b000e;
86. const NS_ERROR_NOT_AVAILABLE = 0x804b0111;
87.  
88. const LOG_CONTENT_BLOCK = 1;
89. const LOG_CONTENT_CALL = 2;
90. const LOG_CONTENT_INTERCEPT = 4;
91. const LOG_CHROME_WIN = 8;
92. const LOG_XSS_FILTER = 16;
93. const LOG_INJECTION_CHECK = 32;
94. const LOG_DOM = 64;
95. const LOG_JS = 128;
96. const LOG_LEAKS = 1024;
97. const LOG_SNIFF = 2048;
98. const LOG_CLEARCLICK = 4096;
99. const LOG_ABE = 8192;
100.  
101. const HTML_NS = "http://www.w3.org/1999/xhtml";
102.  
103. const WHERE_UNTRUSTED = 1;
104. const WHERE_TRUSTED = 2;
105. const ANYWHERE = 3;
106.  
107. const N_COHORTS = 1000;
108.  
109. const DUMMY_OBJ = {};
110. DUMMY_OBJ.wrappedJSObject = DUMMY_OBJ;
111. const DUMMY_FUNC = function() {};
112. const DUMMY_ARRAY = [];
113.  
114. const EARLY_VERSION_CHECK = !("nsISessionStore" in CI && typeof(/ /) === "object");
115.  
116. // This is probably obsolete since the switch to the channel.redirectTo API
117. const OBSERVER_TOPIC_URI_REWRITE = "https-everywhere-uri-rewrite";
118.  
119. // XXX: Better plan for this?
120. // We need it to exist to make our updates of ChannelReplacement.js easier.
121. var ABE = {
122. consoleDump: false,
123. log: function(str) {
124. https_everywhereLog(WARN, str);
125. }
126. };
127.  
128. function xpcom_generateQI(iids) {
129. var checks = [];
130. for each (var iid in iids) {
131. checks.push("CI." + iid.name + ".equals(iid)");
132. }
133. var src = checks.length
134. ? "if (" + checks.join(" || ") + ") return this;\n"
135. : "";
136. return new Function("iid", src + "throw Components.results.NS_ERROR_NO_INTERFACE;");
137. }
138.  
139. function xpcom_checkInterfaces(iid,iids,ex) {
140. for (var j = iids.length; j-- >0;) {
141. if (iid.equals(iids[j])) return true;
142. }
143. throw ex;
144. }
145.  
146. INCLUDE('ChannelReplacement', 'IOUtil', 'HTTPSRules', 'HTTPS', 'Thread', 'ApplicableList');
147.  
148. Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
149.  
150. // This is black magic for storing Expando data w/ an nsIDOMWindow
151. // See http://pastebin.com/qY28Jwbv ,
152. // https://developer.mozilla.org/en/XPCOM_Interface_Reference/nsIControllers
153.  
154. StorageController.prototype = {
155. QueryInterface: XPCOMUtils.generateQI(
156. [ Components.interfaces.nsISupports,
157. Components.interfaces.nsIController ]),
158. wrappedJSObject: null, // Initialized by constructor
159. supportsCommand: function (cmd) {return (cmd == this.command);},
160. isCommandEnabled: function (cmd) {return (cmd == this.command);},
161. onEvent: function(eventName) {return true;},
162. doCommand: function() {return true;}
163. };
164.  
165. function StorageController(command) {
166. this.command = command;
167. this.data = {};
168. this.wrappedJSObject = this;
169. };
170.  
171. /*var Controller = Class("Controller", XPCOM(CI.nsIController), {
172. init: function (command, data) {
173. this.command = command;
174. this.data = data;
175. },
176. supportsCommand: function (cmd) cmd === this.command
177. });*/
178.  
179. function HTTPSEverywhere() {
180.  
181. // Set up logging in each component:
182. HTTPS.log = HTTPSRules.log = RuleWriter.log = this.log = https_everywhereLog;
183.  
184. this.log = https_everywhereLog;
185. this.wrappedJSObject = this;
186. this.https_rules = HTTPSRules;
187. this.INCLUDE=INCLUDE;
188. this.ApplicableList = ApplicableList;
189. this.browser_initialised = false; // the browser is completely loaded
190.  
191.  
192. this.prefs = this.get_prefs();
193. this.rule_toggle_prefs = this.get_prefs(PREFBRANCH_RULE_TOGGLE);
194.  
195. this.httpNowhereEnabled = this.prefs.getBoolPref("http_nowhere.enabled");
196. this.isMobile = this.doMobileCheck();
197.  
198. // Disable SSLv3 to prevent POODLE attack.
199. // https://www.imperialviolet.org/2014/10/14/poodle.html
200. var root_prefs = this.get_prefs(PREFBRANCH_NONE);
201. root_prefs.setIntPref("security.tls.version.min", 1);
202.  
203. // We need to use observers instead of categories for FF3.0 for these:
204. // https://developer.mozilla.org/en/Observer_Notifications
205. // https://developer.mozilla.org/en/nsIObserverService.
206. // https://developer.mozilla.org/en/nsIObserver
207. // We also use the observer service to let other extensions know about URIs
208. // we rewrite.
209. this.obsService = CC["@mozilla.org/observer-service;1"]
210. .getService(Components.interfaces.nsIObserverService);
211.  
212. if (this.prefs.getBoolPref("globalEnabled")) {
213. this.obsService.addObserver(this, "profile-before-change", false);
214. this.obsService.addObserver(this, "profile-after-change", false);
215. this.obsService.addObserver(this, "sessionstore-windows-restored", false);
216. this.obsService.addObserver(this, "browser:purge-session-history", false);
217. } else {
218. // Need this to initialize FF for Android UI even when HTTPS-E is off
219. if (this.isMobile) {
220. this.obsService.addObserver(this, "sessionstore-windows-restored", false);
221. }
222. }
223.  
224. var pref_service = Components.classes["@mozilla.org/preferences-service;1"]
225. .getService(Components.interfaces.nsIPrefBranchInternal);
226. var branch = pref_service.QueryInterface(Components.interfaces.nsIPrefBranchInternal);
227.  
228. branch.addObserver("extensions.https_everywhere.enable_mixed_rulesets",
229. this, false);
230. branch.addObserver("security.mixed_content.block_active_content",
231. this, false);
232.  
233. return;
234. }
235.  
236.  
237.  
238. /*
239. In recent versions of Firefox and HTTPS Everywhere, the call stack for performing an HTTP -> HTTPS rewrite looks like this:
240.  
241. 1. HTTPSEverywhere.observe() gets a callback with the "http-on-modify-request" topic, and the channel as a subject
242.  
243. 2. HTTPS.replaceChannel()
244.  
245. 3. HTTPSRules.rewrittenURI()
246.  
247. 4. HTTPSRules.potentiallyApplicableRulesets uses <target host=""> elements to identify relevant rulesets
248.  
249. foreach RuleSet:
250.  
251. 4. RuleSet.transformURI()
252.  
253. 5. RuleSet.apply() does the tests and rewrites with RegExps, returning a string
254.  
255. 4. RuleSet.transformURI() makes a new uri object for the destination string, if required
256.  
257. 2. HTTPS.replaceChannel() calls channel.redirectTo() if a redirect is needed
258.  
259.  
260. In addition, the following other important tasks happen along the way:
261.  
262. HTTPSEverywhere.observe() aborts if there is a redirect loop
263. finds a reference to the ApplicableList or alist that represents the toolbar context menu
264.  
265. HTTPS.replaceChannel() notices redirect loops (and used to do much more complex XPCOM API work in the NoScript-based past)
266.  
267. HTTPSRules.rewrittenURI() works around weird URI types like about: and http://user:pass@example.com/
268. and notifies the alist of what it should display for each ruleset
269.  
270. */
271.  
272. // This defines for Mozilla what stuff HTTPSEverywhere will implement.
273.  
274. // ChannelEventSink used to be necessary in order to handle redirects (eg
275. // HTTP redirects) correctly. It may now be obsolete? XXX
276.  
277. HTTPSEverywhere.prototype = {
278. prefs: null,
279. // properties required for XPCOM registration:
280. classDescription: SERVICE_NAME,
281. classID: SERVICE_ID,
282. contractID: SERVICE_CTRID,
283.  
284. _xpcom_factory: {
285. createInstance: function (outer, iid) {
286. if (outer != null)
287. throw Components.results.NS_ERROR_NO_AGGREGATION;
288. if (!HTTPSEverywhere.instance)
289. HTTPSEverywhere.instance = new HTTPSEverywhere();
290. return HTTPSEverywhere.instance.QueryInterface(iid);
291. },
292.  
293. QueryInterface: XPCOMUtils.generateQI(
294. [ Components.interfaces.nsISupports,
295. Components.interfaces.nsIModule,
296. Components.interfaces.nsIFactory ])
297. },
298.  
299. // [optional] an array of categories to register this component in.
300. _xpcom_categories: [
301. {
302. category: "app-startup",
303. }
304. ],
305.  
306. // QueryInterface implementation, e.g. using the generateQI helper
307. QueryInterface: XPCOMUtils.generateQI(
308. [ Components.interfaces.nsIObserver,
309. Components.interfaces.nsISupports,
310. Components.interfaces.nsISupportsWeakReference,
311. Components.interfaces.nsIWebProgressListener,
312. Components.interfaces.nsIWebProgressListener2,
313. Components.interfaces.nsIChannelEventSink ]),
314.  
315. wrappedJSObject: null, // Initialized by constructor
316.  
317. getWeakReference: function () {
318. return Components.utils.getWeakReference(this);
319. },
320.  
321. // An "expando" is an attribute glued onto something. From NoScript.
322. getExpando: function(domWin, key) {
323. var c = domWin.controllers.getControllerForCommand("https-everywhere-storage");
324. try {
325. if (c) {
326. c = c.wrappedJSObject;
327. //this.log(DBUG, "Found a controller, returning data");
328. return c.data[key];
329. } else {
330. this.log(INFO, "No controller attached to " + domWin);
331. return null;
332. }
333. } catch(e) {
334. // Firefox 3.5
335. this.log(WARN,"exception in getExpando");
336. this.getExpando = this.getExpando_old;
337. this.setExpando = this.setExpando_old;
338. return this.getExpando_old(domWin, key, null);
339. }
340. },
341. setExpando: function(domWin, key, value) {
342. var c = domWin.controllers.getControllerForCommand("https-everywhere-storage");
343. try {
344. if (!c) {
345. this.log(DBUG, "Appending new StorageController for " + domWin);
346. c = new StorageController("https-everywhere-storage");
347. domWin.controllers.appendController(c);
348. } else {
349. c = c.wrappedJSObject;
350. }
351. c.data[key] = value;
352. } catch(e) {
353. this.log(WARN,"exception in setExpando");
354. this.getExpando = this.getExpando_old;
355. this.setExpando = this.setExpando_old;
356. this.setExpando_old(domWin, key, value);
357. }
358. },
359.  
360. // This method is straight out of NoScript... we fall back to it in FF 3.*?
361. getExpando_old: function(domWin, key, defValue) {
362. var domObject = domWin.document;
363. return domObject && domObject.__httpsEStorage && domObject.__httpsEStorage[key] ||
364. (defValue ? this.setExpando(domObject, key, defValue) : null);
365. },
366. setExpando_old: function(domWin, key, value) {
367. var domObject = domWin.document;
368. if (!domObject) return null;
369. if (!domObject.__httpsEStorage) domObject.__httpsEStorage = {};
370. if (domObject.__httpsEStorage) domObject.__httpsEStorage[key] = value;
371. else this.log(WARN, "Warning: cannot set expando " + key + " to value " + value);
372. return value;
373. },
374.  
375. // We use onLocationChange to make a fresh list of rulesets that could have
376. // applied to the content in the current page (the "applicable list" is used
377. // for the context menu in the UI). This will be appended to as various
378. // content is embedded / requested by JavaScript.
379. onLocationChange: function(wp, req, uri) {
380. if (wp instanceof CI.nsIWebProgress) {
381. if (!this.newApplicableListForDOMWin(wp.DOMWindow))
382. this.log(WARN,"Something went wrong in onLocationChange");
383. } else {
384. this.log(WARN,"onLocationChange: no nsIWebProgress");
385. }
386. },
387.  
388. getWindowForChannel: function(channel) {
389. // Obtain an nsIDOMWindow from a channel
390. let loadContext;
391. try {
392. loadContext = channel.notificationCallbacks.getInterface(CI.nsILoadContext);
393. } catch(e) {
394. try {
395. loadContext = channel.loadGroup.notificationCallbacks.getInterface(CI.nsILoadContext);
396. } catch(e) {
397. this.log(NOTE, "No loadContext for " + channel.URI.spec);
398. return null;
399. }
400. }
401.  
402. if (!loadContext) { return null; }
403.  
404. let domWin = loadContext.associatedWindow;
405. if (!domWin) {
406. this.log(NOTE, "failed to get DOMWin for " + channel.URI.spec);
407. return null;
408. }
409.  
410. domWin = domWin.top;
411. return domWin;
412. },
413.  
414. // the lists get made when the urlbar is loading something new, but they
415. // need to be appended to with reference only to the channel
416. getApplicableListForChannel: function(channel) {
417. var domWin = this.getWindowForChannel(channel);
418. return this.getApplicableListForDOMWin(domWin, "on-modify-request w " + domWin);
419. },
420.  
421. newApplicableListForDOMWin: function(domWin) {
422. if (!domWin || !(domWin instanceof CI.nsIDOMWindow)) {
423. this.log(WARN, "Get alist without domWin");
424. return null;
425. }
426. var dw = domWin.top;
427. var alist = new ApplicableList(this.log,dw.document,dw);
428. this.setExpando(dw,"applicable_rules",alist);
429. return alist;
430. },
431.  
432. getApplicableListForDOMWin: function(domWin, where) {
433. if (!domWin || !(domWin instanceof CI.nsIDOMWindow)) {
434. //this.log(WARN, "Get alist without domWin");
435. return null;
436. }
437. var dw = domWin.top;
438. var alist= this.getExpando(dw,"applicable_rules");
439. if (alist) {
440. //this.log(DBUG,"get AL success in " + where);
441. return alist;
442. } else {
443. //this.log(DBUG, "Making new AL in getApplicableListForDOMWin in " + where);
444. alist = new ApplicableList(this.log,dw.document,dw);
445. this.setExpando(dw,"applicable_rules",alist);
446. }
447. return alist;
448. },
449.  
450. observe: function(subject, topic, data) {
451. // Top level glue for the nsIObserver API
452. var channel = subject;
453. //this.log(VERB,"Got observer topic: "+topic);
454.  
455. if (topic == "http-on-modify-request") {
456. if (!(channel instanceof CI.nsIHttpChannel)) return;
457.  
458. this.log(DBUG,"Got http-on-modify-request: "+channel.URI.spec);
459. var lst = this.getApplicableListForChannel(channel); // null if no window is associated (ex: xhr)
460. if (channel.URI.spec in https_everywhere_blacklist) {
461. this.log(DBUG, "Avoiding blacklisted " + channel.URI.spec);
462. if (lst) lst.breaking_rule(https_everywhere_blacklist[channel.URI.spec]);
463. else this.log(NOTE,"Failed to indicate breakage in content menu");
464. return;
465. }
466. HTTPS.replaceChannel(lst, channel, this.httpNowhereEnabled);
467. } else if (topic == "http-on-examine-response") {
468. this.log(DBUG, "Got http-on-examine-response @ "+ (channel.URI ? channel.URI.spec : '') );
469. HTTPS.handleSecureCookies(channel);
470. } else if (topic == "http-on-examine-merged-response") {
471. this.log(DBUG, "Got http-on-examine-merged-response ");
472. HTTPS.handleSecureCookies(channel);
473. } else if (topic == "cookie-changed") {
474. // Javascript can add cookies via document.cookie that are insecure.
475. if (data == "added" || data == "changed") {
476. // subject can also be an nsIArray! bleh.
477. try {
478. subject.QueryInterface(CI.nsIArray);
479. var elems = subject.enumerate();
480. while (elems.hasMoreElements()) {
481. var cookie = elems.getNext()
482. .QueryInterface(CI.nsICookie2);
483. if (!cookie.isSecure) {
484. HTTPS.handleInsecureCookie(cookie);
485. }
486. }
487. } catch(e) {
488. subject.QueryInterface(CI.nsICookie2);
489. if(!subject.isSecure) {
490. HTTPS.handleInsecureCookie(subject);
491. }
492. }
493. }
494. } else if (topic == "profile-before-change") {
495. this.log(INFO, "Got profile-before-change");
496. var catman = Components.classes["@mozilla.org/categorymanager;1"]
497. .getService(Components.interfaces.nsICategoryManager);
498. catman.deleteCategoryEntry("net-channel-event-sinks", SERVICE_CTRID, true);
499. Thread.hostRunning = false;
500. } else if (topic == "profile-after-change") {
501. this.log(DBUG, "Got profile-after-change");
502.  
503. if(this.prefs.getBoolPref("globalEnabled")){
504. OS.addObserver(this, "cookie-changed", false);
505. OS.addObserver(this, "http-on-modify-request", false);
506. OS.addObserver(this, "http-on-examine-merged-response", false);
507. OS.addObserver(this, "http-on-examine-response", false);
508.  
509. var dls = CC['@mozilla.org/docloaderservice;1']
510. .getService(CI.nsIWebProgress);
511. dls.addProgressListener(this, CI.nsIWebProgress.NOTIFY_LOCATION);
512. this.log(INFO,"ChannelReplacement.supported = "+ChannelReplacement.supported);
513.  
514. HTTPSRules.init();
515.  
516. Thread.hostRunning = true;
517. var catman = Components.classes["@mozilla.org/categorymanager;1"]
518. .getService(Components.interfaces.nsICategoryManager);
519. // hook on redirections (non persistent, otherwise crashes on 1.8.x)
520. catman.addCategoryEntry("net-channel-event-sinks", SERVICE_CTRID,
521. SERVICE_CTRID, false, true);
522. }
523. } else if (topic == "sessionstore-windows-restored") {
524. this.log(DBUG,"Got sessionstore-windows-restored");
525. if (!this.isMobile) {
526. this.maybeShowObservatoryPopup();
527. } else {
528. this.log(WARN, "Initializing Firefox for Android UI");
529. Cu.import("chrome://https-everywhere/content/code/AndroidUI.jsm");
530. AndroidUI.init();
531. }
532. this.browser_initialised = true;
533. } else if (topic == "nsPref:changed") {
534. // If the user toggles the Mixed Content Blocker settings, reload the rulesets
535. // to enable/disable the mixedcontent ones
536.  
537. // this pref gets set to false and then true during FF 26 startup!
538. // so do nothing if we're being notified during startup
539. if (!this.browser_initialised)
540. return;
541. switch (data) {
542. case "security.mixed_content.block_active_content":
543. case "extensions.https_everywhere.enable_mixed_rulesets":
544. var p = CC["@mozilla.org/preferences-service;1"].getService(CI.nsIPrefBranch);
545. var val = p.getBoolPref("security.mixed_content.block_active_content");
546. this.log(INFO,"nsPref:changed for "+data + " to " + val);
547. HTTPSRules.init();
548. break;
549. }
550. } else if (topic == "browser:purge-session-history") {
551. // The list of rulesets that have been loaded from the sqlite DB
552. // constitutes a parallel history store, so we have to clear it.
553. this.log(DBUG, "History cleared, reloading HTTPSRules to avoid information leak.");
554. HTTPSRules.init();
555. }
556. return;
557. },
558.  
559. maybeShowObservatoryPopup: function() {
560. // Show the popup at most once. Users who enabled the Observatory before
561. // a version that would have shown it to them, don't need to see it
562. // again.
563. var ssl_observatory = CC["@eff.org/ssl-observatory;1"]
564. .getService(Components.interfaces.nsISupports)
565. .wrappedJSObject;
566. var shown = ssl_observatory.myGetBoolPref("popup_shown");
567. var enabled = ssl_observatory.myGetBoolPref("enabled");
568. var that = this;
569. var obs_popup_callback = function(result) {
570. if (result) that.log(INFO, "Got positive proxy test.");
571. else that.log(INFO, "Got negative proxy text.");
572. // We are now ready to show the popup in its most informative state
573. that.chrome_opener("chrome://https-everywhere/content/observatory-popup.xul");
574. };
575. if (!shown && !enabled)
576. ssl_observatory.registerProxyTestNotification(obs_popup_callback);
577.  
578. if (shown && enabled)
579. this.maybeCleanupObservatoryPrefs(ssl_observatory);
580. },
581.  
582. maybeCleanupObservatoryPrefs: function(ssl_observatory) {
583. // Recover from a past UI processing bug that would leave the Obsevatory
584. // accidentally disabled for some users
585. // https://trac.torproject.org/projects/tor/ticket/10728
586. var clean = ssl_observatory.myGetBoolPref("clean_config");
587. if (clean) return;
588.  
589. // unchanged: returns true if a pref has not been modified
590. var unchanged = function(p){return !ssl_observatory.prefs.prefHasUserValue("extensions.https_everywhere._observatory."+p)};
591. var cleanup_obsprefs_callback = function(tor_avail) {
592. // we only run this once
593. ssl_observatory.prefs.setBoolPref("extensions.https_everywhere._observatory.clean_config", true);
594. if (!tor_avail) {
595. // use_custom_proxy is the variable that is often false when it should be true;
596. if (!ssl_observatory.myGetBoolPref("use_custom_proxy")) {
597. // however don't do anything if any of the prefs have been set by the user
598. if (unchanged("alt_roots") && unchanged("self_signed") && unchanged ("send_asn") && unchanged("priv_dns")) {
599. ssl_observatory.prefs.setBoolPref("extensions.https_everywhere._observatory.use_custom_proxy", true);
600. }
601. }
602. }
603. }
604. ssl_observatory.registerProxyTestNotification(cleanup_obsprefs_callback);
605. },
606.  
607.  
608. getExperimentalFeatureCohort: function() {
609. // This variable is used for gradually turning on features for testing and
610. // scalability purposes. It is a random integer [0,N_COHORTS) generated
611. // once and stored thereafter.
612. //
613. // This is not currently used/called in the development branch
614. var cohort;
615. try {
616. cohort = this.prefs.getIntPref("experimental_feature_cohort");
617. } catch(e) {
618. cohort = Math.round(Math.random() * N_COHORTS);
619. this.prefs.setIntPref("experimental_feature_cohort", cohort);
620. }
621. return cohort;
622. },
623.  
624. // nsIChannelEventSink implementation
625. // XXX This was here for rewrites in the past. Do we still need it?
626. onChannelRedirect: function(oldChannel, newChannel, flags) {
627. const uri = newChannel.URI;
628. this.log(DBUG,"Got onChannelRedirect to "+uri.spec);
629. if (!(newChannel instanceof CI.nsIHttpChannel)) {
630. this.log(DBUG, newChannel + " is not an instance of nsIHttpChannel");
631. return;
632. }
633. var alist = this.juggleApplicableListsDuringRedirection(oldChannel, newChannel);
634. HTTPS.replaceChannel(alist,newChannel, this.httpNowhereEnabled);
635. },
636.  
637. juggleApplicableListsDuringRedirection: function(oldChannel, newChannel) {
638. // If the new channel doesn't yet have a list of applicable rulesets, start
639. // with the old one because that's probably a better representation of how
640. // secure the load process was for this page
641. var domWin = this.getWindowForChannel(oldChannel);
642. var old_alist = null;
643. if (domWin)
644. old_alist = this.getExpando(domWin,"applicable_rules");
645. domWin = this.getWindowForChannel(newChannel);
646. if (!domWin) return null;
647. var new_alist = this.getExpando(domWin,"applicable_rules");
648. if (old_alist && !new_alist) {
649. new_alist = old_alist;
650. this.setExpando(domWin,"applicable_rules",new_alist);
651. } else if (!new_alist) {
652. new_alist = new ApplicableList(this.log, domWin.document, domWin);
653. this.setExpando(domWin,"applicable_rules",new_alist);
654. }
655. return new_alist;
656. },
657.  
658. asyncOnChannelRedirect: function(oldChannel, newChannel, flags, callback) {
659. this.onChannelRedirect(oldChannel, newChannel, flags);
660. callback.onRedirectVerifyCallback(0);
661. },
662.  
663. get_prefs: function(prefBranch) {
664. if(!prefBranch) prefBranch = PREFBRANCH_ROOT;
665.  
666. // get our preferences branch object
667. // FIXME: Ugly hack stolen from https
668. var branch_name;
669. if(prefBranch === PREFBRANCH_RULE_TOGGLE)
670. branch_name = "extensions.https_everywhere.rule_toggle.";
671. else if (prefBranch === PREFBRANCH_NONE)
672. branch_name = "";
673. else
674. branch_name = "extensions.https_everywhere.";
675. var o_prefs = false;
676. var o_branch = false;
677. // this function needs to be called from inside https_everywhereLog, so
678. // it needs to do its own logging...
679. var econsole = Components.classes["@mozilla.org/consoleservice;1"]
680. .getService(Components.interfaces.nsIConsoleService);
681.  
682. o_prefs = Components.classes["@mozilla.org/preferences-service;1"]
683. .getService(Components.interfaces.nsIPrefService);
684.  
685. if (!o_prefs)
686. {
687. econsole.logStringMessage("HTTPS Everywhere: Failed to get preferences-service!");
688. return false;
689. }
690.  
691. o_branch = o_prefs.getBranch(branch_name);
692. if (!o_branch)
693. {
694. econsole.logStringMessage("HTTPS Everywhere: Failed to get prefs branch!");
695. return false;
696. }
697.  
698. if(prefBranch == PREFBRANCH_ROOT) {
699. // make sure there's an entry for our log level
700. try {
701. o_branch.getIntPref(LLVAR);
702. } catch (e) {
703. econsole.logStringMessage("Creating new about:config https_everywhere.LogLevel variable");
704. o_branch.setIntPref(LLVAR, WARN);
705. }
706. }
707.  
708. return o_branch;
709. },
710.  
711. // Are we on Firefox for Android?
712. doMobileCheck: function() {
713. let appInfo = CC["@mozilla.org/xre/app-info;1"].getService(CI.nsIXULAppInfo);
714. let ANDROID_ID = "{aa3c5121-dab2-40e2-81ca-7ea25febc110}";
715. return (appInfo.ID === ANDROID_ID);
716. },
717.  
718. chrome_opener: function(uri, args) {
719. // we don't use window.open, because we need to work around TorButton's
720. // state control
721. args = args || 'chrome,centerscreen';
722. return CC['@mozilla.org/appshell/window-mediator;1']
723. .getService(CI.nsIWindowMediator)
724. .getMostRecentWindow('navigator:browser')
725. .open(uri,'', args );
726. },
727.  
728. tab_opener: function(uri) {
729. var gb = CC['@mozilla.org/appshell/window-mediator;1']
730. .getService(CI.nsIWindowMediator)
731. .getMostRecentWindow('navigator:browser')
732. .gBrowser;
733. var tab = gb.addTab(uri);
734. gb.selectedTab = tab;
735. return tab;
736. },
737.  
738. toggleEnabledState: function() {
739. if(this.prefs.getBoolPref("globalEnabled")){
740. try{
741. // toggling some of these after startup may be inconsequential...
742. // this.obsService.removeObserver(this, "sessionstore-windows-restored");
743. this.obsService.removeObserver(this, "profile-before-change");
744. this.obsService.removeObserver(this, "profile-after-change");
745. OS.removeObserver(this, "cookie-changed");
746. OS.removeObserver(this, "http-on-modify-request");
747. OS.removeObserver(this, "http-on-examine-merged-response");
748. OS.removeObserver(this, "http-on-examine-response");
749.  
750. var catman = Components.classes["@mozilla.org/categorymanager;1"]
751. .getService(Components.interfaces.nsICategoryManager);
752. catman.deleteCategoryEntry("net-channel-event-sinks", SERVICE_CTRID, true);
753.  
754. var dls = CC['@mozilla.org/docloaderservice;1']
755. .getService(CI.nsIWebProgress);
756. dls.removeProgressListener(this);
757.  
758. this.prefs.setBoolPref("globalEnabled", false);
759. }
760. catch(e){
761. this.log(WARN, "Couldn't remove observers: " + e);
762. }
763. }
764. else{
765. try{
766. this.obsService.addObserver(this, "profile-before-change", false);
767. this.obsService.addObserver(this, "profile-after-change", false);
768. // this.obsService.addObserver(this, "sessionstore-windows-restored", false);
769. OS.addObserver(this, "cookie-changed", false);
770. OS.addObserver(this, "http-on-modify-request", false);
771. OS.addObserver(this, "http-on-examine-merged-response", false);
772. OS.addObserver(this, "http-on-examine-response", false);
773.  
774. var dls = CC['@mozilla.org/docloaderservice;1']
775. .getService(CI.nsIWebProgress);
776. dls.addProgressListener(this, CI.nsIWebProgress.NOTIFY_LOCATION);
777.  
778. this.log(INFO,"ChannelReplacement.supported = "+ChannelReplacement.supported);
779.  
780. if(!Thread.hostRunning)
781. Thread.hostRunning = true;
782.  
783. var catman = Components.classes["@mozilla.org/categorymanager;1"]
784. .getService(Components.interfaces.nsICategoryManager);
785. // hook on redirections (non persistent, otherwise crashes on 1.8.x)
786. catman.addCategoryEntry("net-channel-event-sinks", SERVICE_CTRID,
787. SERVICE_CTRID, false, true);
788.  
789. HTTPSRules.init();
790. this.prefs.setBoolPref("globalEnabled", true);
791. }
792. catch(e){
793. this.log(WARN, "Couldn't add observers: " + e);
794. }
795. }
796. },
797.  
798. toggleHttpNowhere: function() {
799. let prefService = Services.prefs;
800. let thisBranch =
801. prefService.getBranch("extensions.https_everywhere.http_nowhere.");
802. let securityBranch = prefService.getBranch("security.");
803.  
804. // Whether cert is treated as invalid when OCSP connection fails
805. let OCSP_REQUIRED = "OCSP.require";
806.  
807. // Branch to save original settings
808. let ORIG_OCSP_REQUIRED = "orig.ocsp.required";
809.  
810.  
811. if (thisBranch.getBoolPref("enabled")) {
812. // Restore original OCSP settings. TODO: What if user manually edits
813. // these while HTTP Nowhere is enabled?
814. let origOcspRequired = thisBranch.getBoolPref(ORIG_OCSP_REQUIRED);
815. securityBranch.setBoolPref(OCSP_REQUIRED, origOcspRequired);
816.  
817. thisBranch.setBoolPref("enabled", false);
818. this.httpNowhereEnabled = false;
819. } else {
820. // Save original OCSP settings in HTTP Nowhere preferences branch.
821. let origOcspRequired = securityBranch.getBoolPref(OCSP_REQUIRED);
822. thisBranch.setBoolPref(ORIG_OCSP_REQUIRED, origOcspRequired);
823.  
824. // Disable OCSP enforcement
825. securityBranch.setBoolPref(OCSP_REQUIRED, false);
826.  
827. thisBranch.setBoolPref("enabled", true);
828. this.httpNowhereEnabled = true;
829. }
830. }
831. };
832.  
833. var prefs = 0;
834. var econsole = 0;
835. function https_everywhereLog(level, str) {
836. if (prefs == 0) {
837. prefs = HTTPSEverywhere.instance.get_prefs();
838. econsole = Components.classes["@mozilla.org/consoleservice;1"]
839. .getService(Components.interfaces.nsIConsoleService);
840. }
841. try {
842. var threshold = prefs.getIntPref(LLVAR);
843. } catch (e) {
844. econsole.logStringMessage( "HTTPS Everywhere: Failed to read about:config LogLevel");
845. threshold = WARN;
846. }
847. if (level >= threshold) {
848. dump("HTTPS Everywhere: "+str+"\n");
849. econsole.logStringMessage("HTTPS Everywhere: " +str);
850. }
851. }
852.  
853. /**
854. * XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4).
855. * XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6).
856. */
857. if (XPCOMUtils.generateNSGetFactory)
858. var NSGetFactory = XPCOMUtils.generateNSGetFactory([HTTPSEverywhere]);
859. else
860. var NSGetModule = XPCOMUtils.generateNSGetModule([HTTPSEverywhere]);
861.  
862. /* vim: set tabstop=4 expandtab: */