4.2.1 User Scripts

Thorin-Oakenpants edited this page Aug 30, 2018 · 14 revisions

We recommend Violentmonkey or similar to run these

:exclamation: These require @run-at document-start and may not work due to limitations in the web extensions API: as of 20-Apr-2018;

  • Violentmonkey: all but conceal window.opener work, which we've made into an extension, see window.opener be gone
  • Greasemonkey : all three work with the legacy extension but not the 4.x+ web extension branch

If you would like to submit any scripts to be added to this list, please post a new issue for consideration, thanks. Please stick to scripts that deal with increasing security/privacy, and reducing tracking/fingerprinting.

:small_orange_diamond: Conceal history.length

  • Author: Thorin-Oakenpants
  • Description: This does not break history in any way. It just lies to any JS asking about it. Your actual (max) history is controlled by browser.sessionhistory.max_entries which is a per tab setting.
  • Test: BrowserSpy.dk
  • :exclamation: This userscript is easily detectable !
    • CanvasBlocker (v0.5.3-RC1 and newer) supports history.length spoofing without leaking the custom function. (see "History API")
'Conceal history.length' userscript

// ==UserScript==
// @name        Conceal history.length
// @description Intercepts read access to history.length property
// @namespace   localhost
// @include     *
// @run-at      document-start
// @version     1.0.1
// @grant       none
// ==/UserScript==

let _history={length:history.length};
Object.defineProperty(history,'length',{
  get: function() {
    if (_history.length > 2) {
      return 2;
    } else {
      return _history.length;
    }
  }
});

:small_orange_diamond: Conceal window.name

  • Author: Chris Rider
  • Description: See bugzilla 444222
  • Test: JonDonym
    • Note: you need to add http://ip-check.info/?lang=en as an exception. This is the landing page with the "Test" link on it. Without this exception you cannot do the test. To add an exception go to your User Script and click Options and add it under "Excluded Pages"
  • reported breakage (3rd party): paypal, disqus (just add exceptions)
  • :exclamation: This userscript is easily detectable !
'Conceal window.name' userscript

// ==UserScript==
// @name        Conceal window.name
// @description Intercepts read access to window.name property.
// @namespace   localhost
// @include     *
// @run-at      document-start
// @version     1.0.1
// @grant       none
// ==/UserScript==

var _window={name:window.name};
Object.defineProperty(window,'name',{
    get:function()
    {
	//No CAPTCHA reCAPTCHA
	if(/^https:\/\/www\.google\.com\/recaptcha\/api2\/(?:anchor|frame)\?.+$/.test(window.location.href)&&/^I[0-1]_[1-9][0-9]+$/.test(_window.name))
	{
		return _window.name;
	}
	else
	{
		if(_window.name!='')
		{
		console.warn('Intercepted read access to window.name "'+_window.name+'" from '+window.location);
		}
		return '';
	}
}
});

:small_orange_diamond: Clear window.opener

'Clear window.opener' userscript

// ==UserScript==
// @name        Clear window.opener
// @description Prevents tampering with window.opener.
// @namespace   localhost
// @include     *
// @run-at      document-start
// @version     1.0
// @grant       none
// ==/UserScript==

if (window.opener != null)
{
window.opener = null;
console.warn('Cleared window.opener!');
}

:small_orange_diamond: Other Scripts

These scripts are not written, maintained, or tested by us. It is your responsibility to make sure they keep working.

  • Disable AutofillPhishing
    • Disables autofill of input fields which are not on the screen
    • Note: The ghacks user.js disables all autofill
  • remove_t.co
    • Bypass t.co redirection from Twitter external links
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.