-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Just log things. No visualization yet
- Loading branch information
Showing
7 changed files
with
129 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
var db = openDatabase( | ||
'referrer_log', | ||
'', | ||
"A log of referrer data you leak to third parties on the web", | ||
64 * 1024 * 1024 // 64 megs | ||
); | ||
|
||
db.changeVersion('', '1', function(tx) { | ||
tx.executeSql( | ||
"CREATE TABLE requests (" + | ||
" id INTEGER PRIMARY KEY AUTOINCREMENT," + | ||
" created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP," + | ||
" req_url TEXT," + | ||
" req_domain TEXT," + | ||
" req_root TEXT," + | ||
" ref_url TEXT," + | ||
" ref_domain TEXT," + | ||
" ref_root TEXT" + | ||
")" | ||
); | ||
["req_domain", "req_root", "ref_domain", "ref_root"].forEach(function(idx) { | ||
tx.executeSql( | ||
"CREATE INDEX " + idx + "_idx ON requests (" + idx + ")" | ||
); | ||
}); | ||
}); | ||
|
||
function db_insert_request(req, ref) { | ||
db.transaction(function(tx) { | ||
tx.executeSql( | ||
"INSERT INTO requests (req_url, req_domain, req_root, ref_url, " + | ||
"ref_domain, ref_root) VALUES (?, ?, ?, ?, ?, ?)", | ||
[req.href, req.host, req.root, ref.href, ref.host, ref.root] | ||
); | ||
}); | ||
} | ||
|
||
function db_reset() { | ||
db.transaction(function(tx) { | ||
tx.executeSql("DELETE FROM requests"); | ||
}); | ||
} |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
function hook(e) { | ||
// We're only interested in http (and https) | ||
if (window.location.protocol.indexOf("http") == -1) { | ||
return; | ||
} | ||
|
||
var req = parse_url(e.url), ref = parse_url(document.location.href); | ||
|
||
// We're only really interested in cross-domain requests. This is some sort of | ||
// poor approximation of same-origin. ish. | ||
if (req.root == ref.root) { | ||
return; | ||
} | ||
|
||
// Log it! | ||
chrome.extension.sendRequest({'msg': 'log', 'req': req, 'ref': ref}); | ||
} | ||
|
||
document.addEventListener('beforeload', hook, true); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
<html> | ||
<script type="text/javascript" src="db.js"></script> | ||
<script type="text/javascript" src="util.js"></script> | ||
<script type="text/javascript" src="logger.js"></script> | ||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
function log(msg, cb) { | ||
// We actually do a bit more filtering on this end. We only want requests | ||
// which have cookies attached (CDN URLs don't count, for instance), and we | ||
// don't have access to the cookie API from the injected script | ||
chrome.cookies.getAll({url: msg.req.href}, function(cookies) { | ||
if (cookies && cookies.length > 0) { | ||
// We're sending cookies. Potential spying. Rut roh! | ||
// Turns out you can get a lot of data from a request even if explicit | ||
// tracking cookies aren't involved. However, since that's considerably | ||
// more complex (from the service provider's point of view) and since | ||
// doing the traditional tracker cookie thing is so easy, we'll assume | ||
// that's what everyone is doing. This is probably Mostly Correct (tm) | ||
db_insert_request(msg.req, msg.ref); | ||
} | ||
}); | ||
} | ||
|
||
var handlers = { | ||
'log': log | ||
}; | ||
|
||
chrome.extension.onRequest.addListener(function(req, sender, cb) { | ||
// Simple dispatch. It's super effective! | ||
handlers[req.msg](req, cb); | ||
}); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
{ | ||
"name": "Double Cross", | ||
"version": "0.1.0", | ||
"description": "Spy on the websites that spy on your web activity", | ||
"browser_action": { | ||
"default_icon": "images/icon.png" | ||
}, | ||
"permissions": [ | ||
"<all_urls>", | ||
"background", | ||
"cookies", | ||
"unlimitedStorage" | ||
], | ||
"background_page": "logger.html", | ||
"content_scripts": [{ | ||
"matches": ["http://*/*", "https://*/*"], | ||
"js": ["util.js", "inject.js"], | ||
"run_at": "document_start", | ||
"all_frames": true | ||
}] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
// This probably isn't particularly rigorous. We're trying to go from | ||
// google.com -> google.com | ||
// news.google.com -> google.com | ||
var root_re = /((?:[^.]+\.)?[^.]+)$/; | ||
|
||
function parse_url(url) { | ||
// This is a hack. I don't want to parse the URL, so make a fake <a> instead | ||
var a = document.createElement('a'); | ||
a.href = url; | ||
return { | ||
"href": a.href, | ||
"host": a.host, | ||
"root": root_re.exec(a.host)[1], | ||
"protocol": a.protocol | ||
}; | ||
} |