From b1fd42c7da114c2d99e1a0cdff2f208ff1d43854 Mon Sep 17 00:00:00 2001
From: 409H <409H@users.noreply.github.com>
Date: Tue, 18 Feb 2020 19:30:43 +0000
Subject: [PATCH 1/5] Changed default rpc provider. Added logic to
blacklist/block from a malicious domain with path
---
js/DomainBlacklist.js | 27 +++++++++++++++++++++++++++
js/options.js | 29 ++++++++++++++++++++++++++---
static/phishing/phishing-notices.js | 13 ++++++++++---
static/phishing/phishing.html | 22 ++++++++++++++++++++--
4 files changed, 83 insertions(+), 8 deletions(-)
diff --git a/js/DomainBlacklist.js b/js/DomainBlacklist.js
index 8f44a3ac..c8b54dc9 100644
--- a/js/DomainBlacklist.js
+++ b/js/DomainBlacklist.js
@@ -112,6 +112,33 @@
return false;
}
+
+ // Now check the full path (ie: YouTube because of fake livestreams and telegra.ph)
+ objBrowser.runtime.sendMessage({func: "blacklist_uri_list"}, function (objResponse) {
+ if (objResponse && objResponse.hasOwnProperty("resp")) {
+ let uris = JSON.parse(objResponse.resp)
+ uris.domains.push("youtube.com/watch?v=QTnx2mAkbQc")
+ let windowLoc = window.location.href.replace(/^https?\:\/\/|www\./g,'');
+ uris.domains.forEach(f => {
+ let r = new RegExp(`^(${f.replace(/[.*+?^${}()|[\]\\\/]/g, '\\$&')})`, 'g');
+ console.log(r)
+ console.log(r.exec(windowLoc))
+ console.log(f === windowLoc || (r.exec(windowLoc) !== null))
+ console.log(windowLoc)
+
+ if(f === windowLoc || (r.exec(windowLoc) !== null)) {
+ console.warn(`${windowLoc} webpage is blacklisted by EAL - Blacklisted`);
+ window.location.href = chrome.runtime.getURL('/static/phishing/phishing.html#'+ btoa(window.location.href) +'#uri');
+
+ objBrowser.runtime.sendMessage({func: "change_ext_icon", "icon": "blacklisted", "type": "blacklisted"}, function(objResponse) {
+ // Icon should be a different colour now.
+ });
+
+ return false;
+ }
+ })
+ }
+ });
}
//Now do the 3rd party domain list check if they have that option enabled.
diff --git a/js/options.js b/js/options.js
index 4be0ea91..5bcc7efc 100644
--- a/js/options.js
+++ b/js/options.js
@@ -113,6 +113,10 @@ objBrowser.runtime.onMessage.addListener(
console.log("Getting 3p blacklisted domain list");
strResponse = getBlacklistedDomains("3p");
break;
+ case 'blacklist_uri_list' :
+ console.log("Getting the blacklist uri list");
+ strResponse = getBlacklistedDomains("uri");
+ break;
case 'use_3rd_party_blacklists' :
//This option is enabled by default
if(localStorage.getItem("ext-etheraddresslookup-use_3rd_party_blacklist") === null) {
@@ -147,13 +151,13 @@ objBrowser.runtime.onMessage.addListener(
break;
case 'rpc_provider' :
if(localStorage.getItem("ext-etheraddresslookup-rpc_node") === null) {
- strResponse = "https://freely-central-lark.quiknode.io/9fe4c4a0-2ea2-4ac1-ab64-f92990cd2914/118-xxADc8hKSSB9joCb-g==/";
+ strResponse = "https://mainnet.infura.io/v3/02b145caa61b49998168f2b97d4ef323";
} else {
strResponse = localStorage.getItem("ext-etheraddresslookup-rpc_node");
}
break;
case 'rpc_default_provider' :
- strResponse = "https://freely-central-lark.quiknode.io/9fe4c4a0-2ea2-4ac1-ab64-f92990cd2914/118-xxADc8hKSSB9joCb-g==/";
+ strResponse = "https://mainnet.infura.io/v3/02b145caa61b49998168f2b97d4ef323";
break;
case 'perform_address_lookups' :
//This option is enabled by default
@@ -349,6 +353,13 @@ function getBlacklistedDomains(strType)
"repo": "http://api.infura.io/v1/blacklist",
"identifer": "eal"
},
+ "uri": {
+ "timestamp": 0,
+ "domains": [],
+ "format": "plain",
+ "repo": "https://raw.githubusercontent.com/409H/EtherAddressLookup/master/blacklists/uri.json",
+ "identifer": "uri"
+ },
"third_party": {
"phishfort": {
"timestamp": 0,
@@ -380,8 +391,13 @@ function getBlacklistedDomains(strType)
}
strType = strType || "eal";
+ if(strType === "eal") {
+ strType = "";
+ } else {
+ strType = `${strType}_`;
+ }
- return localStorage.getItem(`ext-etheraddresslookup-${strType === 'eal' ? '' : '3p_'}blacklist_domains_list`);
+ return localStorage.getItem(`ext-etheraddresslookup-${strType}blacklist_domains_list`);
}
function updateAllBlacklists(objEalBlacklistedDomains)
@@ -393,6 +409,13 @@ function updateAllBlacklists(objEalBlacklistedDomains)
localStorage.setItem("ext-etheraddresslookup-blacklist_domains_list", JSON.stringify(objEalBlacklistedDomains.eal));
});
+ getBlacklistedDomainsFromSource(objEalBlacklistedDomains.uri).then(function (arrDomains) {
+ objEalBlacklistedDomains.uri.timestamp = Math.floor(Date.now() / 1000);
+ objEalBlacklistedDomains.uri.domains = arrDomains.filter((v,i,a)=>a.indexOf(v)==i);
+
+ localStorage.setItem("ext-etheraddresslookup-uri_blacklist_domains_list", JSON.stringify(objEalBlacklistedDomains.uri));
+ });
+
if( [null, 1].indexOf(localStorage.getItem("ext-etheraddresslookup-use_3rd_party_blacklist")) >= 0) {
getBlacklistedDomainsFromSource(objEalBlacklistedDomains.third_party.phishfort).then(function (arrDomains) {
diff --git a/static/phishing/phishing-notices.js b/static/phishing/phishing-notices.js
index 52837191..5a63c30d 100644
--- a/static/phishing/phishing-notices.js
+++ b/static/phishing/phishing-notices.js
@@ -1,5 +1,6 @@
//Show the user why it's blocked
var b = window.location.href.split("#");
+
console.log("Domain is blacklisted because: "+(b[b.length-1].toLowerCase()));
switch(b[b.length-1].toLowerCase()) {
case 'punycode':
@@ -22,12 +23,18 @@ switch(b[b.length-1].toLowerCase()) {
case 'blacklisted':
document.getElementById("blacklisted").style.display = 'block'
break;
+ case 'uri':
+ document.getElementById("uri").style.display = 'block'
+ break;
default:
// No default action.
break;
}
//Populate the link to EtherScamDB
-let cleandomain = encodeURI(b[1].replace(/https?\:?\/?\/?w{0,3}\.?/,"").replace(/\/$/,""));
-document.getElementById("link-etherscamdb").href = "https://etherscamdb.info/domain/"+cleandomain;
-document.getElementById("link-etherscamdb").textContent = "https://etherscamdb.info/domain/"+cleandomain;
\ No newline at end of file
+if(b[b.length-1].toLowerCase() !== "uri") {
+ document.getElementById("esdb-link").style.display = "block";
+ let cleandomain = encodeURI(b[1].replace(/https?\:?\/?\/?w{0,3}\.?/,"").replace(/\/$/,""));
+ document.getElementById("link-etherscamdb").href = "https://etherscamdb.info/domain/"+cleandomain;
+ document.getElementById("link-etherscamdb").textContent = "https://etherscamdb.info/domain/"+cleandomain;
+}
\ No newline at end of file
diff --git a/static/phishing/phishing.html b/static/phishing/phishing.html
index 97001f76..e16ce3a1 100644
--- a/static/phishing/phishing.html
+++ b/static/phishing/phishing.html
@@ -73,6 +73,10 @@
#blacklisted {
border-left: 4px solid #D49990;
}
+
+ #uri {
+ border-left: 4px solid #f0ef0e;
+ }
@@ -92,15 +96,19 @@
This domain is blocked because it is too similar to a domain in our fuzzy list.
If you want to access this domain and you're sure it's safe, please disable the behaviour in the EtherAddressLookup settings.
+
+
This webpage is blocked because it is on our blacklist.
+ If you want to access this domain and you're sure it's safe, please disable the behaviour in the EtherAddressLookup settings.
+
This domain is blocked because it is on our blacklist.
If you want to access this domain and you're sure it's safe, please disable the behaviour in the EtherAddressLookup settings.
-
+
This is because you have enabled Warn of blacklisted domains setting on 
EtherAddressLookup Browser Extension.
You can turn this setting off, but it's advised not to as we blacklisted the domain for a reason.
If you feel this domain is wrongly blacklisted, please open a new issue on GitHub
- To read more about this, visit https://etherscamdb.info/domain/
+ To read more about this, visit https://etherscamdb.info/domain/
@@ -119,6 +127,16 @@
Helpful Tips:
Try seeking out a trustworthy, secure link on your own. Top Google results (not
Google Ads!), Verified Twitter accounts, or asking someone you know & trust. Once you find the
correct URL, bookmark it!
+
Nobody is giving away free money. Scammers are trying to impersonate official looking channels
+ to convince you to perform a trust trading scam (by sending them money in return for more money sent back). This
+ is a common scam that we have written about it numerous times:
+
+
From adfb7e2bd6022fb6749c97c3c6b20b2364981849 Mon Sep 17 00:00:00 2001
From: 409H <409H@users.noreply.github.com>
Date: Tue, 18 Feb 2020 19:32:17 +0000
Subject: [PATCH 2/5] Removed debug
---
js/DomainBlacklist.js | 4 ----
1 file changed, 4 deletions(-)
diff --git a/js/DomainBlacklist.js b/js/DomainBlacklist.js
index c8b54dc9..66e014da 100644
--- a/js/DomainBlacklist.js
+++ b/js/DomainBlacklist.js
@@ -121,10 +121,6 @@
let windowLoc = window.location.href.replace(/^https?\:\/\/|www\./g,'');
uris.domains.forEach(f => {
let r = new RegExp(`^(${f.replace(/[.*+?^${}()|[\]\\\/]/g, '\\$&')})`, 'g');
- console.log(r)
- console.log(r.exec(windowLoc))
- console.log(f === windowLoc || (r.exec(windowLoc) !== null))
- console.log(windowLoc)
if(f === windowLoc || (r.exec(windowLoc) !== null)) {
console.warn(`${windowLoc} webpage is blacklisted by EAL - Blacklisted`);
From 659f52b75e6280d9877088a20282b55d715b7a07 Mon Sep 17 00:00:00 2001
From: 409H <409H@users.noreply.github.com>
Date: Tue, 18 Feb 2020 19:39:08 +0000
Subject: [PATCH 3/5] Added sanity check
---
static/phishing/phishing-notices.js | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/static/phishing/phishing-notices.js b/static/phishing/phishing-notices.js
index 5a63c30d..e9d4d868 100644
--- a/static/phishing/phishing-notices.js
+++ b/static/phishing/phishing-notices.js
@@ -33,7 +33,9 @@ switch(b[b.length-1].toLowerCase()) {
//Populate the link to EtherScamDB
if(b[b.length-1].toLowerCase() !== "uri") {
- document.getElementById("esdb-link").style.display = "block";
+ if(document.getElementById("esdb-link")) {
+ document.getElementById("esdb-link").style.display = "block";
+ }
let cleandomain = encodeURI(b[1].replace(/https?\:?\/?\/?w{0,3}\.?/,"").replace(/\/$/,""));
document.getElementById("link-etherscamdb").href = "https://etherscamdb.info/domain/"+cleandomain;
document.getElementById("link-etherscamdb").textContent = "https://etherscamdb.info/domain/"+cleandomain;
From fa405e791b1e81acfda8798888954fdf78957b2e Mon Sep 17 00:00:00 2001
From: 409H <409H@users.noreply.github.com>
Date: Tue, 18 Feb 2020 19:39:15 +0000
Subject: [PATCH 4/5] Version bump
---
manifest.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/manifest.json b/manifest.json
index b94ac276..598eac12 100644
--- a/manifest.json
+++ b/manifest.json
@@ -4,7 +4,7 @@
"name": "EtherAddressLookup",
"short_name": "EtherAddressLookup",
"description": "Adds links to strings that look like Ethereum addresses to your favorite blockchain explorer + antiphishing measures.",
- "version": "1.22",
+ "version": "1.23",
"browser_action": {
"default_icon": "images/ether-128x128.png",
From aab1d2600ce0edabb40be14198afccb5700080a4 Mon Sep 17 00:00:00 2001
From: 409H <409H@users.noreply.github.com>
Date: Tue, 18 Feb 2020 21:41:27 +0000
Subject: [PATCH 5/5] Added logic to detect URL change onclick for sites like
YouTube
---
js/DomainBlacklist.js | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/js/DomainBlacklist.js b/js/DomainBlacklist.js
index 66e014da..d43f3405 100644
--- a/js/DomainBlacklist.js
+++ b/js/DomainBlacklist.js
@@ -1,14 +1,27 @@
(function() {
let objBrowser = chrome ? chrome : browser;
- //Get the blacklist domains option for the user
- objBrowser.runtime.sendMessage({func: "blacklist_domains"}, function(objResponse) {
- if(objResponse && objResponse.hasOwnProperty("resp")) {
- if(objResponse.resp == 1) {
- blacklistedDomainCheck();
+ let strInitHref = window.location.href;
+
+ function init(){
+ //Get the blacklist domains option for the user
+ objBrowser.runtime.sendMessage({func: "blacklist_domains"}, function(objResponse) {
+ if(objResponse && objResponse.hasOwnProperty("resp")) {
+ if(objResponse.resp == 1) {
+ blacklistedDomainCheck();
+ }
}
+ });
+ }
+
+ init();
+
+ window.onclick = function(e) {
+ if(strInitHref !== window.location.href) {
+ strInitHref = window.location.href;
+ init();
}
- });
+ }
//Detects if the current tab is in the blacklisted domains file
function blacklistedDomainCheck() {
@@ -117,7 +130,6 @@
objBrowser.runtime.sendMessage({func: "blacklist_uri_list"}, function (objResponse) {
if (objResponse && objResponse.hasOwnProperty("resp")) {
let uris = JSON.parse(objResponse.resp)
- uris.domains.push("youtube.com/watch?v=QTnx2mAkbQc")
let windowLoc = window.location.href.replace(/^https?\:\/\/|www\./g,'');
uris.domains.forEach(f => {
let r = new RegExp(`^(${f.replace(/[.*+?^${}()|[\]\\\/]/g, '\\$&')})`, 'g');