diff options
36 files changed, 2527 insertions, 83 deletions
@@ -1,13 +1,13 @@ ### License -* /cloudflare-tor/bcma (Block Cloudflare MITM Attack) -- [MIT License](https://notabug.org/themusicgod1/cloudflare-tor/src/master/bcma/LICENSE.txt) -* /cloudflare-tor/globalist (Globalist) -- [GNU GPLv3](https://notabug.org/themusicgod1/cloudflare-tor/src/master/globalist/LICENSE) -* /cloudflare-tor/ismitmlink/ (Are links vulnerable to MITM attack?) -- [MIT License](https://notabug.org/themusicgod1/cloudflare-tor/src/master/ismitmlink/LICENSE) -* /cloudflare-tor/not_cloudflare/whyrejectme (Which website rejected me?) -- [MIT License](https://notabug.org/themusicgod1/cloudflare-tor/src/master/ismitmlink/LICENSE) +* addon_firefox/* -- MIT License +* addon_chrome/* -- MIT License +* globalist (Globalist) -- [GNU GPLv3](https://notabug.org/themusicgod1/cloudflare-tor/src/master/globalist/LICENSE) +* not_cloudflare/whyrejectme (Which website rejected me?) -- [MIT License](https://notabug.org/themusicgod1/cloudflare-tor/src/master/ismitmlink/LICENSE) * Else -- [PUBLIC DOMAIN (CC0)](https://web.archive.org/web/https://creativecommons.org/share-your-work/public-domain/cc0/) -This repository, cloudflare-tor, is in the PUBLIC DOMAIN (CC0). +This repository, _cloudflare-tor_, is in the PUBLIC DOMAIN (CC0). It was created anonymously, in public, for the use of the world to resist [Cloudflare](https://cloudflare.com/). -Contributors who have anonymously contributed (including in CryptoParty) have since come forward to give this project their blessing. +Contributors who have anonymously contributed (including in [CryptoParty](https://cryptoparty.at/cryptoparty_wien_53)) have since come forward to give this project their blessing. @@ -1,3 +1,12 @@ +*2019.04.04* + +@holydevil@birdsite: +``` +The log file from your iOS app shows that you do track personal information, like device name, UUID, and an identifier - install_id That contradicts what you have in your blogpost - “We don't write user-identifiable log data to disk” +``` + +https://twitter.com/holydevil/status/1112769739045158912 + *2019.03.13* @thexpaw@birdsite: @@ -1,10 +1,15 @@ -# Other Voice +# Other Voices  +"_You shouldn't use it if you value visitor's privacy._" -- [Searxes](https://searxes.danwin1210.me/) + ``` format: - "[TITLE](https://full.link/blog.html)" by [Who](Link) + Not Twitter, Toot + > "[TITLE](https://full.link/blog.html)" by [Who](Link) + Twitter, Toot + > "[SHORT TEXT]" by @[Who](Link) Sort: Recent article: top @@ -15,19 +20,39 @@ Disqualify: - Twitter/Mastodon: too short text ``` +###### Can't find your URL? Don't be shy, notify us. + +------ + +###### News + +"[Internet security CEO explained why his company exposed people to harassment, and suggested they should've used fake names](https://web.archive.org/web/20171024040313/http://www.businessinsider.com/cloudflare-ceo-suggests-people-who-report-online-abuse-use-fake-names-2017-5)" by [Julie Bort](http://www.businessinsider.com/author/julie-bort) + +"[Cloudflare CEO Terminates Neo-Nazi Site After 'Waking Up in a Bad Mood'](https://www.zerohedge.com/news/2017-08-17/cloudflare-ceo-terminates-neo-nazi-site-after-waking-bad-mood)" by [The_Real_Fly](https://www.zerohedge.com/users/therealfly) + +"[Cloudflare CEO on Terminating Service to Neo-Nazi Site: 'The Daily Stormer Are Assholes'](https://gizmodo.com/cloudflare-ceo-on-terminating-service-to-neo-nazi-site-1797915295)" by [Kate Conger](https://kinja.com/conger) + +"[Zaradi hrošča iz Cloudflara več mesecev curljalo](https://slo-tech.com/novice/t694836/p5445996)" by [Slo-Tech](https://slo-tech.com/) + +"[Everything You Need to Know About Cloudbleed, the Latest Internet Security Disaster](https://gizmodo.com/everything-you-need-to-know-about-cloudbleed-the-lates-1792710616)" by [Adam Clark Estes](https://kinja.com/ace) + +"[Why Cloudflare Let an Extremist Stronghold Burn](https://www.wired.com/story/free-speech-issue-cloudflare/)" by [Steven Johnson](https://www.wired.com/author/steven-johnson/) + ------ ###### Blog (Just don't add Medium.com articles. It's cloudflared. It doesn't matter he/she write great article) +"[I don’t trust Cloudflare’s 1.1.1.1 App and Warp VPN](https://blog.kareldonk.com/i-dont-trust-cloudflares-1-1-1-1-app-and-warp-vpn/)" by [Karel Donk](https://blog.kareldonk.com/) + "[Don’t Use Cloudflare Because You Impose This on People Who Least Want It](http://techrights.org/2019/02/17/the-cloudflare-trap/)" by [Dr. Roy Schestowitz](http://techrights.org/) "[Cloudflare: The bad, the worse and the ugly?](http://webschauder.de/cloudflare-the-bad-the-worse-and-the-ugly/)" by [Alle Beiträge](http://webschauder.de/author/jw/) "[I don’t trust Cloudflare with IPFS](https://blog.kareldonk.com/i-dont-trust-cloudflare-with-ipfs/)" by [Karel Donk](https://blog.kareldonk.com/) -"[Cloudflare IPFS experiment](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/cloudflare-IPFS-experiment.html)" by [Joe](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/index.html) - ([archive](http://archive.fo/139z1)) +"[Cloudflare IPFS experiment](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/cloudflare-IPFS-experiment.html)" by [Joe](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/index.html) [[mirror](http://archive.fo/139z1)] "[Don't Trust CloudFlare](https://write.lain.haus/thufie/dont-trust-cloudflare)" by [@lunaterra@cyberia.social](https://cyberia.social/@lunaterra) @@ -35,6 +60,8 @@ Disqualify: "[Support End-to-End Encryption on the Web](https://www.wordfence.com/blog/2017/03/support-end-to-end-encryption/)" by [Mark Maunder](https://www.wordfence.com/) +"[MITM-as-a-Service: The Threat Surface We Didn’t Know We Had](http://daveshackleford.com/?p=1134)" by [Shack](twitter.com/daveshackleford/) + "[Journal CloudFlare au milieu](https://linuxfr.org/users/thibg/journaux/cloudflare-au-milieu)" by [ThibG](https://linuxfr.org/) "[why you shouldn’t use Cloudflare](https://tech.tiq.cc/2016/01/why-you-shouldnt-use-cloudflare/)" by [tiq](https://tech.tiq.cc/) @@ -51,9 +78,13 @@ Disqualify: "[iSucker: Big Brother Internet Culture](https://exiledonline.com/isucker-big-brother-internet-culture/)" by [The Exiled](https://exiledonline.com/) +"[Growing Cloudflare Menace](http://imhhge4lijqv7jzf.onion/warning.html)" + ------ -###### Forum +###### Forum / Wiki + +"[Anonym im Internet - Inhaltsverzeichnis](https://wiki.kairaven.de/open/anon/netzwerk/anet)" by [Kairaven](https://hp.kairaven.de) "[Issues with corporate censorship and mass surveillance](https://www.torproject.org/projects/tor/ticket/18361)" by [Jacob Appelbaum](https://twitter.com/ioerror) @@ -66,3 +97,381 @@ Disqualify: "[How likely is it that CloudFlare is an NSA operation?](https://www.quora.com/How-likely-is-it-that-CloudFlare-is-an-NSA-operation/answer/Hamid-Sarfraz)" by quora "[cloudflare 是如何转发 HTTPS 流量的?](https://www.v2ex.com/t/406759)" by [feast](https://www.v2ex.com/member/feast) + +"[Cloudflare – The Asocial](http://asocialfz7ncw5ui.onion/articles/internet/cloudflare.html)" by [ASocial](https://theasocial.github.io/) [[mirror](https://theasocial.github.io/articles/internet/cloudflare.html)] + +"[CloudFlare – Sipuliwiki 3](http://nla423n3gyyunhci.onion/index.php?title=CloudFlare)" + +"[fuckcloudflare/cloudflare-tor](http://volagitvnzf3o56b.onion/cgit/fuckcloudflare/cloudflare-tor/)" + +------ + +###### Twitter (aka "Birdsite") + +"Cloudflare's CEO and abuse head block me over arguing about their support of abusive websites. Trolls fear transparency." by @[dxgl_org](https://twitter.com/dxgl_org/status/1123622959124549632) + +"Defenders are screwed. Plus users are screwed as they lose all control of privacy to companies like cloudflare." by @[hrbrmstr](https://twitter.com/hrbrmstr/status/1121180307091271680) + +"CloudFlare is breaking everything." by @[sukarodo](https://twitter.com/sukarodo/status/1124283685304512512) + +"Thought my Website was a Phishing Suspect, Cloudflare decided to force a Nasty Don't Enter notice on my E-store domain. No notifications to me at all!" by @[modaitalysuits](https://twitter.com/modaitalysuits/status/1122986421109682176) + +"RSS Feed is behind the Cloudflare DDoS protection. My RSS Reader is self hosted, so it is impossible for it to retrieve any feeds" by @[GarcaMan2](https://twitter.com/GarcaMan2/status/1121234101657321474) + +"Mais comment osez-vous parler de "respect des données personnelles"? Votre site est bourré de traceur en tout genre! Pire vous routez vos utilisateurs via cloudflare aux USA!" by @[Armdias](https://twitter.com/Armdias/status/1120957817693847557) + +"Avoid and ask any website you use why they are using them and to stop ASAP." by @[larrybeck_](https://twitter.com/larrybeck_/status/1120840099112026112) + +"Zero Cloudflare, our site scores a 98% on pagespeed.. Really cant see any benefit to using cloudflare at all" by @[WESHUK](https://twitter.com/WESHUK/status/1120817837499650048) + +"I read a description of CloudFlare as a "man-in-the-middle attack on the entire internet" and now I'm just a LIIIIIITLE bit conflicted." by @[ianbeck](https://twitter.com/ianbeck/status/1120814430239907840) + +"Cloud flare you overdoing everything. Now i need to do a CAPTCHA for every page i visit. It surely changes how we use the web." by @[Kemboidickson](https://twitter.com/Kemboidickson/status/1115317470078930951) + +"IP's are being blacklisted and denied access to any site using Cloudflare." by @[purplepopoto](https://twitter.com/purplepopoto/status/1118415845296762880) + +"My IP got flagged for spam cause I tried logging into VRChat when they were having issues. Now I keep getting captchas for everything" by @[Fleurfurr](https://twitter.com/Fleurfurr/status/1118385992938020867) + +"the equivalent of a Flash-required splash page 20 years ago. It makes you look stupid." by @[skry](https://twitter.com/skry/status/1096832011631681537) + +"You say you're in IT but don't acknowledge the SPOF issue in cloudflare (right after privacy issues and Tor users problems to access your content)?" by @[Idfollowher](https://twitter.com/Idfollowher/status/1094339678516449282) + +"I can't even reach the "contact us' without cloudflare banning my IP because of 'rate limit'." by @[SirIsaacIn1905](https://twitter.com/SirIsaacIn1905/status/1091368707484311552) + +"Mind telling me why everything your apart of thinks im a Robot?" by @[BrewManChew_](https://twitter.com/BrewManChew_/status/1118618347174858753) + +"I've always referred to CloudFlare as the 'global passive adversary ya momma warned you about'." by @[NetworkString](https://twitter.com/NetworkString/status/1120073249189179392) + +"They'll have to monetize data eventually, likely with an unnoticed tweak to their ToS." by @[phyzonloop](https://twitter.com/phyzonloop/status/1119703561087148032) + +"#Cloudflare increases its MITM'ing of the web with a free #VPN for mobile. Best to avoid IMO." by @[sweepthenet](https://twitter.com/sweepthenet/status/1113086245159256066) + +"Not playing the game is the best thing for anyone who wants to use the internet without being blocked." by @[Ares_CVR](https://twitter.com/Ares_CVR/status/1118429720515891200) + +"VRChatのようなゲームはCAPTCHAフォームを受け取ることができないので、ブラックリストに捕まった人々は事実上ゲームをプレイすることができません。" by @[Meowkyway222](https://twitter.com/Meowkyway222/status/1118427292676476929) + +"今日からなんか各地のサイトでCloudflareとかいうページが表示されてcaptchaのチェックをやたら求められるようになった" by @[yagamo54](https://twitter.com/yagamo54/status/1118115780984311809) + +"クライアントがバグって意図せず攻撃者のような大量アクセスしてCloudflare大激怒でVRCユーザーのIPアドレスがブラックリスト入りってことかね" by @[bironist](https://twitter.com/bironist/status/1118474120960757760) + +"バグが原因でCloudflare使ってるWebサービス全体にIPブロックされてる" by @[JO2PEG](https://twitter.com/JO2PEG/status/1118506271651401728) + +"What’s going on with this cloud flare thing it’s locked me out of all website" by @[Xiverta](https://twitter.com/Xiverta/status/1118417249222529024) + +"Cloudflare run DoH and do Man-In-the-middle of the century" by @[FernandoGont](https://twitter.com/FernandoGont/status/1106469002807779330) + +"It's not a fully-encrypted experience. In fact, Cloudflare becomes, by definition, a Man In The Middle (MITM) -- and at mass scale!" by @[FernandoGont](https://twitter.com/FernandoGont/status/1077984986144354304) + +"I guess #cloudflare's business model is #spam (and man-in-the-middle attacks on #tls)" by @[christophe0o](https://twitter.com/christophe0o/status/1069295953478336517) + +"Our users are actually customers, and we look out for them and strive to satisfy them. Unlike the lying #Clownflare, which wants to be an MITM." by @[brettglass](https://twitter.com/brettglass/status/1118543682385399809) + +"You buy the "free" service with your sites traffic.a.k.a mitm the heck out of you." by @[cireumayn1](https://twitter.com/cireumayn1/status/1114673721355251712) + +"Who the hell is cloudflare and why do they block access" by @[TheCubanEdge](https://twitter.com/TheCubanEdge/status/1120513042704404480) + +"Why should we trust cloudflare to MITM all our traffic as a VPN when there are such bad security practices in place with existing products?" by @[GvilleComputer](https://twitter.com/GvilleComputer/status/1113046802566131713) + +"So, you are actually putting the trust in a commercial provider that is already in a position to find out very private details about you?" by @[h3artbl33d](https://twitter.com/h3artbl33d/status/1112763751353200642) + +"Cloudflare seems to be protecting it a bit too much" by @[spitf1r3](https://twitter.com/spitf1r3/status/1104908643017940992) + +"all web traffic is routed through CloudFlare - which is an adversary to privacy (MitM by design)" by @[h3artbl33d](https://twitter.com/h3artbl33d/status/1111982937707298816) + +"Aren't Cloudflare themselves the biggest MITM around?" by @[auspicacious](https://twitter.com/auspicacious/status/1111500313259724803) + +"This Cloudflare error is popping up on a ton of sites all of a sudden. It doesn't seem to be malware or anything..." by @[Eltalite](https://twitter.com/Eltalite/status/1118011155509682176) + +"When #Cloudflare and #Google prevent you from watching a government's parliamentary debates. Does that count as interfering with democratic processes?" by @[STP_KITT](https://twitter.com/STP_KITT/status/1113442207619358720) + +"I MADE A BILL PAYMENT BUGGING IT OUT AND IT DOUBLE CHARGED ME CAUSE OF IT." by @[The_FoxGod](https://twitter.com/The_FoxGod/status/1118579858437578752) + +"People find themselves met with a brick wall of endless captcha requests any time they try to go to a cloudflare-protected website, and they can't even submit a ticket to Cloudflare about it because they're protected, obviously. " by @[RiDakuYazumi](https://twitter.com/RiDakuYazumi/status/1118512842959929344) + +"Blind people simply can't pass them. Your test is failing at telling humans & computers apart." by @[axelsimon](https://twitter.com/axelsimon/status/1094303636350529536) + +"My IP was blocked by Cloudflare because I can't access a variety of websites without the CAPTCHA page showing up. I also can't play RuneLiteClient anymore." by @[MohamedMounib3](https://twitter.com/MohamedMounib3/status/1119654593867075586) + +"Hey ProtonVPN some of your servers in PT are blocked by cloudflare" by @[brecke](https://twitter.com/brecke/status/1118896499121897474) + +"Your support of Cloudflare's spyware and lies demonstrates that, again, you're either misguided or malevolent." by @[brettglass](https://twitter.com/brettglass/status/1119720600363261953) + +"It wants to be a 'man in the middle' between you and the Internet, and between Web sites and the Internet." by @[brettglass](https://twitter.com/brettglass/status/1119721137263534081) + +"I don't know why I was banned from access government website." by @[abidavid1199](https://twitter.com/abidavid1199/status/1119734124821057536) + +"You've officially banned my country via CloudFlare's firewall. I honestly, sincerely hope your company goes bankrupt because this is pure bs." by @[ii0wii](https://twitter.com/ii0wii/status/1119520320703143941) + +"I had a friend who got banned by cloudflare" by @[WhisperMute](https://twitter.com/WhisperMute/status/1118946685324070914) + +"Hey guess what! i got ip banned by Cloudflare Woohoo!" by @[cearealkillas](https://twitter.com/cearealkillas/status/1118626896143511552) + +"vrchat fucked up and ended up having bunch people banned from cloudflare so no one could login i cant even watch anime" by @[LoliGoddess_VR](https://twitter.com/LoliGoddess_VR/status/1118424623392202752) + +"Imagine being so incompetent at networking that you get your users flagged for spam from cloudflare, you guys are a joke" by @[SilverTheFlat](https://twitter.com/SilverTheFlat/status/1118203335973244934) + +"Cloudflare is trash, has always been trash, and will continue to be trash." by @[justkelly_ok](https://twitter.com/justkelly_ok/status/897519768323768320) + +"You probably got blacklisted by Cloudflare like a good amount of people" by @[Mertvyi_](https://twitter.com/Mertvyi_/status/1118550942394109957) + +"Only started today. I am definitely not a robot!" by @[TheReal_blue166](https://twitter.com/TheReal_blue166/status/1087778908324458496) + +"Ridiculous CAPTCHA usage, Cloudflare Edition; 'not a robot' to refresh the API key for an account that's already locked behind credentials + MFA, and requiring the password." by @[sindarina](https://twitter.com/sindarina/status/1042085625032257536) + +"I spent my day telling Cloudflare every 5 min on every site that i'm not a robot." by @[morhac](https://twitter.com/morhac/status/1017409748482719744) + +"People are being blacklisted by cloudflare, and the fact that it's literally all down to the vrc devs, this will end with a lawsuit" by @[Retr0Fighter](https://twitter.com/Retr0Fighter/status/1118487667094765569) + +"This little VRChat bug is banning people from actual millions of websites with very few convenient fixes." by @[RiDakuYazumi](https://twitter.com/RiDakuYazumi/status/1118514780652879872) + +"DO NOT GO ON THE VRCHAT WEBSITE THEY WILL ALSO BLOCK YOUR IP" by @[ECW117](https://twitter.com/ECW117/status/1118477598202507265) + +"Im so damn annoyed with this Cloudflare stuff" by @[styloVR](https://twitter.com/styloVR/status/1118545393158119425) + +"Gonna quit VRChat for a bit to avoid a cloudflare ban. This isn't gonna end pretty for the dev team at all." by @[iamblssm](https://twitter.com/iamblssm/status/1118621746326675457) + +"Cloudflare like to act as champions of free speech, but as soon as protections for free speech disappear, they all but rolled over and censored that speech." by @[ThisIsMissEm](https://twitter.com/ThisIsMissEm/status/1118390074557775872) + +"I am stuck at an infinite loading screen trying to load the game. This has also caused my IP to be flagged by Cloudflare" by @[Etna_AD](https://twitter.com/Etna_AD/status/1118393520077901824) + +"GOT FLAGGED FROM CLOUDFLARE FOR PLAYING/STREAMING VRChat SO NO STREAM TODAY" by @[odomfire](https://twitter.com/odomfire/status/1118263523002519553) + +"How do I fix the cloudfare from popping up. This has made it Impossible for me to even stream." by @[RealTypey](https://twitter.com/RealTypey/status/1118272161607749632) + +"ISPs don't sell customer DNS data. Cloudflare is fearmongering in an effort to garner DNS traffic to spy on and sell its VPN" by @[brettglass](https://twitter.com/brettglass/status/1118202225715752960) + +"You're lying about your paid product, too. VPNs don't protect privacy, because their exit nodes are easy for governments to monitor." by @[brettglass](https://twitter.com/brettglass/status/1118271101665255432) + +"can you unflag my ip please. its actually stoping me from doing anything" by @[churchillvr](https://twitter.com/churchillvr/status/1118164231860432896) + +"So much for transparency. If they have nothing to hide, why block me?" by @[phyzonloop](https://twitter.com/phyzonloop/status/1118229040777826305) + +"Seems like your Cloudflare waf rule is blocking me!" by @[JobinNixHive](https://twitter.com/JobinNixHive/status/1118242827731914754) + +"Tu veux nous informer d'un problème? Ok, mais donne tes données personnelles avant." by @[fladna9](https://twitter.com/fladna9/status/1037585196802101249) + +"Your Cloudflare config is being screwy & blocking my wife’s IP (which has been the same IP for over a year) which is screwing up her stream." by @[alexanderhanff](https://twitter.com/alexanderhanff/status/1115660493669191680) + +"Cloudflare's WAF blocking Googlebot. Is this accurate? Even this morning I woke up and noticed another page dropped" by @[madhacks](https://twitter.com/madhacks/status/1114577907114856448) + +"I'm super tired of websites deciding what I want, or indeed who I am, based on my current geolocation." by @[storyneedle](https://twitter.com/storyneedle/status/1084821216597135360) + +"I’m fucking tired of cloudflare and their nonsense grandstanding about DoH." by @[JumpyBirdBird](https://twitter.com/JumpyBirdBird/status/1065536618667270145) + +"i’m getting tired of cloud flare’s captcha on every single site" by @[riyadhalnur](https://twitter.com/riyadhalnur/status/729191160917319680) + +"Hate captcha. Hate Cloud Flare." by @[EconomicMayhem](https://twitter.com/EconomicMayhem/status/723348151181164544) + +"So nice of cloud flare to use a captcha provider that doesn’t appear to work inside China, thus completely blocking sites." by @[albertren](https://twitter.com/albertren/status/716233184833196032) + +"eww I got cloudflarecaptcha'd again… too lazy to search for a good pic tho, so I'll just pretend I didn't click link for once" by @[yuki_the_maven](https://twitter.com/yuki_the_maven/status/708468683430039552) + +"I'm having trouble getting to your site, everytime i try to get to it, cloud flare seems to block me" by @[slurpeerun](https://twitter.com/slurpeerun/status/1067652451270967296) + +"You have Cloudflare on your website and you're blocking access from entire countries?" by @[dec23k](https://twitter.com/dec23k/status/1111961153742213121) + +"hey Cloudflare, why do you suck so much? you've blocked my ability to use streamlabs while streaming." by @[Sam41gaming](https://twitter.com/Sam41gaming/status/1101413577796153344) + +"#Cloudflare Owns the encryption keys to the servers that collected the data from the 2018 voting machines." by @[MaggieMaeMooCow](https://twitter.com/MaggieMaeMooCow/status/1062775200192770048) + +"What about stop using stupid Cloudflare!" by @[x61sh](https://twitter.com/x61sh/status/1116808798897868800) + +"I don’t want to select pictures with a car plate to read a fuckin article on web" by @[umurgdk](https://twitter.com/umurgdk/status/1116649566416162818) + +"クラウドフレアっていうやつにアクセス拒否くらってる模様" by @[notmoneybutrust](https://twitter.com/notmoneybutrust/status/1114273590944210944) + +"If you use 1.1.1.1, cloudflare will be able to snoop on what you do on the Internet." by @[neirbowj](https://twitter.com/neirbowj/status/1116545712668516352) + +" Cloudflare blocks a bunch of people without giving you any choice in the matter. If you're using cloudflare you are allowing them to censor who hits your site." by @[jeffcliff1](https://twitter.com/jeffcliff1/status/1108142374776176640) + +"It breaks a lot of things for me, like images stop loading on Twitter or some apps straight up don’t work." by @[ScottishBakery](https://twitter.com/ScottishBakery/status/1116673794855272449) + +"Not just you. CloudFlare got interrupted a few times today." by @[guyothersome](https://twitter.com/guyothersome/status/1116471262132436994) + +"1.1.1.1 prevents some apps from working, in particular I have problems connecting with the app" by @[SCRWD](https://twitter.com/SCRWD/status/1116291854759354371) + +"First, you create a problem. Then, you pretend to solve that problem." by @[switch_d](https://twitter.com/switch_d/status/1116039082977533952) + +"Cloudflare DNS is flaking out ugh" by @[sleepingkyoto](https://twitter.com/sleepingkyoto/status/1115014195286646784) + +"Tell eastdakota it's not nice to block me. He said in his YouTube interviews that #censorship is bad." by @[phyzonloop](https://twitter.com/phyzonloop/status/1067177577519898626) + +"They want to be a single point of failure once again and they've already failed once" by @[wombatush](https://twitter.com/wombatush/status/1114464442794643461) + +"This special treatment is inexcusable" by @[saleemrash1d](https://twitter.com/saleemrash1d/status/1114289465760075776) + +"You are KILLING the #internet and aiding #surveillance agenda of #GAFAM and others" by @[Dr. Roy](https://twitter.com/schestowitz/status/1067299259593175040) + +"The log file from your iOS app shows that you do track personal information" by @[holydevil](https://twitter.com/holydevil/status/1112769739045158912) + +"Which part of the privacy policy allows you to share data with marketing crap" by @[thexpaw](https://twitter.com/thexpaw/status/1108424723233419264) + +"Can you explain why I am blocked from accessing your site?" by @[Susan_Larson_TN](https://twitter.com/Susan_Larson_TN/status/1110207775311912966) + +"Did my questions and comments hit a little too close to home so you BLOCKED ME?" by @[phyzonloop](https://twitter.com/phyzonloop/status/1109133085336047617) + +"Why is your site blocking me?" by @[flarn2006](https://twitter.com/flarn2006/status/1107837140359094273) + +"It's pretty bad as half the internet is behind Cloudflare." by @[Skyfusion89](https://twitter.com/Skyfusion89/status/1101600562355859456) + +"Cloudflare has me blocked." by @[JacobyDave](https://twitter.com/JacobyDave/status/1095411772851474434) + +"People really ought to stop using/trusting cloudflare. it's a disgusting centralized morally compromised CDN." by @[drwdal](https://twitter.com/drwdal/status/1113171715234902018) + +"anyone who uses cloudflare as an authority is promoting corporatization and effectively introducing an opportunity for MITM" by @[drwdal](https://twitter.com/drwdal/status/1113172243981496320) + +"Please stop using Cloudflare's CDN. They blocked my IP" by @[actual_mishaor](https://twitter.com/actual_mishaor/status/1112285872311934976) + +"Cloudflare is a threat to the internet, and makes it harder for visitors of your website to protect their right to privacy." by @[Mr. Jeff](https://twitter.com/jeffcliff1/status/1105832648096862208) + +"WTF! Just stop! Patreon Cloudflare and many others..." by @[umurgdk](https://twitter.com/umurgdk/status/1113323739221962752) + +"I could not access the email because of cloudflare." by @[DouglasLindquis](https://twitter.com/DouglasLindquis/status/1115990146011344896) + +"I have tried but API cannot be used because of Cloudflare" by @[miningpoolstats](https://twitter.com/miningpoolstats/status/1113810320710098944) + +"Akamai states that 0.2% of Tor exit nodes had malicious requests, yet CloudFlare claims 94%" by @[musalbas](https://twitter.com/musalbas/status/717316725973389313) + +"I'm starting to think that #CloudFlare is post-irony with their non-functional or just broken captchas" by @[ioerror](https://twitter.com/ioerror/status/715168927639343109) + +"It gets even better. SOLVE ALL THE CAPTCHAS" by @[metabubble](https://twitter.com/metabubble/status/715206027793338368) + +"CloudFlare is gathering the web and centralizes it, I don't see any good aspect in this" by @[fuolpit](https://twitter.com/fuolpit/status/715942023564550144) + +"At work, a very large client had major issues due to cloudflare misconfig. Don't use CloudFlare." by @[Dr. Roy](https://twitter.com/schestowitz/status/1036861493155962881) + +"Fuck me CloudFlare Captchas are just impossibly difficult. Yet to succeed tonight … are you trying to block people as well" by @[badlydrawnrob](https://twitter.com/badlydrawnrob/status/602964063308636160) + +"So you intermittently block me from viewing sites on your platform, and refuse to even address my questions about it." by @[2012_04_28](https://twitter.com/2012_04_28/status/314180120518750209) + +"Go away cloudflare, don't block me from my own website!" by @[liamgooding](https://twitter.com/liamgooding/status/115736397645746176) + +"You successful manage to block me, and fail to display why" by @[kaareal](https://twitter.com/kaareal/status/42885552793595904) + +"Requested a refund. You guys refuse to do so. Trying to call goes to voice mail and support by email give me lame excuses." by @[thenitai](https://twitter.com/thenitai/status/1116433441598451712) + +"genau von denen bin ich wenig begeistert..." by @[r00tthebox](https://twitter.com/r00tthebox/status/1115627988924751873) + +"Ist übrigens die IP-Adresse von Cloudflare für die Homepage der JusoSchweiz, die ihr das blockiert." by @[sacovo](https://twitter.com/sacovo/status/1093541275326910464) + +"Dass CloudFlare selbst TOR blockiert, ist denen wohl nicht aufgefallen." by @[kamikazow](https://twitter.com/kamikazow/status/570943630539689984) + +"Cloudflare blockiert TOR-Exit-Nodes." by @[schild202](https://twitter.com/schild202/status/557770010450726912) + +"Sites on Cloudflare blocked me upon browsing. Please fix." by @[lino_almojuela](https://twitter.com/lino_almojuela/status/742721270861553665) + +"Achievement Unlocked! Cloudflare has blocked me. Oh, whatever shall I do???" by @[thisisgab2](https://twitter.com/thisisgab2/status/1062518618087481345) + +"It's blocked by Cloudflare for me" by @[motters](https://twitter.com/motters/status/723902453939339264) + +"My access to all cloudflare websites seem to be blocked." by @[MrDHat](https://twitter.com/MrDHat/status/980777153116569600) + +"CloudFlare doesn’t like me… I have been ‘blocked’ by CloudFlare…" by @[bryanbrake](https://twitter.com/bryanbrake/status/706958626154393601) + +"CloudFlare would not and won’t let me connect to & open that link." by @[ZEPHYoRUS](https://twitter.com/ZEPHYoRUS/status/1085240244872597504) + +"Torをホワイトリストに追加していてもブロックしてくるCloudflare" by @[CheenaBlog](https://twitter.com/CheenaBlog/status/1042413641449005056) + +"CloudFlareのCDNをウイルスバスターがブロックしちゃって見れない" by @[_iro](https://twitter.com/_iro/status/734991531724017664) + +"Error 520と表示されてページが見れない。" by @[halpas_blog](https://twitter.com/halpas_blog/status/843401976280829953) + +"ここ数日ずっとCloudFlareのerror 522で見れない。" by @[usunekoserv_pub](https://twitter.com/usunekoserv_pub/status/689752546991181824) + +"IT Cell found a way to secure their website: they banned French IPs" by @[fs0c131y](https://twitter.com/fs0c131y/status/1110989388295467008) + +"Cloudflare thinks I'm a robot and is blocking the most annoying preflight requests without letting me do a captcha." by @[enjalot](https://twitter.com/enjalot/status/1107085704591347712) + +"Solving captcha puzzles for Google every single time due to your Cloudflare protection just ruins the whole experience." by @[chowdhuryrahul](https://twitter.com/chowdhuryrahul/status/1115132766603972609) + +"I am unable to login to android app, tried using credentials, reinstalling app, nothing worked." by @[prasadthombre](https://twitter.com/prasadthombre/status/1112950318537625600) + +"Cloudflare has traditionally thrown CAPTCHAs aggressively enough at VPN users to degrade the browsing experience." by @[mbarnath](https://twitter.com/mbarnath/status/1112969137389617152) + +"Very few websites aren't using it meaning the majority of warp traffic is easily decrypted." by @[nathanielrsuchy](https://twitter.com/nathanielrsuchy/status/1113120866672525314) + +"Cloudflare captcha is annoying af" by @[YourAnonNews](https://twitter.com/YourAnonNews/status/762340768845598720) + +"What’s up with the forced #CloudFlare captcha page today?" by @[Aybara](https://twitter.com/Aybara/status/1113462534172946432) + +"CAPTCHA protest outside CloudFlare rightscon party!" by @[ageis](https://twitter.com/ageis/status/715353166666027008) + +"The truth behind Google Captcha, Analytics, CloudFlare is Covert Espionage and Mass Surveillance." by @[Casey_Comendant](https://twitter.com/Casey_Comendant/status/1116417797007921152) + +"Tor CloudFlare Captcha #TellASadStoryin3Words" by @[YrB1rd](https://twitter.com/YrB1rd/status/834539628791209984) + +"CloudFlare is such trash, is there anything comparable that DOESN'T suck???" by @[radix42](https://twitter.com/radix42/status/834543824047190016) + +"Your blog post wasn't worth the cloudflare captcha i solved to read it" by @[agentdero](https://twitter.com/agentdero/status/707293903418822656) + +"Cloudflare's aggressive use of google captcha basically means the trade-off of using a vpn is training google's self-driving cars." by @[frnsys](https://twitter.com/frnsys/status/1072504815152959488) + +"cfc;dr = cloudflare captcha; didn't read." by @[mrphs](https://twitter.com/mrphs/status/710867596959227904) + +"Each time I fill out a Cloudflare captcha I grow slightly more suspicious that I may in fact be a robot..." by @[projectgus](https://twitter.com/projectgus/status/979152953297715202) + +"Select grass, copy-paste text, click "not a robot", select storefronts. Not getting better." by @[shiromarieke](https://twitter.com/shiromarieke/status/785557109962317825) + +"Getting the Cloudflare captcha for everything today!" by @[TheHodge](https://twitter.com/TheHodge/status/1009091924639322114) + +"Tor user in Iran can't read content behind CloudFlare" by @[attractr](https://twitter.com/attractr/status/717790178786586625) + +"I gave up after the text captcha step." by @[jordansissel](https://twitter.com/jordansissel/status/692508531455582209) + +"Why don't you just commit to only using Tor Browser for all of next week and see what it's like for yourself?" by @[hdevalence](https://twitter.com/hdevalence/status/698967506057347072) + +"Every time I have to do an image Captcha it's a dead giveaway that Cloudflare services are used." by @[StateExempt](https://twitter.com/StateExempt/status/1111613302914908160) + +"I just encountered a site with a fake #Cloudfail #CAPTCHA dialog to trick people reflexively clicking on it." by @[Nin_99](https://twitter.com/Nin_99/status/1112174288323383299) + +"You're making the use of your site pretty difficult for #TOR users." by @[Sebastian Bürgel](https://twitter.com/SCBuergel/status/1114492792875700225) + +"I dislike Cloudflare they always block my VPN which I use to keep ads and trackers at bay" by @[nonesuchzach](https://twitter.com/nonesuchzach/status/782238922009042948) + +"Ugh, anoying services. You block me because i use a VPN, WHY?" by @[_ruis_](https://twitter.com/_ruis_/status/827105441264054272) + +"You now seemingly have every single IP block for PIA's VPN service in the US at least temporarily blocked via Cloudflare" by @[theonlymattlach](https://twitter.com/theonlymattlach/status/892201755035013121) + +"Plz stop using Cloudflare.They block VPN and proxies ment to enhance our privacy." by @[claw137](https://twitter.com/claw137/status/892397825245536257) + +"Your cloudflare-hosted site blocks my VPN so I can't even buy your VPN while using a competitor." by @[focusaurus](https://twitter.com/focusaurus/status/942968457909456898) + +"Most use Cloudflare+CAPTCHAs to filter." by @[r0h1n](https://twitter.com/r0h1n/status/778788564519845888) + +"TorGuard uses CloudFlare They are #antiprivacy and block #VPN users!" by @[SPC_Bitcoin](https://twitter.com/SPC_Bitcoin/status/702699563342106625) + +"One large company (CloudFlare) deciding who can visit what." by @[OhNoItsFusl](https://twitter.com/OhNoItsFusl/status/680144362773319681) + +"So CloudFlare you block my surf because I'm behind a vpn protection?" by @[manuzful](https://twitter.com/manuzful/status/677474770867351553) + +"Never heard of cloudflare until network connectivity denied me" by @[1nzimande](https://twitter.com/1nzimande/status/690223994038030337) + +"Access denied. What have you done, the CloudFlare cyberpolice are now out to get me!" by @[nyarth](https://twitter.com/nyarth/status/287603063668228096) + +"You differentiate humans from bots." "Well fuck that." by @[magi093](https://twitter.com/magi093/status/1097480616050860032) + +"Does anyone know if Saudi Arabia likes to filter Cloudflare?" by @[ralphholz](https://twitter.com/ralphholz/status/859565090395144192) + +"Really wish you didn't block my IP with Cloud Flare. I'd join and support if I could." by @[DeborahPeasley](https://twitter.com/DeborahPeasley/status/801186753746903041) + +"Link uses Cloud Flare to block IPs of those of us who browse anonymously" by @[DeborahPeasley](https://twitter.com/DeborahPeasley/status/568445705020420096) + +"Someone tell me how to bypass cloud flare so I can add..." by @[Shh_Its_Raghav](https://twitter.com/Shh_Its_Raghav/status/967888191201185793) + +"Today I learned that Cloudflare is doing more to censor the internet than the Great Firewall of China" by @[pabloduboue](https://twitter.com/pabloduboue/status/682394633641549829) + +"If you're a daily Tor user like me, you should get used to contacting the services you use and ask them to #DontBlockTor" by @[yawnbox](https://twitter.com/yawnbox/status/847182068853428225) + +------ + +###### Mastodon + +"Cloudflare is among the worst organisations I've seen from a privacy and security standpoint, same as Google, Facebook, et al." by @[amolith](https://masto.nixnet.xyz/@amolith/101919558389894089) + +"I liked them until I saw #Cloudflare." by @[amolith](https://masto.nixnet.xyz/@amolith/101588202702599511) + +"#Cloudflare #surveillance marketed as "fast"" by @[Dr. Roy](https://pleroma.site/objects/a24125f1-c3c3-4138-ad22-1fb9327b80c8) + +"I wonder if the implied subtext is that YOU ARE THE FOOL for using these services. :-) " by @[MateJ](https://social.matej-lach.me/@MatejLach/101851464970639410) + +"I dream of blocking #Cloudflare and #ReCaptcha" by @[Chuculate](https://niu.moe/@Chuculate/101834414084670347)
\ No newline at end of file @@ -4,11 +4,11 @@  -It is called this in reference to the [Great Firewall of China](https://www.comparitech.com/privacy-security-tools/blockedinchina/) which does a comparable job of filtering out *some* people from seeing web content(ie everyone in mainland china and some people outside) while at the same time those not affected to see a dratically different web, a web free of censorship of such images as ["tank man"](https://en.wikipedia.org/wiki/Tank_Man). +It is called this in reference to the [Great Firewall of China](https://www.comparitech.com/privacy-security-tools/blockedinchina/) which does a comparable job of filtering out *some* people from seeing web content (ie everyone in mainland China and some people outside) while at the same time those not affected to see a dratically different web, a web free of censorship of such images as ["tank man"](https://en.wikipedia.org/wiki/Tank_Man).  -Cloudflare similarly prevents those in southeast asia and elsewhere who have poor internet connectivity from accessing the websites behind it(for example, they could be behind 7+ layers of NAT) unless they solve multiple image CAPTCHAs. Cloudflare also has a massive [harassment problem](https://web.archive.org/web/20171024040313/http://www.businessinsider.com/cloudflare-ceo-suggests-people-who-report-online-abuse-use-fake-names-2017-5). [Tor users](https://www.torproject.org/) and [VPN users](https://airvpn.org/topic/23090-cloudflare-often-bans-my-ip-address/) are a victim. +Cloudflare similarly prevents those in southeast asia and elsewhere who have poor internet connectivity from accessing the websites behind it (for example, they could be behind 7+ layers of NAT) unless they solve multiple image CAPTCHAs. Cloudflare also has a massive [harassment problem](https://web.archive.org/web/20171024040313/http://www.businessinsider.com/cloudflare-ceo-suggests-people-who-report-online-abuse-use-fake-names-2017-5). [Tor users](https://www.torproject.org/) and [VPN users](https://airvpn.org/topic/23090-cloudflare-often-bans-my-ip-address/) are a victim.  @@ -24,15 +24,28 @@ Do you really want to share your data with Cloudflare, and also 3-letter agency?  +Cloudflare also offer _FREE_ VPN service called "[Cloudflare Warp](https://blog.cloudflare.com/1111-warp-better-vpn/)". If you use it, all your smartphone connections are sent to Cloudflare servers. Cloudflare can know which website you've read, what comment you've posted, who you've talked to, etc. You are voluntary giving [all your information](https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-478686469) to Cloudflare. If you think "_Are you joking? Cloudflare is secure._" then you need to learn how [VPN works](https://en.wikipedia.org/wiki/VPN). + +You might already know about the [PRISM](https://en.wikipedia.org/wiki/PRISM_(surveillance_program)) scandal. It is true that AT&T lets NSA to [copy all internet data](https://www.cnet.com/news/at-t-lets-nsa-hide-and-surveil-in-plain-sight-the-intercept-reports/) for surveillance. Let's say you're working at the NSA, and you want _every citizen's internet profile_. You know most of them are blindly trusting Cloudflare and using it to proxy their personal website, chat website, forum website, bank website, insurance website, search engine, secret member-only website, auction website, shopping, video website, NSFW website, and illegal website. You also know they use Cloudflare's DNS service ("1.1.1.1") and VPN service ("Cloudflare Warp") for "_Secure! Faster! Better!_" internet experience. Combining them with user's IP address, browser fingerprint, cookies and RAY-ID will be useful to build target's online profile. You want their data. [What will you do](https://www.reddit.com/r/privacy/comments/1gb0pa/how_prism_actually_works_1520_att_fiber_optic/)? + + +### Cloudflare is a honeypot. Free honey for everyone. _Some_ strings attached. + +### Do not use Cloudflare. + +### Decentralize the internet. + + + --- This repository is a list of websites that are behind The Great Cloudwall, and also actively blocking Tor users. -Domain list +Domain list - mirrors: [NixNet](https://git.nixnet.xyz/Username/cloudflare-tor), [CodeBerg](https://codeberg.org/Username/cloudflare-tor) * [Domains using Cloudflare](split/) * [Non-Cloudflare but filtering/blocking Tor users](not_cloudflare/) @@ -41,6 +54,9 @@ Information * [Block Global Active Adversary Cloudflare](https://trac.torproject.org/projects/tor/ticket/24351) by nym-zone * [Problem with CloudFlare](https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-460077544) by libBletchley * [Criticism and controversies](https://en.wikipedia.org/wiki/Cloudflare#Criticism_and_controversies) by Wikipedia +* [Cloudflare's Advertisement is just wrong](https://notabug.org/themusicgod1/cloudflare-tor/issues/123) +* [Akamai said 0.2% of Tor exit nodes had malicious requests, yet CloudFlare claims 94%](https://twitter.com/musalbas/status/717316725973389313) ([mirror](https://archive.is/1HkGl)) + There are more details of why what they are doing is wrong available [here](cloudflare-philosophy.md). Also see [Frequently Asked Questions](faq.md). @@ -51,13 +67,27 @@ Also see [Frequently Asked Questions](faq.md). # What can you do? * Read [our list of recommended actions](what-to-do.md) and share it with your friends + * Read [other user's voice](PEOPLE.md) (if you write a blog, tell us your URL) + * Update the domain list: [List instructions](instructions.md) + * Add WTF-Cloudflare news to [NEWS.md](NEWS.md) + * Search something on [Searxes Tor](http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/) or [clearnet](https://searxes.danwin1210.me/) (this will help collecting Searxes' "MITM domains") -* Take a look at [add-on code](ismitmlink/) (how to use "MITM test API") + +* [Tool / Script](https://notabug.org/themusicgod1/cloudflare-tor/src/master/tool) + * Subscribe to  RSS feed: "[The Great Cloudwall News](https://ieji.de/users/crimeflare.rss)" or follow  [crimeflare@ieji.de](https://ieji.de/@crimeflare) +* Take a look at add-on code and try it + +| Name | Firefox | Chrome | +| -------- | -------- | -------- | +| Block Cloudflare MITM Attack | [Code](https://notabug.org/themusicgod1/cloudflare-tor/src/master/addon_firefox/bcma) | [Code](https://notabug.org/themusicgod1/cloudflare-tor/src/master/addon_chrome/bcma) | +| Are links vulnerable to MITM? | [Code](https://notabug.org/themusicgod1/cloudflare-tor/src/master/addon_firefox/ismitmlink) | [Code](https://notabug.org/themusicgod1/cloudflare-tor/src/master/addon_chrome/ismitmlink) | +| Which website rejected me? | [Code](https://notabug.org/themusicgod1/cloudflare-tor/src/master/not_cloudflare/whyrejectme) | - | +  @@ -76,3 +106,4 @@ flagged for spam and will be deleted. See "List of services blocking Tor" for de * [Searxes](https://searxes.danwin1210.me/) meta-search engine * [Block Cloudflare MITM Attack](https://addons.mozilla.org/en-US/firefox/addon/bcma/) add-on +* Some Firefox Add-ons diff --git a/addon_chrome/README.md b/addon_chrome/README.md new file mode 100644 index 00000000..5d625436 --- /dev/null +++ b/addon_chrome/README.md @@ -0,0 +1 @@ +# Add-ons for Ungoogled-Chrome
\ No newline at end of file diff --git a/addon_chrome/bcma/README.md b/addon_chrome/bcma/README.md new file mode 100644 index 00000000..945c9b46 --- /dev/null +++ b/addon_chrome/bcma/README.md @@ -0,0 +1 @@ +.
\ No newline at end of file diff --git a/addon_chrome/ismitmlink/README.md b/addon_chrome/ismitmlink/README.md new file mode 100644 index 00000000..945c9b46 --- /dev/null +++ b/addon_chrome/ismitmlink/README.md @@ -0,0 +1 @@ +.
\ No newline at end of file diff --git a/addon_firefox/README.md b/addon_firefox/README.md new file mode 100644 index 00000000..3de28bec --- /dev/null +++ b/addon_firefox/README.md @@ -0,0 +1 @@ +# Add-ons for Tor Browser / Firefox ESR
\ No newline at end of file diff --git a/addon_firefox/bcma/LICENSE.txt b/addon_firefox/bcma/LICENSE.txt new file mode 100644 index 00000000..4843373f --- /dev/null +++ b/addon_firefox/bcma/LICENSE.txt @@ -0,0 +1,25 @@ +The MIT License + +Copyright (c) 2017 Project BCMA +Copyright (c) 2017 cypherpunks +Copyright (c) 2017 nullius <nullius@nym.zone> +Copyright (c) 2018 Searxes <searxes.danwin1210.me> +Copyright (c) 2018 Jeff Cliff <@jeffcliff@niu.moe> + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/bcma/README.md b/addon_firefox/bcma/README.md index b0ded110..b0ded110 100644 --- a/bcma/README.md +++ b/addon_firefox/bcma/README.md diff --git a/addon_firefox/bcma/anticloudflare.js b/addon_firefox/bcma/anticloudflare.js new file mode 100644 index 00000000..90ece519 --- /dev/null +++ b/addon_firefox/bcma/anticloudflare.js @@ -0,0 +1,854 @@ +/* + "Welcome to PRISM 2.0" +*/ +var cf_flag_ok = 'icons/cf_0.png'; +var cf_flag_ng = 'icons/cf_1.png'; +var force_whitelist = ['searxes.cf', 'thunderbird.net', 'mozilla.org', 'archive.org', 'cloudflare.com', 'cloudflareapps.com', 'cloudflare-dns.com', 'cloudflarestatus.com', 'cloudflareapi.com', 'cloudflare-ipfs.com', 'cloudflare-quic.com']; +var cfdomains = []; +var known_cf_domains = []; + +fetch('bcmadata.txt',{method:'GET'}).then(function (b) { + return b.text(); +}).then(function (b) { + cfdomains = b.split("\n").filter(v=>v!=''); + known_cf_domains = cfdomains; +}); + +var my_cf_collection = []; +var my_cf_ignore = []; +var my_action = 2; + +function onError(e) { + console.log(`BCMA: Error:${e}`); +} + +function get_realdomain(w) { + var wa = w.split('.'); + wa.reverse(); + var wa_l = wa.length; + if (wa_l <= 2) { + return w; + } + if (wa_l >= 3) { + if (wa[0] == 'by' || wa[0] == 'ki' || wa[0] == 'na' || wa[0] == 'tm' || wa[0] == 'vc') { + if (wa[1] == 'com') { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'af' || wa[0] == 'bz' || wa[0] == 'lb' || wa[0] == 'lc' || wa[0] == 'mm' || wa[0] == 'mt' || wa[0] == 'ng' || wa[0] == 'sb' || wa[0] == 'sc' || wa[0] == 'sl') { + if (wa[1] == 'com' || wa[1] == 'edu' || wa[1] == 'gov' || wa[1] == 'net' || wa[1] == 'org') { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'org') { + if (wa[1] == 'ae') { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'gg' || wa[0] == 'je') { + if (wa[1] == 'co' || wa[1] == 'net' || wa[1] == 'org') { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'name') { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + if (wa[0] == 'ag') { + if (['com', 'net', 'org', 'co', 'nom', 'edu', 'gov'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ai') { + if (['off', 'com', 'net', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ao') { + if (['co', 'ed', 'it', 'og', 'pb'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ar') { + if (['com', 'edu', 'gov', 'gob', 'int', 'mil', 'net', 'org', 'tur'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'at') { + if (['gv', 'ac', 'co', 'or'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'au') { + if (['com', 'net', 'org', 'edu', 'gov', 'csiro', 'asn', 'id', 'act', 'nsw', 'nt', 'qld', 'sa', 'tas', 'vic', 'wa'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'az') { + if (['biz', 'com', 'edu', 'gov', 'info', 'int', 'mil', 'name', 'net', 'org', 'pp'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ba') { + if (['com', 'co', 'rs'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'bd') { + if (['com', 'edu', 'ac', 'net', 'gov', 'org', 'mil'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'bh') { + if (['com', 'info', 'cc', 'edu', 'biz', 'net', 'org', 'gov'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'bi') { + if (['ac', 'co', 'com', 'edu', 'gouv', 'gov', 'int', 'mil', 'net', 'or', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'bn') { + if (['com', 'net', 'org', 'edu'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'bo') { + if (['com', 'edu', 'gob', 'gov', 'int', 'mil', 'net', 'org', 'tv'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'br') { + if (['adm', 'adv', 'agr', 'am', 'arq', 'art', 'ato', 'bio', 'blog', 'bmd', 'cim', 'cng', 'cnt', 'com', 'coop', 'ecn', 'edu', 'eng', 'esp', 'etc', 'eti', 'far', 'flog', 'fm', 'fnd', 'fot', 'fst', 'g12', 'ggf', 'gov', 'imb', 'ind', 'inf', 'jor', 'lel', 'mat', 'med', 'mil', 'mus', 'net', 'nom', 'not', 'ntr', 'odo', 'org', 'ppg', 'pro', 'psc', 'psi', 'qsl', 'rec', 'slg', 'srv', 'tmp', 'trd', 'tur', 'tv', 'vet', 'vlog', 'wiki', 'zlg'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'bw') { + if (['org', 'ac', 'co', 'gov'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ci') { + if (['ac', 'co', 'com', 'ed', 'edu', 'go', 'int', 'net', 'or', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ck') { + if (['biz', 'co', 'edu', 'gen', 'gov', 'info', 'net', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'cn') { + if (['ac', 'ah', 'bj', 'com', 'cq', 'edu', 'fj', 'gd', 'gov', 'gs', 'gx', 'gz', 'ha', 'hb', 'he', 'hi', 'hk', 'hl', 'hn', 'jl', 'js', 'jx', 'ln', 'mil', 'mo', 'net', 'nm', 'nx', 'org', 'qh', 'sc', 'sd', 'sh', 'sn', 'sx', 'tj', 'tw', 'xj', 'xz', 'yn', 'zj'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'co') { + if (['com', 'edu', 'gov', 'mil', 'net', 'nom', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'com') { + if (['ar', 'br', 'cn', 'de', 'eu', 'gr', 'hu', 'jpn', 'kr', 'no', 'qc', 'ru', 'sa', 'se', 'uk', 'us', 'uy', 'za'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'cr') { + if (['ac', 'co', 'ed', 'fi', 'go', 'or', 'sa'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'cu') { + if (['com', 'edu', 'org', 'net', 'gov', 'inf'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'cy') { + if (['ac', 'biz', 'com', 'ekloges', 'gov', 'ltd', 'name', 'net', 'org', 'parliament', 'press', 'pro', 'tm'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'do') { + if (['art', 'com', 'edu', 'gob', 'gov', 'mil', 'net', 'org', 'sld', 'web'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'dz') { + if (['art', 'asso', 'com', 'edu', 'gov', 'net', 'org', 'pol'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ec') { + if (['com', 'info', 'net', 'fin', 'med', 'pro', 'org', 'edu', 'gob', 'gov', 'mil'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ee') { + if (['com', 'pri', 'fie', 'med', 'edu', 'lib', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'eg') { + if (['com', 'edu', 'eun', 'gov', 'mil', 'name', 'net', 'org', 'sci'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'es') { + if (['com', 'nom', 'org', 'gob', 'edu'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'et') { + if (['com', 'gov', 'org', 'edu', 'net', 'biz', 'name', 'info'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'fj') { + if (['ac', 'biz', 'com', 'info', 'mil', 'name', 'net', 'org', 'pro'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ge') { + if (['com', 'edu', 'gov', 'mil', 'net', 'org', 'pvt'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'gh') { + if (['com', 'edu', 'gov', 'org', 'mil'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'gi') { + if (['com', 'edu', 'gov', 'ltd', 'mod', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'gl') { + if (wa[1] == 'co' || wa[1] == 'com') { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'gr') { + if (['co', 'com', 'edu', 'gov', 'mil', 'mod', 'net', 'org', 'sch'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'gt') { + if (['com', 'edu', 'net', 'gob', 'org', 'mil', 'ind'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'gy') { + if (['co', 'com', 'edu', 'gov', 'net', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'hk') { + if (['com', 'edu', 'gov', 'idv', 'net', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'hn') { + if (['com', 'edu', 'gob', 'net', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'hr') { + if (wa[1] == 'com' || wa[1] == 'from') { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'hu') { + if (['2000', 'agrar', 'bolt', 'casino', 'city', 'co', 'erotica', 'erotika', 'film', 'forum', 'games', 'hotel', 'info', 'ingatlan', 'jogasz', 'konyvelo', 'lakas', 'media', 'news', 'org', 'priv', 'reklam', 'sex', 'shop', 'sport', 'suli', 'szex', 'tm', 'tozsde', 'utazas', 'video'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'id') { + if (['ac', 'co', 'go', 'mil', 'net', 'or', 'sch', 'web'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'il') { + if (['ac', 'co', 'gov', 'idf', 'k12', 'muni', 'net', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'im') { + if (['ac', 'co', 'com', 'gov', 'net', 'org', 'ro'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'in') { + if (['ac', 'co', 'edu', 'ernet', 'firm', 'gen', 'gov', 'ind', 'mil', 'net', 'org', 'res'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'it') { + if (['co', 'edu', 'gov'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'jm') { + if (['com', 'net', 'org', 'edu', 'gov', 'mil'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'jo') { + if (['com', 'edu', 'gov', 'mil', 'name', 'net', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'jp') { + if (['ac', 'ad', 'co', 'ed', 'go', 'gr', 'lg', 'ne', 'or'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ke') { + if (['ac', 'co', 'go', 'ne', 'or', 'sc'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'kg') { + if (['com', 'edu', 'gov', 'mil', 'net', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'kh') { + if (['com', 'edu', 'gov', 'mil', 'net', 'org', 'per'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'kr') { + if (['ac', 'busan', 'chungbuk', 'chungnam', 'co', 'daegu', 'daejeon', 'es', 'gangwon', 'go', 'gwangju', 'gyeongbuk', 'gyeonggi', 'gyeongnam', 'hs', 'incheon', 'jeju', 'jeonbuk', 'jeonnam', 'kg', 'mil', 'ms', 'ne', 'or', 'pe', 're', 'sc', 'seoul', 'ulsan'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'kw') { + if (['edu', 'com', 'net', 'org', 'gov'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'kz') { + if (['com', 'edu', 'gov', 'mil', 'net', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'lk') { + if (['assn', 'com', 'edu', 'gov', 'grp', 'hotel', 'int', 'ltd', 'net', 'ngo', 'org', 'sch', 'soc', 'web'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ls') { + if (['ac', 'co', 'gov', 'net', 'nul', 'org', 'parliament', 'quadrant'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'lv') { + if (['asn', 'com', 'conf', 'edu', 'gov', 'id', 'mil', 'net', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ly') { + if (['com', 'edu', 'gov', 'id', 'med', 'net', 'org', 'plc', 'sch'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ma') { + if (['ac', 'co', 'gov', 'net', 'org', 'press'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'mk') { + if (['com', 'edu', 'gov', 'inf', 'name', 'net', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'mu') { + if (['ac', 'co', 'com', 'gov', 'net', 'or', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'mx') { + if (['com', 'edu', 'gob', 'net', 'ngo', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'my') { + if (['com', 'edu', 'gov', 'mil', 'name', 'net', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'mz') { + if (['co', 'net', 'org', 'ac', 'gov', 'edu'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'net') { + if (['gb', 'se', 'uk', 'jp'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'nf') { + if (['com', 'net', 'arts', 'store', 'web', 'firm', 'info', 'other', 'per', 'rec'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ni') { + if (['gob', 'co', 'com', 'ac', 'edu', 'org', 'nom', 'net', 'mil'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'np') { + if (['aero', 'asia', 'biz', 'com', 'coop', 'edu', 'gov', 'info', 'jobs', 'mil', 'mobi', 'museum', 'name', 'net', 'org', 'pro', 'travel'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'nr') { + if (['biz', 'com', 'edu', 'gov', 'info', 'net', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'nz') { + if (['ac', 'co', 'cri', 'geek', 'gen', 'govt', 'health', 'iwi', 'maori', 'mil', 'net', 'org', 'parliament', 'school'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'om') { + if (['co', 'com', 'edu', 'gov', 'med', 'museum', 'net', 'org', 'pro'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'pa') { + if (['abo', 'ac', 'com', 'edu', 'gob', 'ing', 'med', 'net', 'nom', 'org', 'sld'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'pe') { + if (['com', 'edu', 'gob', 'mil', 'net', 'nom', 'org', 'sld'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'pg') { + if (['com', 'net', 'ac', 'gov', 'mil', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ph') { + if (['com', 'edu', 'gov', 'mil', 'net', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'pk') { + if (['biz', 'com', 'edu', 'fam', 'gob', 'gok', 'gon', 'gop', 'gos', 'gov', 'net', 'org', 'web'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'pl') { + if (['art', 'bialystok', 'biz', 'com', 'edu', 'gda', 'gdansk', 'gov', 'info', 'katowice', 'krakow', 'lodz', 'lublin', 'mil', 'net', 'ngo', 'olsztyn', 'org', 'poznan', 'radom', 'slupsk', 'szczecin', 'torun', 'warszawa', 'waw', 'wroc', 'wroclaw', 'zgora'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'pn') { + if (['in', 'co', 'eu', 'org', 'net', 'me'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'pr') { + if (['ac', 'biz', 'com', 'edu', 'est', 'gov', 'info', 'isla', 'name', 'net', 'org', 'pro', 'prof'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'pt') { + if (['com', 'edu', 'gov', 'int', 'net', 'nome', 'org', 'publ'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'py') { + if (['com', 'coop', 'edu', 'mil', 'gov', 'org', 'net', 'una'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'qa') { + if (['com', 'edu', 'sch', 'gov', 'mil', 'net', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ru') { + if (['ac', 'adygeya', 'altai', 'amur', 'amursk', 'arkhangelsk', 'astrakhan', 'baikal', 'bashkiria', 'belgorod', 'bir', 'bryansk', 'buryatia', 'cap', 'cbg', 'chel', 'chelyabinsk', 'chita', 'chukotka', 'cmw', 'com', 'dagestan', 'e-burg', 'edu', 'fareast', 'gov', 'grozny', 'int', 'irkutsk', 'ivanovo', 'izhevsk', 'jamal', 'jar', 'joshkar-ola', 'k-uralsk', 'kalmykia', 'kaluga', 'kamchatka', 'karelia', 'kazan', 'kchr', 'kemerovo', 'khabarovsk', 'khakassia', 'khv', 'kirov', 'kms', 'koenig', 'komi', 'kostroma', 'krasnoyarsk', 'kuban', 'kurgan', 'kursk', 'kustanai', 'kuzbass', 'lipetsk', 'magadan', 'magnitka', 'mari', 'mari-el', 'marine', 'mil', 'mordovia', 'mos', 'mosreg', 'msk', 'murmansk', 'mytis', 'nakhodka', 'nalchik', 'net', 'nkz', 'nnov', 'norilsk', 'nov', 'novosibirsk', 'nsk', 'omsk', 'orenburg', 'org', 'oryol', 'oskol', 'palana', 'penza', 'perm', 'pp', 'pskov', 'ptz', 'pyatigorsk', 'rnd', 'rubtsovsk', 'ryazan', 'sakhalin', 'samara', 'saratov', 'simbirsk', 'smolensk', 'snz', 'spb', 'stavropol', 'stv', 'surgut', 'syzran', 'tambov', 'tatarstan', 'test', 'tlt', 'tom', 'tomsk', 'tsaritsyn', 'tsk', 'tula', 'tuva', 'tver', 'tyumen', 'udm', 'udmurtia', 'ulan-ude', 'vdonsk', 'vladikavkaz', 'vladimir', 'vladivostok', 'volgograd', 'vologda', 'voronezh', 'vrn', 'vyatka', 'yakutia', 'yamal', 'yaroslavl', 'yekaterinburg', 'yuzhno-sakhalinsk', 'zgrad'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'sa') { + if (['com', 'edu', 'gov', 'med', 'net', 'org', 'pub', 'sch'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'se') { + if (['a', 'ac', 'b', 'bd', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'k', 'l', 'm', 'n', 'o', 'org', 'p', 'parti', 'pp', 'press', 'r', 's', 't', 'tm', 'u', 'w', 'x', 'y', 'z'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'sg') { + if (['com', 'edu', 'gov', 'idn', 'net', 'org', 'per'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'sv') { + if (['edu', 'gov', 'com', 'org', 'red'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'th') { + if (['ac', 'co', 'go', 'in', 'mi', 'net', 'or'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'tj') { + if (['ac', 'aero', 'biz', 'co', 'com', 'coop', 'dyn', 'edu', 'go', 'gov', 'info', 'int', 'mil', 'museum', 'my', 'name', 'net', 'nic', 'org', 'per', 'pro', 'test', 'web'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'tn') { + if (['agrinet', 'com', 'defense', 'edunet', 'ens', 'fin', 'gov', 'ind', 'info', 'intl', 'mincom', 'nat', 'net', 'org', 'perso', 'rnrt', 'rns', 'rnu', 'tourism'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'tr') { + if (['av', 'bbs', 'bel', 'biz', 'com', 'dr', 'edu', 'gen', 'gov', 'info', 'k12', 'mil', 'name', 'nc', 'net', 'org', 'pol', 'tel', 'tv', 'web'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'tw') { + if (['club', 'com', 'ebiz', 'edu', 'game', 'gov', 'idv', 'mil', 'net', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'tz') { + if (['co', 'ac', 'go', 'or', 'mil', 'sc', 'ne', 'hotel', 'mobi', 'tv', 'info', 'me'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ua') { + if (['at', 'cherkassy', 'chernigov', 'chernovtsy', 'ck', 'cn', 'co', 'com', 'crimea', 'cv', 'dn', 'dnepropetrovsk', 'donetsk', 'dp', 'edu', 'gov', 'if', 'in', 'ivano-frankivsk', 'kh', 'kharkov', 'kherson', 'khmelnitskiy', 'kiev', 'kirovograd', 'km', 'kr', 'ks', 'lg', 'lt', 'lugansk', 'lutsk', 'lviv', 'mk', 'net', 'nikolaev', 'od', 'odessa', 'org', 'pl', 'poltava', 'pp', 'rovno', 'rv', 'sebastopol', 'sumy', 'te', 'ternopil', 'uz', 'uzhgorod', 'vinnica', 'vn', 'yalta', 'zaporizhzhe', 'zhitomir', 'zp', 'zt'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ug') { + if (['co', 'ac', 'sc', 'go', 'ne', 'or'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'uk') { + if (['ac', 'bl', 'british-library', 'co', 'gov', 'jcpc', 'jet', 'judiciary', 'ltd', 'me', 'mod', 'net', 'nhs', 'nic', 'nls', 'org', 'parliament', 'plc', 'police', 'sch', 'supremecourt'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'uy') { + if (['com', 'edu', 'gub', 'net', 'mil', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'uz') { + if (['co', 'com', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 've') { + if (['arts', 'co', 'com', 'edu', 'gob', 'gov', 'info', 'int', 'mil', 'net', 'org', 'radio', 'tec', 'web'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'vi') { + if (['co', 'org', 'com', 'net', 'k12'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'vn') { + if (['ac', 'biz', 'com', 'edu', 'gov', 'health', 'info', 'int', 'mil', 'name', 'net', 'org', 'pro'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'ws') { + if (['org', 'gov', 'edu', 'com'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'za') { + if (['ac', 'agric', 'alt', 'bourse', 'city', 'co', 'cybernet', 'db', 'edu', 'gov', 'grondar', 'iaccess', 'imt', 'inca', 'landesign', 'law', 'mil', 'ngo', 'nis', 'nom', 'olivetti', 'org', 'pix', 'school', 'tm', 'web'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'zm') { + if (['ac', 'co', 'com', 'edu', 'gov', 'net', 'org', 'sch'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa[0] == 'zw') { + if (['co', 'ac', 'org'].includes(wa[1])) { + return wa[2] + "." + wa[1] + "." + wa[0]; + } + } + if (wa_l == 4) { + if (/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/.test(w)) { + return w; + } + } + } + return wa[1] + "." + wa[0]; +} + +function update_icon(tid, url) { + var _nu = new URL(url); + var cf_hostname = _nu.hostname; + if ((_nu.protocol != 'http:' && _nu.protocol != 'https:') || cf_hostname.length < 1) { + browser.browserAction.setIcon({ + tabId: tid, + path: cf_flag_ok + }); + return; + } + cf_hostname = get_realdomain(cf_hostname); + if (my_cf_ignore.includes(cf_hostname) || force_whitelist.includes(cf_hostname)) { + browser.browserAction.setIcon({ + tabId: tid, + path: cf_flag_ok + }); + return; + } + if (known_cf_domains.includes(cf_hostname) || my_cf_collection.includes(cf_hostname)) { + if (my_action == 3) { + browser.tabs.executeScript(tid, { + matchAboutBlank: true, + runAt: 'document_end', + code: "if (location.hostname=='%%CFHOST%%'||location.hostname.endsWith('.%%CFHOST%%')){if (!document.title.startsWith('[!!MITM!!]') && (typeof _bcma_bdr)=='undefined'){document.title='[!!MITM!!]'+document.title;function _bcma_bdr(){document.body.style = 'border:4px dashed #' + ['e74c3c', '9b59b6', '3498db', '17a589', '196f3d', 'f4d03f', 'f39c12', 'd35400'][Math.floor(Math.random() * 8)] + ' !important';setTimeout(_bcma_bdr,4860);};_bcma_bdr();}}".replace('%%CFHOST%%', cf_hostname).replace('%%CFHOST%%', cf_hostname) + }); + browser.tabs.executeScript(tid, { + matchAboutBlank: true, + runAt: 'document_idle', + code: "if (location.hostname=='%%CFHOST%%'||location.hostname.endsWith('.%%CFHOST%%')){if (!document.title.startsWith('[!!MITM!!]') && (typeof _bcma_bdr)=='undefined'){document.title='[!!MITM!!]'+document.title;function _bcma_bdr(){document.body.style = 'border:4px dashed #' + ['e74c3c', '9b59b6', '3498db', '17a589', '196f3d', 'f4d03f', 'f39c12', 'd35400'][Math.floor(Math.random() * 8)] + ' !important';setTimeout(_bcma_bdr,4860);};_bcma_bdr();}}".replace('%%CFHOST%%', cf_hostname).replace('%%CFHOST%%', cf_hostname) + }); + } + browser.browserAction.setIcon({ + tabId: tid, + path: cf_flag_ng + }); + return; + } + browser.browserAction.setIcon({ + tabId: tid, + path: cf_flag_ok + }); + return; +} + +browser.webRequest.onHeadersReceived.addListener(function (wr) { + if (wr.type != 'main_frame' && my_action == 2) { + return; + } + var _a = document.createElement('a'); + _a.setAttribute('href', wr.url); + var wr_protocol = _a.protocol; + var wr_hostname = _a.hostname; + _a = null; + if ((wr_protocol != 'http:' && wr_protocol != 'https:') || wr_hostname.length < 4) { + return; + } + wr_hostname = get_realdomain(wr_hostname); + if (my_action == 1) { + if (wr.type == 'main_frame') { + return; + } + if (wr.documentUrl) { + var _b = document.createElement('a'); + _b.setAttribute('href', wr.documentUrl); + if (wr_hostname == get_realdomain(_b.hostname)) { + return; + } + _b = null; + } + } + if (my_cf_ignore.includes(wr_hostname)) { + return; + } + if (force_whitelist.includes(wr_hostname)) { + return; + } + var cf_is = (known_cf_domains.includes(wr_hostname) || my_cf_collection.includes(wr_hostname)) ? true : false; + if (!cf_is) { + var cf_headers = wr.responseHeaders, + cf_v_name, cf_v_value; + for (var i = 0; i < cf_headers.length; i++) { + cf_v_name = cf_headers[i]['name'].toLowerCase(); + cf_v_value = (cf_headers[i]['value'] != undefined) ? cf_headers[i]['value'].toLowerCase() : ''; + if (cf_v_name == 'server' && cf_v_value.includes('cloudflare')) { + cf_is = true; + break; + } + if (cf_v_name == 'cf-ray' || cf_v_name == 'cf-cache-status' || cf_v_name == 'cf-chl-bypass') { + cf_is = true; + break; + } + if (cf_v_name == 'set-cookie' && cf_v_value.includes('_cfduid')) { + cf_is = true; + break; + } + } + } + if (cf_is) { + if (my_cf_collection.length > 500) { + my_cf_collection.shift(); + } + if (!my_cf_collection.includes(wr_hostname)) { + my_cf_collection.push(wr_hostname); + } + console.log('BCMA: Block Cloudflare RH', wr_hostname); + if (my_action == 0 || my_action == 1) { + if (wr.type == 'image') { + return { + redirectUrl: 'data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH/C05FVFNDQVBFMi4wAwEAAAAh+QQBCgAAACwAAAAAAQABAAACAkQBADs=' + }; + } else { + return { + cancel: true + }; + } + } + if (my_action == 2) { + return { + redirectUrl: 'https://web.archive.org/web/' + wr.url.split('?')[0] + }; + } + } + return; +}, { + urls: ["http://*/*", "https://*/*"] +}, ["blocking", "responseHeaders"]); + +browser.webRequest.onBeforeRequest.addListener(function (wr) { + if (wr.type != 'main_frame' && my_action == 2) { + return; + } + var _a = document.createElement('a'); + _a.setAttribute('href', wr.url); + var wr_protocol = _a.protocol; + var wr_hostname = _a.hostname; + _a = null; + if ((wr_protocol != 'http:' && wr_protocol != 'https:') || wr_hostname.length < 4) { + return; + } + wr_hostname = get_realdomain(wr_hostname); + if (my_action == 1) { + if (wr.type == 'main_frame') { + return; + } + if (wr.documentUrl) { + var _b = document.createElement('a'); + _b.setAttribute('href', wr.documentUrl); + if (wr_hostname == get_realdomain(_b.hostname)) { + return; + } + _b = null; + } + } + if (my_cf_ignore.includes(wr_hostname)) { + return; + } + if (force_whitelist.includes(wr_hostname)) { + return; + } + var cf_is = (known_cf_domains.includes(wr_hostname) || my_cf_collection.includes(wr_hostname)) ? true : false; + if (cf_is) { + console.log('BCMA: Block Cloudflare BR', wr_hostname); + if (my_action == 0 || my_action == 1) { + if (wr.type == 'image') { + return { + redirectUrl: 'data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH/C05FVFNDQVBFMi4wAwEAAAAh+QQBCgAAACwAAAAAAQABAAACAkQBADs=' + }; + } else { + return { + cancel: true + }; + } + } + if (my_action == 2) { + return { + redirectUrl: 'https://web.archive.org/web/' + wr.url.split('?')[0] + }; + } + } + return; +}, { + urls: ["http://*/*", "https://*/*"] +}, ["blocking"]); + +browser.runtime.onMessage.addListener(function (a, b, c) { + if (a[0] == 'cf') { + c(['ok', JSON.stringify(my_cf_collection), JSON.stringify(my_cf_ignore), (known_cf_domains.length == 0) ? false : true, my_action]); + } + if (a[0] == 'erosman') { + my_cf_collection = []; + c(['destroy']); + } + if (a[0] == 'bi') { + if (a[1] == 'y') { + known_cf_domains = cfdomains; + } else { + known_cf_domains = []; + } + c(['ok']); + } + if (a[0] == 'ta') { + if (a[1] == '0') { + my_action = 0; + } + if (a[1] == '1') { + my_action = 1; + } + if (a[1] == '2') { + my_action = 2; + } + if (a[1] == '3') { + my_action = 3; + } + c(['ok']); + } + if (a[0] == 'ig') { + my_cf_ignore = a[1].sort().filter(v => v != ''); + c(['ok']); + } + return true; +}); + +browser.tabs.onActivated.addListener(function (i) { + browser.tabs.query({ + active: true, + currentWindow: true + }).then(function (t) { + update_icon(t[0].id, t[0].url); + }, onError); +}); +browser.tabs.onUpdated.addListener(function (a, b, t) { + if (t.active) { + update_icon(t.id, t.url); + } +}); +browser.webNavigation.onDOMContentLoaded.addListener(function (d) { + browser.tabs.query({ + active: true, + currentWindow: true + }).then(function (t) { + update_icon(t[0].id, t[0].url); + }, onError); +}); +browser.webNavigation.onCompleted.addListener(function (d) { + browser.tabs.query({ + active: true, + currentWindow: true + }).then(function (t) { + update_icon(t[0].id, t[0].url); + }, onError); +}); + +browser.browserAction.onClicked.addListener(function (t) { + browser.runtime.openOptionsPage(); +}); diff --git a/addon_firefox/bcma/manifest.json b/addon_firefox/bcma/manifest.json new file mode 100644 index 00000000..35d88391 --- /dev/null +++ b/addon_firefox/bcma/manifest.json @@ -0,0 +1,42 @@ +{ + "manifest_version": 2, + "name": "Block Cloudflare MITM Attack", + "description": "Submit to global surveillance or resist. The choice is yours.", + "version": "1.0.1811.1", + "author": "Project BCMA", + "homepage_url": "https://trac.torproject.org/projects/tor/ticket/24351", + "permissions": [ + "<all_urls>", + "activeTab", + "tabs", + "webRequest", + "webRequestBlocking", + "webNavigation" + ], + "icons": { + "32": "icons/icon-32.png", + "48": "icons/icon-48.png", + "64": "icons/icon-64.png" + }, + "background": { + "scripts": [ + "anticloudflare.js" + ] + }, + "options_ui": { + "page": "mydata.html", + "browser_style": false + }, + "browser_action": { + "browser_style": false, + "default_icon": { + "32": "icons/cf_0.png" + } + }, + "applications": { + "gecko": { + "id": "24351@trac.torproject.org", + "strict_min_version": "52.0" + } + } +}
\ No newline at end of file diff --git a/addon_firefox/bcma/mydata.html b/addon_firefox/bcma/mydata.html new file mode 100644 index 00000000..1894e2b5 --- /dev/null +++ b/addon_firefox/bcma/mydata.html @@ -0,0 +1,35 @@ +<html> + <head> + <meta charset="utf-8"> + <link rel="stylesheet" href="style.css"> + </head> + <body style="display:none"> + Temporary configurations + <hr> + <b>☞ Built-in Cloudflare list (.com only)</b> <small>(powered by <a href="https://searxes.danwin1210.me/" target="_blank">Searxes</a>)</small><br> + <label><input type="radio" id="bi0" name="bi" value="0"> Use built-in list</label> <small>(Default)</small><br> + <label><input type="radio" id="bi1" name="bi" value="1"> Don't use built-in list</label><br> + <br> + <b>♞ Take Action</b><br> + <label><input type="radio" id="ta0" name="ta" value="0"> Block request immediately <small>(first-party + third-party)</small></label><br> + <label><input type="radio" id="ta1" name="ta" value="1"> Block request immediately <small>(third-party only / ignore first-party)</small></label><br> + <label><input type="radio" id="ta2" name="ta" value="2"> Redirect to Internet Archive(first-party) + Ignore third-party</label> <small>(Default)</small><br> + <label><input type="radio" id="ta3" name="ta" value="3"> Notify only</label><br> + <br> + <b>✍ Your Cloudflare Domain collection</b> <small>(Last 500)</small><br> + <small>(please share with <a href="https://notabug.org/themusicgod1/cloudflare-tor/" target="_blank">cloudflare-tor@notabug</a>)</small><br> + <textarea cols="50" rows="12" id="t" wrap="off" spellcheck="false" placeholder="Cloudflare domains"></textarea> + <br> + <button type="button" id="exp">[ ⇓ Export ]</button> + + <button type="button" id="clr">[ ↺ Clear ]</button><br> + <br> + <b>✍ Your Cloudflare Ignore list (NOT RECOMMEND!)</b><br> + <textarea cols="50" rows="10" id="g" wrap="off" spellcheck="false" placeholder="hypothes.is"></textarea> + <br> + <button type="button" id="ign">[ ⇑ Apply ]</button> + <hr> + "<i>Welcome to PRISM 2.0</i>" + <script src="mydata.js"></script> + </body> +</html> diff --git a/addon_firefox/bcma/mydata.js b/addon_firefox/bcma/mydata.js new file mode 100644 index 00000000..cc255e7e --- /dev/null +++ b/addon_firefox/bcma/mydata.js @@ -0,0 +1,102 @@ +function onError(e) { + console.log(`BCMA: Error:${e}`); +} + +document.addEventListener('DOMContentLoaded', function () { + browser.runtime.sendMessage(['cf']).then(function (r) { + if (r[0] == 'ok') { + document.getElementById('t').value = JSON.parse(r[1]).join("\n"); + document.getElementById('g').value = JSON.parse(r[2]).join("\n"); + if (r[3]) { + document.getElementById('bi0').checked = true; + document.getElementById('bi1').checked = false; + } else { + document.getElementById('bi0').checked = false; + document.getElementById('bi1').checked = true; + } + switch (r[4]) { + case 1: + document.getElementById('ta0').checked = false; + document.getElementById('ta1').checked = true; + document.getElementById('ta2').checked = false; + document.getElementById('ta3').checked = false; + break; + case 2: + document.getElementById('ta0').checked = false; + document.getElementById('ta1').checked = false; + document.getElementById('ta2').checked = true; + document.getElementById('ta3').checked = false; + break; + case 3: + document.getElementById('ta0').checked = false; + document.getElementById('ta1').checked = false; + document.getElementById('ta2').checked = false; + document.getElementById('ta3').checked = true; + break; + default: + document.getElementById('ta0').checked = false; + document.getElementById('ta1').checked = false; + document.getElementById('ta2').checked = true; + document.getElementById('ta3').checked = false; + break; + } + document.body.style.display = 'block'; + document.addEventListener('contextmenu', function (z) { + if (z.target.tagName != 'TEXTAREA') { + z.preventDefault(); + } + }); + } + }, onError); +}); + +document.getElementById('exp').addEventListener('click', function () { + browser.tabs.create({ + active: true, + url: 'about:blank' + }).then(function (t) { + browser.tabs.executeScript(t.id, { + matchAboutBlank: true, + code: "document.documentElement.innerHTML='<html><head><title>Data</title></head><body><pre>'+atob('" + btoa(document.getElementById('t').value) + "')+'</pre></body></html>';window.stop();" + }).then(function (e) {}, onError); + }, onError); +}); + +document.getElementById('clr').addEventListener('click', function () { + browser.runtime.sendMessage(['erosman']).then(function (r) { + document.getElementById('t').value = ''; + }, onError); +}); +document.getElementById('bi0').addEventListener('click', function () { + if (this.checked) { + browser.runtime.sendMessage(['bi', 'y']).then(function (r) {}, onError); + } +}); +document.getElementById('bi1').addEventListener('click', function () { + if (this.checked) { + browser.runtime.sendMessage(['bi', 'n']).then(function (r) {}, onError); + } +}); +document.getElementById('ta0').addEventListener('click', function () { + if (this.checked) { + browser.runtime.sendMessage(['ta', '0']).then(function (r) {}, onError); + } +}); +document.getElementById('ta1').addEventListener('click', function () { + if (this.checked) { + browser.runtime.sendMessage(['ta', '1']).then(function (r) {}, onError); + } +}); +document.getElementById('ta2').addEventListener('click', function () { + if (this.checked) { + browser.runtime.sendMessage(['ta', '2']).then(function (r) {}, onError); + } +}); +document.getElementById('ta3').addEventListener('click', function () { + if (this.checked) { + browser.runtime.sendMessage(['ta', '3']).then(function (r) {}, onError); + } +}); +document.getElementById('ign').addEventListener('click', function () { + browser.runtime.sendMessage(['ig', document.getElementById('g').value.split("\n")]).then(function (r) {}, onError); +}); diff --git a/addon_firefox/bcma/style.css b/addon_firefox/bcma/style.css new file mode 100644 index 00000000..31782bd2 --- /dev/null +++ b/addon_firefox/bcma/style.css @@ -0,0 +1,52 @@ +*::-moz-focus-inner { + border: 0 +} + +*:focus { + outline: none; + outline-style: none +} + +button { + background-color: transparent; + background-repeat: no-repeat; + border: 0; + overflow: hidden; + outline: none; + outline-style: none +} + +body { + font: 13px Verdana; + overflow-x: hidden; + -webkit-user-select: none; + -moz-user-select: none; + cursor: default +} + +button { + display: inline-block; + height: 27px +} + +div { + -webkit-user-select: none; + -moz-user-select: none +} + +hr { + color: #dcdcdc; + height: 0; + background: #dcdcdc +} + +label { + -webkit-user-select: none; + -moz-user-select: none +} + +textarea { + white-space: pre; + overflow-wrap: normal; + overflow-x: scroll +} diff --git a/addon_firefox/ismitmlink/LICENSE.txt b/addon_firefox/ismitmlink/LICENSE.txt new file mode 100644 index 00000000..8178a565 --- /dev/null +++ b/addon_firefox/ismitmlink/LICENSE.txt @@ -0,0 +1,21 @@ +The MIT License + +Copyright (c) 2019 Maslin Bossé + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/addon_firefox/ismitmlink/README.md b/addon_firefox/ismitmlink/README.md new file mode 100644 index 00000000..a85762d8 --- /dev/null +++ b/addon_firefox/ismitmlink/README.md @@ -0,0 +1,5 @@ +This is a source code of Maslin Bossé's "*Are links vulnerable to MITM?*". + +PRs are welcome. + +AMO: https://addons.mozilla.org/en-US/firefox/addon/are-links-vulnerable-to-mitm/
\ No newline at end of file diff --git a/addon_firefox/ismitmlink/bg.js b/addon_firefox/ismitmlink/bg.js new file mode 100644 index 00000000..6a2a9393 --- /dev/null +++ b/addon_firefox/ismitmlink/bg.js @@ -0,0 +1,77 @@ +let apiurl = 'https://searxes.danwin1210.me/collab/open/ismitm.php'; +let TORapiurl = 'http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/open/ismitm.php'; + +fetch('http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/open/hi.php', { + method: 'GET', + mode: 'cors' +}).then(r => r.text()).then(r => { + if (r == 'hi') { + apiurl = TORapiurl; + } +}).catch(() => {}); + +function is_infected(f) { + return new Promise((g, b) => { + fetch(apiurl, { + method: 'POST', + mode: 'cors', + headers: { + 'Content-Type': 'application/x-www-form-urlencoded' + }, + body: 'f=' + f + }).then(r => r.json()).then(r => { + if (r[0]) { + g(r[1]); + } else { + b(); + } + }).catch(b); + }); +} + +function i_already_know_you(f) { + if (!/^([a-z0-9_.-]{1,255})\.([a-z]{2,80})$/.test(f)) { + return false; + } + return new Promise((g, b) => { + browser.storage.local.get(f).then((ff) => { + if (ff[f]) { + if (ff[f] == 'y') { + g(1); + } else { + g(-1); + } + } else { + g(0); + } + }, () => { + g(0); + }); + }); +} + +function i_remember_you(f, t) { + browser.storage.local.set({ + [f]: ((t) ? 'y' : 'n') + }); +} + +browser.storage.local.clear().then(() => { + browser.runtime.onMessage.addListener((request, sender, sendResponse) => { + if (request && sender) { + i_already_know_you(request).then((r) => { + if (r == 1 || r == -1) { + browser.tabs.sendMessage(sender.tab.id, [request, ((r == 1) ? true : false)]); + } + if (r == 0) { + is_infected(request).then((a) => { + i_remember_you(request, a); + browser.tabs.sendMessage(sender.tab.id, [request, a]); + }, () => { + browser.tabs.sendMessage(sender.tab.id, [request, false]); + }); + } + }, () => {}); + } + }); +}, () => {});
\ No newline at end of file diff --git a/addon_firefox/ismitmlink/cs.js b/addon_firefox/ismitmlink/cs.js new file mode 100644 index 00000000..1361a666 --- /dev/null +++ b/addon_firefox/ismitmlink/cs.js @@ -0,0 +1,32 @@ +if (document.body && !['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb'].includes(location.hostname)) { + let cs = (function () { + let s = document.createElement('style'); + document.head.appendChild(s); + return s.sheet; + })(); + if (cs) { + cs.insertRule("a[data-mitm]{text-decoration-line:line-through !important;text-decoration-color:red !important;text-decoration-style:double !important}", 0); + cs.insertRule("a[data-mitm]::before{content:'[MITM!]';font-weight:bold !important;color:red !important}", 1); + cs.insertRule("a[data-mitm]:hover::before{content:'[Privacy Risk!!]'}", 2); + cs.insertRule("a[data-mitm]:hover{color:red !important}", 3); + } + let asked = ['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb', 'addons.mozilla.org']; + document.querySelectorAll("a[href^='http://']:not([data-mitm]),a[href^='https://']:not([data-mitm]),a[href^='//']:not([data-mitm])").forEach(a => { + let aF = (new URL(a.href)).hostname; + if (!/^(.*)\.(onion|i2p|invalid|test|local|localhost|([0-9]{1,3})|bbs|chan|cyb|dyn|geek|gopher|indy|libre|neo|null|o|oss|oz|parody|pirate|bit|lib|coin|emc|bazar|fur)$/.test(aF) && !asked.includes(aF)) { + asked.push(aF); + browser.runtime.sendMessage(aF); + } + }); + browser.runtime.onMessage.addListener((request, sender, sendResponse) => { + if (request.length == 2) { + if (request[1]) { + document.querySelectorAll("a[href^='http://" + request[0] + "/']:not([data-mitm]),a[href^='https://" + request[0] + "/']:not([data-mitm]),a[href^='//" + request[0] + "/']:not([data-mitm])").forEach(a => { + a.dataset.mitm = 1; + a.title = 'DANGER! DANGER! MITM!'; + }); + } + } + sendResponse(null); + }); +}
\ No newline at end of file diff --git a/addon_firefox/ismitmlink/manifest.json b/addon_firefox/ismitmlink/manifest.json new file mode 100644 index 00000000..f064778d --- /dev/null +++ b/addon_firefox/ismitmlink/manifest.json @@ -0,0 +1,38 @@ +{ + "manifest_version": 2, + "name": "Are links vulnerable to MITM attack?", + "description": "Scan FQDN using Searxes' API", + "version": "1.0.4", + "homepage_url": "https://notabug.org/themusicgod1/cloudflare-tor/src/master/ismitmlink", + "author": "Maslin Bossé", + "permissions": [ + "storage", + "unlimitedStorage" + ], + "icons": { + "32": "icons/32.png" + }, + "background": { + "scripts": [ + "bg.js" + ] + }, + "content_scripts": [ + { + "matches": [ + "http://*/*", + "https://*/*" + ], + "js": [ + "cs.js" + ], + "run_at": "document_end" + } + ], + "applications": { + "gecko": { + "id": "ismitm@searxes.danwin1210.me", + "strict_min_version": "56.0" + } + } +}
\ No newline at end of file diff --git a/cloudflare-philosophy.md b/cloudflare-philosophy.md index ad87ccf2..058e9e84 100644 --- a/cloudflare-philosophy.md +++ b/cloudflare-philosophy.md @@ -1,5 +1,6 @@ -# Productivity and safety through the CloudFlare! - +# Productivity and safety through the CloudFlare! +-------------- + ## Torblocks Philosophy 1) Have fun! @@ -11,10 +12,13 @@ https://trac.torproject.org/projects/tor/ticket/18361 https://trac.torproject.org/projects/tor/ticket/24351 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835 -one guy, marek apparently from Clownflare, utters unapologetic remarks that should come as no surprise. +One guy, *marek* apparently from Cloudflare, utters unapologetic remarks that should come as no surprise. + +``` "I will restrain myself and not comment on the political issues Jacob raised. I'll keep it technical." hey, in times of mass surveillance, technology is political. money is political. therefore Clownflare's policy is political. so? discussion is on. with "marek" and "jgrahamc" of Clownflare. last I looked they were unapologetic & attempting to snark Tor developers into building expensive client/Tor/TBB-side functionality to suit them. meanwhile stalling and offering minor workarounds (on the bright side, jgrahamc promised to make tor blocking optional for "free-" tier sites. (opt-out though)). +``` BTW someone quickly wrote a (unhelpful & biased & not in-depth researched, rather "he said this and then the other guy said that" style) article about the discussion on the ticket for "TheRegister", which at first I couldn't read because it was behind ... TADA: a clownflare CAPTCHAwall. Luckily there's archive.is and they don't block that. @@ -214,7 +218,7 @@ https://cryptome.org/2016/07/cloudflare-de-anons-tor.htm > keystrokes > click location history tied to user fingerprint > All these criteria, are stored in the browser’s cookie. These criteria are processed by Google’s server -> It should be emphasized, that there is a DARPA technology to identify people by mouse movements and typing +> It should be emphasized, that there is a DARPA technology to identify people by mouse movements and typing https://trac.torproject.org/projects/tor/ticket/18361#comment:147 diff --git a/cloudflare_corp_members.txt b/cloudflare_corp_members.txt new file mode 100644 index 00000000..8d0ae510 --- /dev/null +++ b/cloudflare_corp_members.txt @@ -0,0 +1,6 @@ +format: name here | title | URL + + +Matthew Prince | CEO | https://twitter.com/eastdakota +Michelle Zatlyn | founder | https://twitter.com/zatlyn +Lee Holloway | founder | https://twitter.com/icqheretic diff --git a/cloudflare_owned_NS.txt b/cloudflare_owned_NS.txt index 152aeefa..c9c7fc50 100644 --- a/cloudflare_owned_NS.txt +++ b/cloudflare_owned_NS.txt @@ -1,101 +1,392 @@ abby.ns.cloudflare.com +ada.ns.cloudflare.com +adam.ns.cloudflare.com +adel.ns.cloudflare.com +adi.ns.cloudflare.com adrian.ns.cloudflare.com aida.ns.cloudflare.com +aiden.ns.cloudflare.com +ajay.ns.cloudflare.com alan.ns.cloudflare.com albert.ns.cloudflare.com +alec.ns.cloudflare.com alex.ns.cloudflare.com +alexis.ns.cloudflare.com +algin.ns.cloudflare.com +ali.ns.cloudflare.com +alice.ns.cloudflare.com alina.ns.cloudflare.com alla.ns.cloudflare.com amanda.ns.cloudflare.com amber.ns.cloudflare.com +amir.ns.cloudflare.com +amit.ns.cloudflare.com amy.ns.cloudflare.com andy.ns.cloudflare.com +angela.ns.cloudflare.com +anirban.ns.cloudflare.com anna.ns.cloudflare.com +anuj.ns.cloudflare.com apollo.ns.cloudflare.com +april.ns.cloudflare.com +ara.ns.cloudflare.com +aragorn.ns.cloudflare.com arch.ns.cloudflare.com aria.ns.cloudflare.com +arnold.ns.cloudflare.com +aron.ns.cloudflare.com art.ns.cloudflare.com +arya.ns.cloudflare.com asa.ns.cloudflare.com +ashley.ns.cloudflare.com athena.ns.cloudflare.com austin.ns.cloudflare.com +barbara.ns.cloudflare.com +bart.ns.cloudflare.com +bayan.ns.cloudflare.com +beau.ns.cloudflare.com +becky.ns.cloudflare.com bella.ns.cloudflare.com ben.ns.cloudflare.com beth.ns.cloudflare.com +betty.ns.cloudflare.com +bill.ns.cloudflare.com bob.ns.cloudflare.com +bonnie.ns.cloudflare.com +boyd.ns.cloudflare.com +brad.ns.cloudflare.com +brenda.ns.cloudflare.com +brett.ns.cloudflare.com +brianna.ns.cloudflare.com brit.ns.cloudflare.com +bruce.ns.cloudflare.com +buck.ns.cloudflare.com +burt.ns.cloudflare.com +candy.ns.cloudflare.com +carl.ns.cloudflare.com +carol.ns.cloudflare.com +carter.ns.cloudflare.com +cash.ns.cloudflare.com +cass.ns.cloudflare.com +chad.ns.cloudflare.com chan.ns.cloudflare.com +charles.ns.cloudflare.com +cheryl.ns.cloudflare.com +chin.ns.cloudflare.com +chip.ns.cloudflare.com +chloe.ns.cloudflare.com +chris.ns.cloudflare.com +chuck.ns.cloudflare.com +clark.ns.cloudflare.com +clay.ns.cloudflare.com +cleo.ns.cloudflare.com +clint.ns.cloudflare.com +cloe.ns.cloudflare.com +clyde.ns.cloudflare.com coby.ns.cloudflare.com coco.ns.cloudflare.com cody.ns.cloudflare.com +connie.ns.cloudflare.com +cortney.ns.cloudflare.com cory.ns.cloudflare.com +cruz.ns.cloudflare.com +curt.ns.cloudflare.com +dahlia.ns.cloudflare.com +daisy.ns.cloudflare.com +dale.ns.cloudflare.com +damon.ns.cloudflare.com +dan.ns.cloudflare.com +dana.ns.cloudflare.com +dane.ns.cloudflare.com +dara.ns.cloudflare.com +darl.ns.cloudflare.com darwin.ns.cloudflare.com +dave.ns.cloudflare.com +david.ns.cloudflare.com +dawn.ns.cloudflare.com +dean.ns.cloudflare.com +deb.ns.cloudflare.com dee.ns.cloudflare.com +dell.ns.cloudflare.com demi.ns.cloudflare.com +derek.ns.cloudflare.com +desi.ns.cloudflare.com +dilbert.ns.cloudflare.com dina.ns.cloudflare.com +dion.ns.cloudflare.com +diva.ns.cloudflare.com +dolly.ns.cloudflare.com dom.ns.cloudflare.com +donald.ns.cloudflare.com +donna.ns.cloudflare.com dora.ns.cloudflare.com dorthy.ns.cloudflare.com +doug.ns.cloudflare.com drew.ns.cloudflare.com duke.ns.cloudflare.com +earl.ns.cloudflare.com ed.ns.cloudflare.com edna.ns.cloudflare.com +elaine.ns.cloudflare.com elinore.ns.cloudflare.com +elle.ns.cloudflare.com +elliot.ns.cloudflare.com +elma.ns.cloudflare.com elmo.ns.cloudflare.com +elsa.ns.cloudflare.com +emily.ns.cloudflare.com emma.ns.cloudflare.com +eric.ns.cloudflare.com +erin.ns.cloudflare.com +ernest.ns.cloudflare.com etta.ns.cloudflare.com +eva.ns.cloudflare.com +evan.ns.cloudflare.com fay.ns.cloudflare.com +fiona.ns.cloudflare.com foo.ns.cloudflare.com +frank.ns.cloudflare.com fred.ns.cloudflare.com gabe.ns.cloudflare.com gail.ns.cloudflare.com +gene.ns.cloudflare.com +george.ns.cloudflare.com +gerald.ns.cloudflare.com +gina.ns.cloudflare.com glen.ns.cloudflare.com +gordon.ns.cloudflare.com +grace.ns.cloudflare.com +graham.ns.cloudflare.com +greg.ns.cloudflare.com +guss.ns.cloudflare.com guy.ns.cloudflare.com +gwen.ns.cloudflare.com +hal.ns.cloudflare.com hank.ns.cloudflare.com +hans.ns.cloudflare.com heather.ns.cloudflare.com +henry.ns.cloudflare.com +hera.ns.cloudflare.com +hope.ns.cloudflare.com hugh.ns.cloudflare.com ian.ns.cloudflare.com igor.ns.cloudflare.com +ines.ns.cloudflare.com +ingrid.ns.cloudflare.com iris.ns.cloudflare.com +irma.ns.cloudflare.com +isaac.ns.cloudflare.com +isla.ns.cloudflare.com +ivan.ns.cloudflare.com +ivy.ns.cloudflare.com +jack.ns.cloudflare.com +jade.ns.cloudflare.com +jake.ns.cloudflare.com +james.ns.cloudflare.com +jamie.ns.cloudflare.com +janet.ns.cloudflare.com jasmine.ns.cloudflare.com +jason.ns.cloudflare.com +jay.ns.cloudflare.com +jean.ns.cloudflare.com jeff.ns.cloudflare.com +jeremy.ns.cloudflare.com +jerome.ns.cloudflare.com jerry.ns.cloudflare.com +jessica.ns.cloudflare.com jill.ns.cloudflare.com jim.ns.cloudflare.com +jo.ns.cloudflare.com +joan.ns.cloudflare.com +jobs.ns.cloudflare.com +jocelyn.ns.cloudflare.com +joel.ns.cloudflare.com john.ns.cloudflare.com jonah.ns.cloudflare.com josh.ns.cloudflare.com +jule.ns.cloudflare.com +june.ns.cloudflare.com +justin.ns.cloudflare.com +kai.ns.cloudflare.com +kami.ns.cloudflare.com +kanye.ns.cloudflare.com +kara.ns.cloudflare.com +karina.ns.cloudflare.com +karl.ns.cloudflare.com kate.ns.cloudflare.com +kay.ns.cloudflare.com +ken.ns.cloudflare.com kevin.ns.cloudflare.com +kia.ns.cloudflare.com +kiki.ns.cloudflare.com kim.ns.cloudflare.com kip.ns.cloudflare.com +kirk.ns.cloudflare.com +kristin.ns.cloudflare.com +kurt.ns.cloudflare.com +lady.ns.cloudflare.com +lakas.ns.cloudflare.com +lana.ns.cloudflare.com +lara.ns.cloudflare.com +lars.ns.cloudflare.com +laura.ns.cloudflare.com leah.ns.cloudflare.com lee.ns.cloudflare.com leia.ns.cloudflare.com lex.ns.cloudflare.com +lia.ns.cloudflare.com +lila.ns.cloudflare.com lily.ns.cloudflare.com +lina.ns.cloudflare.com +linda.ns.cloudflare.com +lisa.ns.cloudflare.com +liv.ns.cloudflare.com +liz.ns.cloudflare.com +lloyd.ns.cloudflare.com +logan.ns.cloudflare.com +lola.ns.cloudflare.com +lorna.ns.cloudflare.com +lou.ns.cloudflare.com lucy.ns.cloudflare.com +luke.ns.cloudflare.com +lynn.ns.cloudflare.com +major.ns.cloudflare.com +marek.ns.cloudflare.com +marge.ns.cloudflare.com +maria.ns.cloudflare.com +mario.ns.cloudflare.com +marjory.ns.cloudflare.com +mark.ns.cloudflare.com +marty.ns.cloudflare.com +mary.ns.cloudflare.com matt.ns.cloudflare.com max.ns.cloudflare.com +may.ns.cloudflare.com +maya.ns.cloudflare.com +meera.ns.cloudflare.com +meg.ns.cloudflare.com megan.ns.cloudflare.com melinda.ns.cloudflare.com +melissa.ns.cloudflare.com +merlin.ns.cloudflare.com +mia.ns.cloudflare.com +micah.ns.cloudflare.com +michelle.ns.cloudflare.com miki.ns.cloudflare.com +miles.ns.cloudflare.com +mimi.ns.cloudflare.com +mira.ns.cloudflare.com +mitch.ns.cloudflare.com +molly.ns.cloudflare.com +mona.ns.cloudflare.com +nadia.ns.cloudflare.com +naomi.ns.cloudflare.com +nash.ns.cloudflare.com +ned.ns.cloudflare.com +neil.ns.cloudflare.com nelly.ns.cloudflare.com newt.ns.cloudflare.com +nia.ns.cloudflare.com +nick.ns.cloudflare.com +nicole.ns.cloudflare.com +nile.ns.cloudflare.com nina.ns.cloudflare.com +nitin.ns.cloudflare.com +noah.ns.cloudflare.com +noel.ns.cloudflare.com +nola.ns.cloudflare.com +nora.ns.cloudflare.com norm.ns.cloudflare.com norman.ns.cloudflare.com olga.ns.cloudflare.com +oswald.ns.cloudflare.com +owen.ns.cloudflare.com +pablo.ns.cloudflare.com pam.ns.cloudflare.com +pat.ns.cloudflare.com paul.ns.cloudflare.com pete.ns.cloudflare.com peyton.ns.cloudflare.com +phil.ns.cloudflare.com +piotr.ns.cloudflare.com +plato.ns.cloudflare.com +pola.ns.cloudflare.com rachel.ns.cloudflare.com +rafe.ns.cloudflare.com +rajeev.ns.cloudflare.com +ram.ns.cloudflare.com +ray.ns.cloudflare.com +reza.ns.cloudflare.com rick.ns.cloudflare.com +rihana.ns.cloudflare.com +rita.ns.cloudflare.com +roan.ns.cloudflare.com rob.ns.cloudflare.com +robin.ns.cloudflare.com +rocky.ns.cloudflare.com +rodney.ns.cloudflare.com +rosa.ns.cloudflare.com rose.ns.cloudflare.com +roxy.ns.cloudflare.com +rudy.ns.cloudflare.com +ruth.ns.cloudflare.com +sam.ns.cloudflare.com +sandy.ns.cloudflare.com +sara.ns.cloudflare.com +scott.ns.cloudflare.com +sean.ns.cloudflare.com +serena.ns.cloudflare.com seth.ns.cloudflare.com +sharon.ns.cloudflare.com +sid.ns.cloudflare.com +sima.ns.cloudflare.com +simon.ns.cloudflare.com +skip.ns.cloudflare.com sofia.ns.cloudflare.com +sri.ns.cloudflare.com +stan.ns.cloudflare.com +sue.ns.cloudflare.com +tani.ns.cloudflare.com +tara.ns.cloudflare.com tegan.ns.cloudflare.com terin.ns.cloudflare.com +terry.ns.cloudflare.com +tess.ns.cloudflare.com theo.ns.cloudflare.com +thomas.ns.cloudflare.com +tia.ns.cloudflare.com +tim.ns.cloudflare.com +tina.ns.cloudflare.com +toby.ns.cloudflare.com +todd.ns.cloudflare.com +tom.ns.cloudflare.com +tony.ns.cloudflare.com +tori.ns.cloudflare.com +trey.ns.cloudflare.com +tricia.ns.cloudflare.com +ulla.ns.cloudflare.com +uma.ns.cloudflare.com +val.ns.cloudflare.com +venus.ns.cloudflare.com +vera.ns.cloudflare.com +vern.ns.cloudflare.com +vick.ns.cloudflare.com +vida.ns.cloudflare.com +vin.ns.cloudflare.com +violet.ns.cloudflare.com +vita.ns.cloudflare.com +wally.ns.cloudflare.com +walt.ns.cloudflare.com +wanda.ns.cloudflare.com +wesley.ns.cloudflare.com +west.ns.cloudflare.com +will.ns.cloudflare.com +woz.ns.cloudflare.com +yichun.ns.cloudflare.com +yolanda.ns.cloudflare.com +zara.ns.cloudflare.com +zelda.ns.cloudflare.com +zeus.ns.cloudflare.com +zita.ns.cloudflare.com +zod.ns.cloudflare.com zoe.ns.cloudflare.com
\ No newline at end of file diff --git a/cloudflare_owned_domains.txt b/cloudflare_owned_domains.txt index 4c739a62..1f0e527b 100644 --- a/cloudflare_owned_domains.txt +++ b/cloudflare_owned_domains.txt @@ -1,3 +1,4 @@ +betterinternet.com brokendnssec.net cloudflare-dns.com cloudflare-free.com @@ -6,16 +7,20 @@ cloudflare-quic.com cloudflare.com cloudflare.com.ve cloudflare.net -workers.dev +cloudflareaccess.com cloudflareapi.com cloudflareapps.com cloudflarechallenge.com +cloudflareclient.com cloudflareenterprise.com cloudflarepreview.com +cloudflarepreviews.com cloudflareresolve.com cloudflarespeedtest.com cloudflaressl.com cloudflarestatus.com cloudflaresupport.com +cloudflarewarp.com encryptedsni.com -mycloudflare.com
\ No newline at end of file +mycloudflare.com +workers.dev
\ No newline at end of file diff --git a/image/prismattnsa.jpg b/image/prismattnsa.jpg Binary files differnew file mode 100644 index 00000000..7e1b4754 --- /dev/null +++ b/image/prismattnsa.jpg diff --git a/image/siteground.jpg b/image/siteground.jpg Binary files differnew file mode 100644 index 00000000..9f3d226e --- /dev/null +++ b/image/siteground.jpg diff --git a/instructions.md b/instructions.md index d9b6a013..690ffada 100644 --- a/instructions.md +++ b/instructions.md @@ -22,6 +22,7 @@ There are many ways to detect it: - [These add-ons](what-to-do.md) will help your Cloudflare collection. - Visit a website via Tor or VPN, and you will be greeted by "Attention Required! Cloudflare" webpage. +- Use "[Is MITM?](https://searxes.danwin1210.me/collab/sxes/tool_ismitm.php)" webpage. - Dig "[NS record](https://www.digwebinterface.com/?hostnames=emsisoft.com&type=NS&ns=resolver&useresolver=8.8.4.4&nameservers=)" of the domain. ``` @@ -39,7 +40,10 @@ Organization Cloudflare, Inc. Route 104.18.224.0/20 ``` -2) How to add your data + +2) How to add your data (A or B) + +Type A: Push to NotABug.org 1. Log in to *notabug.org*. 2. Click "*Fork*" button. (top-left corner) @@ -61,6 +65,11 @@ IMPORTANT: Please add only "Base Domain" ... to /split/cloudflare_e.txt ``` +Type B: Just search about it on Searxes + +Search the domain on Searxes, and it'll appear as "[MITM!] link name". + + 3) If the website *no longer using Cloudflare*, *remove* it from /split/ list and *add* to "[ex_cloudflare_users.txt](https://notabug.org/themusicgod1/cloudflare-tor/src/master/ex_cloudflare_users.txt)". @@ -76,6 +85,8 @@ IMPORTANT: Please add only "Base Domain" | list_siteground.txt | siteground.com is a Tor-hostile hosting service that indiscriminately DoSes all Tor users with the collective judgement: "our system thinks you might be a robot!" Sometimes the site functions, and sometimes it times out, but the robot accusation is very common. | | list_formerly_tor-hostile.txt | was previously on one of the above tor-hostile lists | + + ``` IMPORTANT: Please add only "Base Domain" or "(base domain)[space](comment here)" @@ -95,4 +106,4 @@ Add them to [/not_cloudflare/](not_cloudflare/) (formerly "*TorBlocker Hall of S This is a collection of websites that ban Tor exits, other than through Cloudflare(e.g. showing access denied pages, systematic timing out connections, ...). -[This add-ons](https://addons.mozilla.org/en-US/firefox/addon/which-website-rejected-me/) will help your list_error403 collection. +[This add-on](https://addons.mozilla.org/en-US/firefox/addon/which-website-rejected-me/) will help your list_error403 collection. diff --git a/not_cloudflare/README.md b/not_cloudflare/README.md index 6fe2d14f..84f9303f 100644 --- a/not_cloudflare/README.md +++ b/not_cloudflare/README.md @@ -2,4 +2,4 @@ Don't block us! -See [instructions.md](file://../instructions.md) for file purpose and format specifications. +See [instructions.md](../instructions.md) for file purpose and format specifications. diff --git a/not_cloudflare/list_customerror.txt b/not_cloudflare/list_customerror.txt index 839f9919..ceac6b8e 100644 --- a/not_cloudflare/list_customerror.txt +++ b/not_cloudflare/list_customerror.txt @@ -1,11 +1,12 @@ -Freenode + abclive.in aboutdebian.com adidas.de -Akamai's adsabs.harvard.edu aidspolicyproject.org airbnb.com +Akamai +Akamai's altcoins.com amazon.com ametsoc.org @@ -16,8 +17,8 @@ apa.org apartments.com apps.fcc.gov army.mil -astrolog.org asos.com +astrolog.org austlii.edu.au axs.com bayesian.org @@ -32,8 +33,8 @@ bloglovin.com bloomberg.com bodhizazen.net busbud.com -forums.bunsenlabs.org casw-acts.ca +cc.gatech.edu cessfull.com cestpasdujeu.fr chronicle.com @@ -43,45 +44,42 @@ cmc-math.org codecogs.com codeexperts.com coinatmradar.com -cryptocurrencytalk.com -cycleworld.com collegereadiness.collegeboard.org cordless-phone-update.com coverhunt.com craigslist.ca creativebeacon.com +croplife.ca crunchbase.com +cryptocurrencytalk.com csounds.com cubawiki.com.ar curbed.com -croplife.ca +cycleworld.com davidmburke.com dcleak.com delivery.acm.org demorgen.be digicert.com digitalenvelopes.email -www.distilnetworks.com +discussions.apple.com districtsentinel.com dl.acm.org docs.google.com docsis.org dolphinics.com donmontalvo.com -discussions.apple.com -support.apple.com drbl.org dslreports.com element14.com -foro.elhacker.net ello.co -entomologicalphilosopher.com emeraldinsight.com +entomologicalphilosopher.com ericerfanian.com ethereum.org ethicalhacking.com -expedia.de expedia.com +expedia.de expedia.fr experts-exchange.com ezinearticles.com @@ -91,9 +89,13 @@ ff3dp.com firefoxfacts.com fizzicseducation.com.au flif.info +foro.elhacker.net +forums.bunsenlabs.org +forums.linuxmint.com forums.whirlpool.net.au +forum.synology.com foxnews.com -cc.gatech.edu +Freenode gchq.gov.uk geizhals.at gemal.dk @@ -101,25 +103,23 @@ geohot.com glassrbije.org godlikeproductions.com google.com -images.google.com gregor.us hackedbellini.org harbin.org -adsabs.harvard.edu hotel.de hrs.de ietf.org +images.google.com +imgur.com indiatimes.com -ioerror.us informationclearinghouse.info interactivebrokers.com -imgur.com -www.indiegogo.com internetslang.com ioerror.us ipetitions.com islam-universe.com iswwwup.com +keelynet.com keyweb.de killswitch.pk knotplot.com @@ -127,11 +127,8 @@ koelnspd.de leblogdebetty.com lenovo.com libertygb.org.uk -online.liebertpub.com -forums.linuxmint.com -linuxquestions.org ---Project lifewire.com +linuxquestions.org livejournal.com loebner.net loophole-berlin.com @@ -147,8 +144,8 @@ midtnmusic.com mixcloud.com moodle.org mosquitomagnet.com -mottweilerstudio.com motorcyclecruiser.com +mottweilerstudio.com n2value.com nacns.org nakedcapitalism.com @@ -157,24 +154,27 @@ nemlog-in.dk/login.aspx/noeglekort nepalmonitor.org netbank.com.au networktools.nl +NetZone newark.com newgrounds.com +news.ycombinator.com nih.gov njea.org novaecomic.com -www.ncbi.nlm.nih.gov nsa.gov nuggetwheat.org nytimes.com oftc.net olympic.org +online.liebertpub.com opanal.org openstudy.com orbitz.com oup.com peacock-panache.com -planetary.org phdcomics.com +philosophybasics.com +planetary.org poleconanalysis.org popsci.com Porsche @@ -182,8 +182,9 @@ preposterousuniverse.com producthandling.com qantas.com.au researchgate.net -rinascitabalcanica.com +ricarica.vodafone.it rightswatch.ca +rinascitabalcanica.com rockabilly-radio.net sabaheats.com safeco.com @@ -191,6 +192,7 @@ samsung.com saskatchewanherald.com sciencedirect.com scottaaronson.com +sec.gov sensis.com.au sethbaum.com sfbaynews.com @@ -198,21 +200,20 @@ shuttleworthfoundation.org sinfest.net slashdot.org sncb.be -state.gov -statuspage.io snowbirds.org sony.de spamhaus.org +state.gov +statuspage.io stepstone.de sueddeutsche.de support.apple.com surveymonkey.com svictor.net sydneypadua.com -forum.synology.com taekwondo-training.com -talk.maemo.org talkingpointsmemo.com +talk.maemo.org techerator.com technologyreview.com thecultureblend.com @@ -225,53 +226,43 @@ tineye.com tocloud.com torjo.com torrentfreak.com -www.travelweekly.com tradewatch.org tweakblogs.net tweakers.net twirpx.com twitter.com -typepad.fr typepad.com typepad.co.uk +typepad.fr uchicago.edu +unc.edu uncommoncore.co +usa.gov usnews.com usps.com -www.veteranstoday.com +verge.com videotrazilica.com -ricarica.vodafone.it -unc.edu +vox.com vpforums.org walmart.com wayfair.com wbai.org -whatthefuckshouldimakefordinner.com -wiki.debian.org webstix.com weforum.org +whatthefuckshouldimakefordinner.com whiterose.samizdata.net whoismcafee.com +wiki.debian.org wikipedia.org woz.ch www.csebanking.it www.csebo.it +www.distilnetworks.com +www.indiegogo.com +www.ncbi.nlm.nih.gov +www.travelweekly.com +www.veteranstoday.com xmodulo.com -news.ycombinator.com yelp.com -davidmburke.com youbetrayedus.org -philosophybasics.com -verge.com -whatthefuckshouldimakefordinner.com -forums.whirlpool.net.au zara.com -vox.com -woz.ch - -NetZone - - - - - diff --git a/not_cloudflare/list_error403.txt b/not_cloudflare/list_error403.txt index bfdee0e3..260e7018 100644 --- a/not_cloudflare/list_error403.txt +++ b/not_cloudflare/list_error403.txt @@ -6,26 +6,37 @@ caot.ca captaintrain.com catbox.moe dluat.com +europa.eu expo2015.org www.flytap.com forum.pfsense.org forums.freebsd.org +freelancer.is geocaching.com +gutenberg.org +hot-topic.co.nz hubpages.com intra.ruc.dk irs.gov +knowyourmeme.com lastword.at libertymutual.com logon.e-boks.dk moodle.ruc.dk no2nsa.x10.bz republicbuzz.com +rijksoverheid.nl safeco.com securifi.com signon.ruc.dk singpolyma.net www.spirit.com stadssb.ruc.dk +stefanv.com study.com theverge.com +tomshardware.com wayfair.com +wigle.net +wikidevi.com +witopia.net diff --git a/not_cloudflare/list_error462.txt b/not_cloudflare/list_error462.txt new file mode 100644 index 00000000..a9388925 --- /dev/null +++ b/not_cloudflare/list_error462.txt @@ -0,0 +1 @@ +lifewire.com diff --git a/not_cloudflare/whyrejectme/README.md b/not_cloudflare/whyrejectme/README.md index 88e2710b..4d22da9e 100644 --- a/not_cloudflare/whyrejectme/README.md +++ b/not_cloudflare/whyrejectme/README.md @@ -1,5 +1,5 @@ -This is a source code of Maslin Bossé's "*Which website rejected me?*". +This is a source code of "*Which website rejected me?*" add-on. PRs are welcome. -AMO: https://addons.mozilla.org/en-US/firefox/addon/which-website-rejected-me/
\ No newline at end of file +[Download add-on](https://searxes.danwin1210.me/collab/addon/?for=ureject)
\ No newline at end of file diff --git a/not_cloudflare/whyrejectme/manifest.json b/not_cloudflare/whyrejectme/manifest.json index 8d50e3b9..87f2bf71 100644 --- a/not_cloudflare/whyrejectme/manifest.json +++ b/not_cloudflare/whyrejectme/manifest.json @@ -24,7 +24,8 @@ "applications": { "gecko": { "id": "urejectme@searxes.danwin1210.me", - "strict_min_version": "56.0" + "strict_min_version": "56.0", + "update_url":"https://searxes.danwin1210.me/collab/addon/au.php?for=ureject" } } }
\ No newline at end of file diff --git a/tool/README.md b/tool/README.md new file mode 100644 index 00000000..beb358bc --- /dev/null +++ b/tool/README.md @@ -0,0 +1,4 @@ +# Tool / Script + + +file.name -- desc.rip.tion
\ No newline at end of file diff --git a/tool/irssi_cf_alturl.pl b/tool/irssi_cf_alturl.pl new file mode 100644 index 00000000..b3218889 --- /dev/null +++ b/tool/irssi_cf_alturl.pl @@ -0,0 +1,299 @@ +#!/usr/bin/perl -w +# This Irssi script automatically check incoming http/https links +# and replace it to archive one if it is MITMed. +# +# Irssi /set Options +# you can view your current settigns by running "/set cflarealt" in Irssi +# +# /set cflarealt_debug <on|off> -- (off) if you have a problem try turning this on to debug +# /set cflarealt_send2channel <on|off> -- (off) send the converted URL publicly to everyone in your channels +# /set cflarealt_channels <"#channel1, #channel2, etc"> -- Channels to automatically convert. Empty Defaults to all +# /set cflarealt_shorturl_activate <on|off> -- (off) set it 'on' to use shortner +# /set cflarealt_shorturl_min <40> -- (40) How long a url has to be to trigger automatic url shortening +# +# /set cflarealt_localdbpath <"string to path"> -- () '/path/database/split/' +# /set cflarealt_uselocaldb <on|off> -- (off) if 'on', please set path to local database (or the script will die) +# +# /set cflarealt_printurl <on|off> -- (off) if 'on' print converted URL +# /set cflarealt_donotsend <on|off> -- (off) if 'on' do not send converted URL +#--------------------------------------------------------------------- + +##use strict; + +use vars qw($VERSION %IRSSI); + +$VERSION = "20190506"; +%IRSSI = ( + + # Special thanks to: "eo, tsaavik" + authors => "Anonymous", + contact => 'anonymous@cloudflare-tor.nab', + name => "irssi_cf_alturl.pl", + description => "Cloudflare URL replacer", + license => "WTFPL", + changed => "$VERSION" +); + +use Irssi; +use Irssi::Irc; +use LWP::Simple; +use LWP::UserAgent; + +my ( + $cfg_minurllen, $cfg_send2chan, $cfg_useshort, $cfg_isdebug, + $cfg_uselocaldb, $cfg_localdbpath, $cfg_chanlist +); +my ( $cfg_printurl, $cfg_donotsendurl ); +my @cached = (); + +sub setuphandler { + Irssi::settings_add_bool( "cflarealt", "cflarealt_send2channel", 0 ); + if ( Irssi::settings_get_bool("cflarealt_send2channel") ) { + print "cflarealt: sending of shorturl's to public channels enabled"; + $cfg_send2chan = 1; + } + + Irssi::settings_add_bool( "cflarealt", "cflarealt_shorturl_activate", 0 ); + if ( Irssi::settings_get_bool("cflarealt_shorturl_activate") ) { + print "cflarealt: URL shortner enabled"; + $cfg_useshort = 1; + } + + Irssi::settings_add_str( "cflarealt", "cflarealt_channels", "" ); + $cfg_chanlist = Irssi::settings_get_str("cflarealt_channels"); + if ($cfg_chanlist) { + print "cflarealt: Following channels are now parsed $cfg_chanlist"; + } + + Irssi::settings_add_int( "cflarealt", "cflarealt_shorturl_min", 40 ); + my $old_min_url_length = $cfg_minurllen; + $cfg_minurllen = Irssi::settings_get_int("cflarealt_shorturl_min"); + if ( $cfg_minurllen != $old_min_url_length ) { + print "cflarealt: min_url_length sucessfully set to $cfg_minurllen"; + } + + Irssi::settings_add_bool( "cflarealt", "cflarealt_debug", 0 ); + my $old_debug = $cfg_isdebug; + $cfg_isdebug = Irssi::settings_get_bool("cflarealt_debug"); + if ( $cfg_isdebug != $old_debug ) { + if ($cfg_isdebug) { + print "cflarealt: Debug Mode Enabled"; + $cfg_isdebug = 1; + } + else { + print "cflarealt: Debug Mode Disabled"; + $cfg_isdebug = 0; + } + } + + Irssi::settings_add_bool( "cflarealt", "cflarealt_uselocaldb", 0 ); + if ( Irssi::settings_get_bool("cflarealt_uselocaldb") ) { + print "cflarealt: Lookup Local DB enabled"; + $cfg_uselocaldb = 1; + } + + Irssi::settings_add_str( "cflarealt", "cflarealt_localdbpath", "" ); + $cfg_localdbpath = Irssi::settings_get_str("cflarealt_localdbpath"); + if ($cfg_localdbpath) { + print "cflarealt: DB path set to $cfg_localdbpath"; + } + + Irssi::settings_add_bool( "cflarealt", "cflarealt_printurl", 0 ); + if ( Irssi::settings_get_bool("cflarealt_printurl") ) { + print "cflarealt: print URL enabled"; + $cfg_printurl = 1; + } + + Irssi::settings_add_bool( "cflarealt", "cflarealt_donotsend", 0 ); + if ( Irssi::settings_get_bool("cflarealt_donotsend") ) { + print "cflarealt: dont-send enabled"; + $cfg_donotsendurl = 1; + } + +} + +sub GotUrl { + my ( $server, $data, $nick, $addr, $target ) = @_; + if ( !$server || !$server->{connected} ) { + Irssi::print("Not connected to server"); + return; + } + return unless ( goodchan($target) ); + $data =~ s/^\s+//; + $data =~ s/\s+$//; + my @urls = (); + my @knownShortFQDN = ( 'tinyurl.com', 'bit.ly' ); + my ( $url, $a, $return, $char, $ch ) = ""; + my $same = 0; + + return unless ( ( $data =~ /\bhttp\:/ ) || ( $data =~ /\bhttps\:/ ) ); + deb("$target triggered GotUrl() with url: $data"); + + # split on whitespace and get the url(s) out + # done this way in case there are more than + # one url per line. + foreach ( split( /\s/, $data ) ) { + if ( ( $_ =~ /^http\:/ ) || ( $_ =~ /^https\:/ ) ) { + foreach $a (@urls) { + if ( $_ eq $a ) { + + # incase they use the same url on the line. + $same = 1; + next; + } + } + if ( $same == 0 ) { + $same = 0; + push( @urls, $_ ); + } + } + } + + my ( $myurl, $fqdn, $junk, $mytype ); + my ( $url, $browser, $response, $answer ); + my ( $line, $ifoundit ); + + foreach (@urls) { + $myurl = $_; + ( $junk, $fqdn ) = split( /\/\//, $myurl, 2 ); + ( $fqdn, $junk ) = split( /\//, $fqdn, 2 ); + $mytype = ''; + + if ( length($fqdn) >= 4 ) { +## Start of Act + +## ACT0. If ShortURL, expand it. (knownShortFQDN) + if ( grep( /^$fqdn$/, @knownShortFQDN ) ) { + deb("$target Expand $fqdn"); + $browser = LWP::UserAgent->new; + $answer = HTTP::Request->new( GET => $myurl ); + $response = $browser->request($answer); + + if ( $response->is_success and $response->previous ) { + if ( $myurl ne $response->request->uri ) { + $junk = $response->request->uri; + if ( index( $junk, 'http' ) == 0 ) { + deb("$target Expanded $fqdn"); + $myurl = $junk; + ( $junk, $fqdn ) = split( /\/\//, $myurl, 2 ); + ( $fqdn, $junk ) = split( /\//, $fqdn, 2 ); + } + } + } + + } + +## ACT1: Update URL if Cloudflared + if ( grep( /^$fqdn$/, @cached ) ) { + deb("$target Found in Cache $fqdn"); + $mytype = '^B^C3[Archive]^O '; + $myurl = 'https://web.archive.org/web/' . $myurl; + } + else { + if ( $cfg_uselocaldb == 1 ) { + deb("$target Lookup local DB about $fqdn"); + open( CFSFILE, + $cfg_localdbpath + . "cloudflare_" + . substr( $fqdn, 0, 1 ) + . ".txt" ) + or die "file not found for $fqdn"; + $ifoundit = 0; + while (<CFSFILE>) { + $line = $_; + $line =~ s/\R//g; + if ( $line eq $fqdn ) { + $ifoundit = 1; + last; + } + } + close CFSFILE; + + if ( $ifoundit == 1 ) { + push( @cached, $fqdn ); + $mytype = '^B^C3[Archive]^O '; + $myurl = 'https://web.archive.org/web/' . $myurl; + } + } + else { + deb("$target Asking API about $fqdn"); + $answer = ''; + $url = 'https://searxes.danwin1210.me/collab/open/ismitm.php?f='.$fqdn; + $browser = LWP::UserAgent->new; + $browser->agent("Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0"); + $response = $browser->get($url); + $answer = $response->content; + if ( $answer eq '[true,true]' ) { + push( @cached, $fqdn ); + $mytype = '^B^C3[Archive]^O '; + $myurl = 'https://web.archive.org/web/' . $myurl; + } + } + } + +## ACT2: Short URL __if__ enabled and long + if ( $cfg_useshort == 1 ) { + if ( length($myurl) > $cfg_minurllen ) { + deb("$target Creating Short URL for $myurl"); + $url = 'https://ux.nu/api/short?format=plain&url='.$myurl; + $browser = LWP::UserAgent->new; + $browser->agent("cloudflare-tor (Thank you for your service)"); + $response = $browser->get($url); + $answer = $response->content; + if ( index( $answer, 'https://ux.nu/' ) == 0 ) { + if ( $mytype eq '' ) { + $mytype = '^B^C7[Short]^O '; + } + else { + $mytype = '^B^C2[Short,Archive]^O '; + } + $myurl = $answer; + } + } + } + +##ACT3: Result + if ( $cfg_printurl == 1 ) { + Irssi::print("URL: $mytype$myurl"); + } + + if ( $cfg_donotsendurl != 1 ) { + if ( $cfg_send2chan == 1 ) { + $server->command("msg $target $myurl"); + } + else { + $server->print( "$target", "$mytype$myurl", + MSGLEVEL_CLIENTCRAP ); + } + } + +## End of Act + } + deb("$target process done for input $myurl"); + } + +## Cleanup cache + if ( $#cached > 500 ) { + @cached = (); + } + + return; +} + +sub deb($) { + Irssi::print(shift) if ( $cfg_isdebug == 1 ); +} + +sub goodchan { + my $chan = shift; + return ("OK") if ( !$cfg_chanlist ); + foreach ( split( /\,/, $cfg_chanlist ) ) { + return ("$_") if ( $_ =~ /$chan/i ); + } + return undef; +} + +setuphandler(); +Irssi::signal_add( "setup changed", "setuphandler" ); +Irssi::signal_add_last( "message public", "GotUrl" ); +Irssi::signal_add_last( "ctcp action", "GotUrl" ); diff --git a/what-to-do.md b/what-to-do.md index 9f30aa41..ef11504e 100644 --- a/what-to-do.md +++ b/what-to-do.md @@ -72,11 +72,9 @@ If Cloudflare leak your information, it's not our fault. [*] | [Block Cloudflare MITM Attack](https://trac.torproject.org/projects/tor/attachment/ticket/24351/block_cloudflare_mitm_attack-1.0.14.1-an%2Bfx.xpi) | nullius | [Link](https://github.com/nym-zone/block_cloudflare_mitm_fx) | **Yes** | **Yes** | | [Are links vulnerable to MITM?](https://addons.mozilla.org/en-US/firefox/addon/are-links-vulnerable-to-mitm/) | Maslin Bossé | [Link](https://notabug.org/themusicgod1/cloudflare-tor/src/master/ismitmlink) | No | **Yes** | | [Third-party Request Blocker (AMO)](https://addons.mozilla.org/en-US/firefox/addon/tprb/) | Searxes #Addon | [Link](https://searxes.danwin1210.me/) | **Yes** | **Yes** | -| [TPRB](https://sw.skusklxqaqnrmszytky4vfyrg625erw4hqhiokyc2ufnokd2aitb47yd.onion/) | Sw | [Link](https://sw.skusklxqaqnrmszytky4vfyrg625erw4hqhiokyc2ufnokd2aitb47yd.onion/) | **Yes** | **Yes** | +| [TPRB](https://searxes.danwin1210.me/collab/tprb0/get_tprb0.php) | Sw | [Link](https://sw.skusklxqaqnrmszytky4vfyrg625erw4hqhiokyc2ufnokd2aitb47yd.onion/) | **Yes** | **Yes** | | [Detect Cloudflare](https://addons.mozilla.org/en-US/firefox/addon/detect-cloudflare/) | Frank Otto | [Link](https://github.com/traktofon/cf-detect) | No | **Yes** | -| [Cloud Firewall](https://addons.mozilla.org/en-US/firefox/addon/cloud-firewall/) [*] | Gokulakrishna Sudharsan | [Link](https://gitlab.com/gkrishnaks/cloud-firewall/) | **Yes** | No | -[*] Do not use it if you're using proxy/VPN/Tor because it has "[DNS leak](https://en.wikipedia.org/wiki/DNS_leak)". - Convince your friends to use [Tor Browser](https://www.torproject.org/) on the daily basis. Anonymity should be the standard of the open internet! @@ -106,6 +104,90 @@ If Cloudflare leak your information, it's not our fault. [*] - Install Web Application Firewall (such as OWASP) and Fail2Ban on _your_ server and configure it _properly_. +- If you want to know more alternative solutions, take a look at [this blog's "Alternative solutions" section](http://www.unixsheikh.com/articles/stay-away-from-cloudflare.html). + +- Redirect or block "_Cloudflare Warp_" users from accessing your website. And provide a reason if you can. + +> IP list is from "[Cloudflare’s current IP ranges](https://www.cloudflare.com/ips/)" webpage. They might lie, so check your server logs too. + +> Method A: Just block + +``` +server { +... +deny 173.245.48.0/20; +deny 103.21.244.0/22; +deny 103.22.200.0/22; +deny 103.31.4.0/22; +deny 141.101.64.0/18; +deny 108.162.192.0/18; +deny 190.93.240.0/20; +deny 188.114.96.0/20; +deny 197.234.240.0/22; +deny 198.41.128.0/17; +deny 162.158.0.0/15; +deny 104.16.0.0/12; +deny 172.64.0.0/13; +deny 131.0.72.0/22; +deny 2400:cb00::/32; +deny 2606:4700::/32; +deny 2803:f800::/32; +deny 2405:b500::/32; +deny 2405:8100::/32; +deny 2a06:98c0::/29; +deny 2c0f:f248::/32; +... +} +``` + +> Method B: Redirect to warning page + +``` +http { +... +geo $iscf { +default 0; +173.245.48.0/20 1; +103.21.244.0/22 1; +103.22.200.0/22 1; +103.31.4.0/22 1; +141.101.64.0/18 1; +108.162.192.0/18 1; +190.93.240.0/20 1; +188.114.96.0/20 1; +197.234.240.0/22 1; +198.41.128.0/17 1; +162.158.0.0/15 1; +104.16.0.0/12 1; +172.64.0.0/13 1; +131.0.72.0/22 1; +2400:cb00::/32 1; +2606:4700::/32 1; +2803:f800::/32 1; +2405:b500::/32 1; +2405:8100::/32 1; +2a06:98c0::/29 1; +2c0f:f248::/32 1; +} +... +} + +server { +... +if ($iscf) {rewrite ^ https://example.com/cfwsorry.php;} +... +} + +<?php +header('HTTP/1.1 406 Not Acceptable'); +echo <<<CLOUDFLARED +Thank you for visiting ourwebsite.com!<br /> +We are sorry, but we can't serve you because your connection is being intercepted by Cloudflare.<br /> +Please read https://notabug.org/themusicgod1/cloudflare-tor/ for more information.<br /> +CLOUDFLARED; +die(); +``` + - Set up [Tor Onion Service](https://www.torproject.org/docs/onion-services.html.en) or I2P insite if you believe in freedom and welcome anonymous users. - Ask for advice from other [Clearnet/Tor dual website operators](https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor) and make anonymous friends! :) @@ -132,7 +214,7 @@ If Cloudflare leak your information, it's not our fault. [*] Let's talk about _other software's privacy_... -- If you really need to use Firefox, pick "[Firefox ESR](https://www.mozilla.org/en-US/firefox/organizations/)". ESR is developed for company and organizations, thus _some_ spyware code is disabled by default. Portable version is [here](https://portableapps.com/apps/internet/firefox-portable-esr). +- If you really need to use Firefox, pick "[Firefox ESR](https://www.mozilla.org/en-US/firefox/organizations/)". ESR is developed for company and organizations, thus _some_ spyware code is disabled by default. Portable version is [here](https://portableapps.com/apps/internet/firefox-portable-esr). But we tell you, Firefox is [horrible for privacy](https://www.reddit.com/r/privacytoolsIO/comments/81om92/what_are_the_differences_between_privacytoolsio/dv4orve/) in [many ways](https://spyware.neocities.org/articles/firefox.html). - Remember, Mozilla is [using Cloudflare service](https://www.robtex.com/dns-lookup/www.mozilla.org). They're also using [Cloudflare's DNS service on their product](https://www.theregister.co.uk/2018/03/21/mozilla_testing_dns_encryption/) D'oh! @@ -228,6 +310,8 @@ Therefore we recommend "Tor Browser" only. Nothing else. - The [ITU](https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20181218/Documents/Geoff_Huston_Presentation.pdf) suggest in the US context that Cloudflare is starting to get big enough that antitrust law might be brought down upon them. +- It's conceivable that the GNU GPL v4 could include a provision against storing source code behind such a service, requiring for all GPLv4 and later programs that at least the source code is accessible via a medium that does not discriminate against tor users (or any other class of users or something?) + ------------ ### Now, what did you do today? |
