firefox - FF Addon SDK read of post data just hangs on login data only -


the following code snippet works fine on standard post requests. on type of site login only, read call below hangs , never comes back. if put read in exception block, no exception ever thrown, never returns:

if(httpchannel.requestmethod == "post") {            channel.queryinterface(ci.nsiuploadchannel);            var instream = cc["@mozilla.org/scriptableinputstream;1"].createinstance(ci.nsiscriptableinputstream);           instream.init(channel.uploadstream);            var post_data = instream.read(instream.available()); ...

and on these logins, instream.available() returning correct number of bytes available in post data. , post data if viewed in burp looks normal (actually plain text password, etc hasn't gone out yet.) once again, if not login, work fine. shouldn't hang in case. of course googled nsiscriptableinputstream read login.

complete code:

/* copyright dedicated public domain.  * http://creativecommons.org/publicdomain/zero/1.0/ */ //"use strict";  const exported_symbols = ['httprequestobserver'];   const {cc, ci, cu} =  require('chrome');  const module = cu.import; const error =  cu.reporterror;  module("resource://gre/modules/xpcomutils.jsm"); module("resource://gre/modules/services.jsm");   function httprequestobserver() {     this._init(); } httprequestobserver.prototype = {     queryinterface: xpcomutils.generateqi([ci.nsiobserver, ci.nsisupportsweakreference, ci.nsiweakreference]),     queryreferent: function(iid) this.queryinterface(iid),     getweakreference: function() this,      _init: function _init() {         services.obs.addobserver(this, 'xpcom-shutdown', true);         services.obs.addobserver(this, 'http-on-modify-request', true);     },      _uninit: function _uninit() {         services.obs.removeobserver(this, 'http-on-modify-request');         services.obs.removeobserver(this, 'xpcom-shutdown');     },      observe: function observe(subject, topic, data) {         switch(topic) {         case 'xpcom-shutdown':             this._uninit();             break;         case 'http-on-modify-request':             this.observerequest(subject, topic, data);             break;         }     },      observerequest: function observerequest(channel, topic, data) {          if (!(channel instanceof ci.nsihttpchannel)) return;          var httpchannel = channel.queryinterface(ci.nsihttpchannel);                  //error("request: " + channel.requestmethod + ": " + channel.uri.spec);          if(httpchannel.requestmethod == "post") {            channel.queryinterface(ci.nsiuploadchannel);            var instream = cc["@mozilla.org/scriptableinputstream;1"].createinstance(ci.nsiscriptableinputstream);           instream.init(channel.uploadstream);            var post_data = instream.read(instream.available());           post_data = post_data.replace(/= *%2344\+font.+krazykool[^&]+/m,"=no+flash+or+java+fonts+detected");            var inputstream =               cc["@mozilla.org/io/string-input-stream;1"].createinstance(ci.nsistringinputstream);                     inputstream.setdata(post_data, post_data.length);            var contenttype =  httpchannel.getrequestheader("content-type");            channel.setuploadstream(inputstream, contenttype, -1);            httpchannel.requestmethod = "post";            //channel.uploadstream.queryinterface(ci.nsiseekablestream);           //channel.uploadstream.seek(0,0);                                            }       }, };  httprequestobserver = new httprequestobserver();

note: regex looking system fonts in post parameter , overwrites them message "no flash or java fonts detected" prevents panopticlick fingerprinting on system fonts. may pointless, guess fingerprinting on in reality wouldn't send actual font list. aside that, above code template altering post parameters. stated, goes neverland if post parameters login parameters.

the firefox addon "tamper data" displays post data logins without problem. source code firefox addon readily available, looking @ source now. source add on, go mozilla add ons, type tamper data in search bar (in instance), , instead of clicking install, right click to save link, xpi file add on. file zip, unzip , contain among other things .jar (java) file happens zip file. unzip , contain js code tamper data add on.

everything in tamperdata.js file i'm still deciphering now. it's doing same sort of thing code, not same needless say, works. file isn't tied interface apparently, plug code.


Comments

Post a Comment

Popular posts from this blog

javascript - Google App Script ContentService downloadAsFile not working -

i have web app developed using google app script htmlservice , html form, populating excel sheet in google drive using spreadsheetapp . , 1 section calling contentservice download data excel file. function doget(e) { // read excel sheet //getappfile(); // render application html template return htmlservice.createtemplatefromfile('index').evaluate() .settitle('go smart') .setsandboxmode(htmlservice.sandboxmode.iframe); } function downloaddoublequatecsvfile() { var sheetid = propertiesservice.getscriptproperties().getproperty('sheetid'); var ss = spreadsheetapp.openbyid(sheetid).getactivesheet(); //var ss = spreadsheetapp.getactivespreadsheet().getactivesheet(); var maxcolumn = ss.getlastcolumn(); var maxrow = ss.getlastrow(); var data = ss.getrange(1, 1, maxrow, maxcolumn).getvalues(); if (data.length > 1) { var csv = ""; (var row = 0; row < data.length; row++) { (var c...
Read more

javascript - Function overwritting -

is there way overwrite function or event handling in function? using addeventlistener, can have many event handlers on element want var test=document.getelementbyid("div"); test.addeventlistener("click",function(){alert("im first");},false); test.addeventlistener("click",function(){alert("im second");},false); // alerts "im first" , after "im second" but if want overwrite function/event example based on client width example this function one() { alert("first"); } function two() { alert("second"); } window.onresize = function() { var test = document.getelementbyid("div"); if (window.innerwidth > 500) { test.onclick = 1 } else { test.onclick = two; } } is possible in javascript? in case use effective little known approach. addeventlistener can accept object property handleevent event handler. in case it's easy overwr...
Read more

php - Find a regex to take part of Email -

i have following emails need extract part from: bestellnummer xxx: 1 von xxx, 1er pack ------------- anfang der nachricht ------------- foo bar baz foo bar baz // <<<<< need text here ------------- ende der nachricht ------------- ------------- anfang der nachricht ------------- foo bar baz foo bar baz ------------- ende der nachricht ------------- there 0 unlimited occurences of ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- and i'm able extract first part regex: $re = "/------------- .*? -------------.?(.*?).?------------- .*? -------------/s"; but, i'm quite new on learning regex, i'm pretty sure there must better regex extract part (foo bar baz foo bar baz) of text between ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- as can in different languages, i'm using .? to match between hyphens. i...
Read more