mix content issue solved

Author: TasnimFabiha

xssi check/jsFinder/app/background.js

@@ -1,14 +1,69 @@
-chrome.tabs.onUpdated.addListener(function (tabId, changeInfo, tab) {
-    //alert("background js");
-    if (changeInfo.status == 'complete') {
-        chrome.tabs.getSelected(null, function (tab) {
-            chrome.tabs.sendRequest(0, {
-                method: "getText"
-            }, function (response) {
-                if (response.method == "getText") {
-                    alltext = response.data;
-                }
-            });
-        });
+chrome.browserAction.onClicked.addListener(function (tab) {
+    chrome.tabs.executeScript({
+        code: 'document.body.style.backgroundColor="red"'
+    });
+    chrome.tabs.executeScript(null, { file: "page_analyzer.js" });
+    // chrome.tabs.query({active: true, currentWindow: true}, function(tabs) {
+    // chrome.tabs.sendMessage(tabs[0].id, {greeting: "hello"}, function(response) {
+    // console.log(response.farewell);
+    // });
+    // });
+
+});
+
+chrome.runtime.onMessage.addListener(function (request, sender, sendResponse) {
+    console.log(sender.tab ?
+                "from a content script:" + sender.tab.url :
+                "from the extension");
+    console.log(request);
+    initiateProcess(request)
+    // if (request.greeting == "hello")
+    // sendResponse({farewell: "goodbye"});
+});
+
+function initiateProcess(obj) {
+    var cookies = obj.cookies;
+    var currentUrl = obj.currentUrl;
+    var scripts = obj.scripts;
+    for (var i = 0; i < scripts.length; i++) {
+        loadDoc(i, scripts[i].src, scripts[i].content);
     }
-})
+    postCookies(cookies, currentUrl);
+
+}
+
+function postCookies(cookies, currentUrl) {
+    var xhttp = new XMLHttpRequest();
+    xhttp.onreadystatechange = function () {
+        if (this.readyState === 4 && this.status === 200) {
+            getScriptContent();
+        }
+    };
+    xhttp.open("POST", "http://localhost:55168/home/PostCookies", true);
+    xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+    xhttp.send("cookies=" + cookies + "&url=" + currentUrl);
+}
+
+
+function loadDoc(scriptNumber, src, content) {
+    var xhttp = new XMLHttpRequest();
+    xhttp.onreadystatechange = function () {
+        if (this.readyState === 4 && this.status === 200) {
+        }
+    };
+    xhttp.open("POST", "http://localhost:55168/home/PostScript", true);
+    xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+    xhttp.send("Number=" + scriptNumber + "&Source=" + src + "&Content=" + content);
+}
+
+function getScriptContent() {
+    var xhttp = new XMLHttpRequest();
+    xhttp.onreadystatechange = function () {
+        if (this.readyState === 4 && this.status === 200) {
+        }
+    };
+    xhttp.open("GET", "http://localhost:55168/home/GetScriptContent", true);
+    xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+    xhttp.send();
+}
+

xssi check/jsFinder/app/manifest.json

@@ -1,26 +1,46 @@
+//{
+//  "manifest_version": 2,
+
+//  "name": "Getting started example",
+//  "description": "This extension allows the user to change the background color of the current page.",
+//  "version": "1.0",
+
+//  "browser_action": {
+//    "default_icon": "icon.png",
+//    "default_popup": "popup.html"
+//  },
+//  "permissions": [
+//    "activeTab",
+//    "storage"
+//  ]
+//}
+
+
 {
   "manifest_version": 2,
+  "name": "JS Finder",
+  "description": "Make the current page red",
+  "version": "2.0",
 
-  "name": "XSSI Check",
-  "description": "This extension will analyze a page and find out if it is trying to be accessed by xssi.",
-  "version": "1.0",
-
-  "permissions": [
-    "webNavigation",
-    "*://*/*"
-  ],
   "background": {
-    "scripts": ["jquery-3.2.1.min.js","getPageSource.js","background.js"]
+    "scripts": [ "background.js" ],
+    "persistent": false
   },
   "browser_action": {
-    "default_icon": "img/icon.png",
-    "default_popup": "popup.html"
+    "default_icon": "/img/icon.png",
+    "default_title": "Read the js of current page"
+    //"default_popup": "popup.html"
   },
-  "content_scripts": [
-    {
-      "matches": ["*://*/*"],
-      "js": ["jquery-3.2.1.min.js", "page_analyzer.js"],
-      "run_at": "document_end"
-    }
+  "permissions": [
+    "*://*/*",
+    "activeTab"
   ]
+  //,
+  //"content_scripts": [
+    //{
+      //"matches": [ "*://*/*" ]
+      //,
+      //"js": [ "page_analyzer.js" ]
+    //}
+  //]
 }

xssi check/jsFinder/app/page_analyzer.js

@@ -1,57 +1,36 @@
-//document.body.innerHTML = document.body.innerHTML.replace(new RegExp("Gmail", "g"), "nobody");
+chrome.runtime.onMessage.addListener(
+  function (request, sender, sendResponse) {
+      console.log(sender.tab ?
+                  "from a content script:" + sender.tab.url :
+                  "from the extension");
+      if (request.greeting == "hello")
+          sendResponse({ farewell: "goodbye" });
+  });
 
-window.onload = function () {
+// chrome.runtime.sendMessage({greeting: "hello"}, function(response) {
+// console.log(response.farewell);
+// });
+
+findScripts((obj) => {
+    console.log(obj);
+    chrome.runtime.sendMessage(obj, function (response) {
+        //console.log(response.farewell);
+    });
+});
+
+function findScripts(callback) {
+    var scriptList = [];
     var cookies = document.cookie;
     var currenturl = window.location.href;
     var scripts = document.getElementsByTagName("script");
-    for (var i = 0; i < scripts.length; i++) { 
+    for (var i = 0; i < scripts.length; i++) {
         if (scripts[i].src) {
-            console.log(i, scripts[i].src);
-            
-            loadDoc(i, scripts[i].src, "");
-        }
-        else {
-            console.log(i, scripts[i]);
-            loadDoc(i, window.location.href, scripts[i].innerHTML);
+            scriptList.push({ index: i, src: scripts[i].src, content: "" });
         }
+        //else {
+        //scriptList.push({index:i, src: window.location.href, content:scripts[i].innerHTML});
+        //}
     }
-    postCookies(cookies, currenturl);
-    //getScriptContent();
-    //alert(scripts.length);
-}
-
-function postCookies(cookies, currenturl) {
-    var xhttp = new XMLHttpRequest();
-    xhttp.onreadystatechange = function () {
-        if (this.readyState === 4 && this.status === 200) {
-            getScriptContent();
-        }
-    };
-    xhttp.open("POST", "http://localhost:55168/home/PostCookies", true);
-    xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
-    xhttp.send("cookies="+cookies+"&url="+ currenturl);
-}
+    callback({ currentUrl: currenturl, cookies: cookies, scripts: scriptList });
 
-
-function loadDoc(scriptNumber, src, content) {
-    var xhttp = new XMLHttpRequest();
-    xhttp.onreadystatechange = function () {
-        if (this.readyState === 4 && this.status === 200) {
-        }
-    };
-    xhttp.open("POST", "http://localhost:55168/home/PostScript", true);
-    xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
-    xhttp.send("Number=" + scriptNumber + "&Source=" + src + "&Content=" + content);
-}
-
-
-function getScriptContent() {
-    var xhttp = new XMLHttpRequest();
-    xhttp.onreadystatechange = function () {
-        if (this.readyState === 4 && this.status === 200) {
-        }
-    };
-    xhttp.open("GET", "http://localhost:55168/home/GetScriptContent", true);
-    xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
-    xhttp.send();
 }

xssi check/jsFinder/app/popup.html

@@ -1,12 +1,49 @@
 <!doctype html>
+<!--
+ This page is shown when the extension button is clicked, because the
+ "browser_action" field in manifest.json contains the "default_popup" key with
+ value "popup.html".
+ -->
 <html>
 <head>
-    <title>XSSI Check</title>
-    <script src="popup.js"></script>
+    <title>Getting Started Extension's Popup</title>
+    <style type="text/css">
+        body {
+            margin: 10px;
+            white-space: nowrap;
+        }
+
+        h1 {
+            font-size: 15px;
+        }
+
+        #container {
+            align-items: center;
+            display: flex;
+            justify-content: space-between;
+        }
+    </style>
+    <!--
+      - JavaScript and HTML must be in separate files: see our Content Security
+      - Policy documentation[1] for details and explanation.
+      -
+      - [1]: https://developer.chrome.com/extensions/contentSecurityPolicy
+    -->
     <script src="jquery-3.2.1.min.js"></script>
+    <script src="popup.js"></script>
 </head>
 <body>
-    <h1>Checking now..</h1>
-    <button id="checkPage">Check</button>
+    <h1>Background Color Changer</h1>
+    <div id="container">
+        <span>Choose a color</span>
+        <!--<select id="dropdown">
+          <option selected disabled hidden value=''></option>
+          <option value="white">White</option>
+          <option value="pink">Pink</option>
+          <option value="green">Green</option>
+          <option value="yellow">Yellow</option>
+        </select>-->
+        <button id="checkPage">Check</button>
+    </div>
 </body>
-</html>
+</html>