diff --git a/Endless Tests/HSTSCache_Tests.m b/Endless Tests/HSTSCache_Tests.m new file mode 100644 index 0000000..dfdb18d --- /dev/null +++ b/Endless Tests/HSTSCache_Tests.m @@ -0,0 +1,104 @@ +#import +#import +#import + +#import "HSTSCache.h" + +#define TRACE_HSTS + +@interface HSTSCache_Tests : XCTestCase +@end + +@implementation HSTSCache_Tests + +HSTSCache *hstsCache; + +- (void)setUp { + [super setUp]; + + hstsCache = [[HSTSCache alloc] init]; +} + +- (void)testParseHSTSHeader { + [hstsCache parseHSTSHeader:@"max-age=12345; includeSubDomains" forHost:@"example.com"]; + + NSDictionary *params = [hstsCache objectForKey:@"example.com"]; + XCTAssertNotNil(params); + XCTAssertNotNil([params objectForKey:HSTS_KEY_ALLOW_SUBDOMAINS]); + XCTAssertNotNil([params objectForKey:HSTS_KEY_EXPIRATION]); + + XCTAssertTrue([(NSDate *)[params objectForKey:HSTS_KEY_EXPIRATION] timeIntervalSince1970] - [[NSDate date] timeIntervalSince1970] >= 12340); +} + +- (void)testIgnoreIPAddresses { + [hstsCache parseHSTSHeader:@"max-age=12345; includeSubDomains" forHost:@"127.0.0.1"]; + + NSDictionary *params = [hstsCache objectForKey:@"127.0.0.1"]; + XCTAssertNil(params); +} + +- (void)testParseUpdatedHSTSHeader { + [hstsCache parseHSTSHeader:@"max-age=12345; includeSubDomains" forHost:@"example.com"]; + + NSDictionary *params = [hstsCache objectForKey:@"example.com"]; + XCTAssertNotNil(params); + XCTAssertNotNil([params objectForKey:HSTS_KEY_ALLOW_SUBDOMAINS]); + + /* now a new request presents without includeSubDomains */ + [hstsCache parseHSTSHeader:@"max-age=12345" forHost:@"example.com"]; + + params = [hstsCache objectForKey:@"example.com"]; + XCTAssertNotNil(params); + XCTAssertNil([params objectForKey:HSTS_KEY_ALLOW_SUBDOMAINS]); +} + +- (void)testParseEFFHSTSHeader { + /* weirdo header that eff sends (to cover old spec?) */ + [hstsCache parseHSTSHeader:@"max-age=31536000; includeSubdomains, max-age=31536000; includeSubdomains" forHost:@"www.EFF.org"]; + + NSDictionary *params = [hstsCache objectForKey:@"www.eff.org"]; + XCTAssertNotNil(params); + XCTAssertNotNil([params objectForKey:HSTS_KEY_ALLOW_SUBDOMAINS]); + XCTAssertNotNil([params objectForKey:HSTS_KEY_EXPIRATION]); +} + +- (void)testURLRewriting { + [hstsCache parseHSTSHeader:@"max-age=31536000; includeSubdomains, max-age=31536000; includeSubdomains" forHost:@"www.EFF.org"]; + + NSURL *output = [hstsCache rewrittenURI:[NSURL URLWithString:@"http://www.eff.org/test"]]; + XCTAssertTrue([[output absoluteString] isEqualToString:@"https://www.eff.org/test"]); + + /* we didn't see the header for "eff.org", so subdomains have to be of www */ + output = [hstsCache rewrittenURI:[NSURL URLWithString:@"http://subdomain.eff.org/test"]]; + XCTAssertFalse([[output absoluteString] isEqualToString:@"https://subdomain.eff.org/test"]); + + output = [hstsCache rewrittenURI:[NSURL URLWithString:@"http://subdomain.www.eff.org/test"]]; + XCTAssertTrue([[output absoluteString] isEqualToString:@"https://subdomain.www.eff.org/test"]); + + output = [hstsCache rewrittenURI:[NSURL URLWithString:@"http://www.eff.org:1234/?what#hi"]]; + XCTAssertTrue([[output absoluteString] isEqualToString:@"https://www.eff.org:1234/?what#hi"]); + + output = [hstsCache rewrittenURI:[NSURL URLWithString:@"http://www.eff.org:80/?what#hi"]]; + XCTAssertTrue([[output absoluteString] isEqualToString:@"https://www.eff.org/?what#hi"]); +} + +- (void)testExpiring { + [hstsCache parseHSTSHeader:@"max-age=2; includeSubDomains" forHost:@"example.com"]; + + NSURL *output = [hstsCache rewrittenURI:[NSURL URLWithString:@"http://www.example.com/"]]; + XCTAssertTrue([[output absoluteString] isEqualToString:@"https://www.example.com/"]); + + NSDate *timeoutDate = [NSDate dateWithTimeIntervalSinceNow:4]; + + do { + [[NSRunLoop currentRunLoop] runMode:NSDefaultRunLoopMode beforeDate:timeoutDate]; + if ([timeoutDate timeIntervalSinceNow] < 0) + break; + } while (TRUE); + + /* expired */ + output = [hstsCache rewrittenURI:[NSURL URLWithString:@"http://www.example.com/"]]; + XCTAssertTrue([[output absoluteString] isEqualToString:@"http://www.example.com/"]); +} + +@end diff --git a/Endless.xcodeproj/project.pbxproj b/Endless.xcodeproj/project.pbxproj index ba937fe..0f101f0 100644 --- a/Endless.xcodeproj/project.pbxproj +++ b/Endless.xcodeproj/project.pbxproj @@ -8,9 +8,10 @@ /* Begin PBXBuildFile section */ 010EEA661A43A536001E8B65 /* CookieController.m in Sources */ = {isa = PBXBuildFile; fileRef = 010EEA651A43A536001E8B65 /* CookieController.m */; }; - 010EEA691A43C8CF001E8B65 /* CookieWhitelist.m in Sources */ = {isa = PBXBuildFile; fileRef = 010EEA681A43C8CF001E8B65 /* CookieWhitelist.m */; }; + 010EEA691A43C8CF001E8B65 /* CookieJar.m in Sources */ = {isa = PBXBuildFile; fileRef = 010EEA681A43C8CF001E8B65 /* CookieJar.m */; }; 0135F4761A3D2931005A8F16 /* SearchEngines.plist in Resources */ = {isa = PBXBuildFile; fileRef = 0135F4751A3D2931005A8F16 /* SearchEngines.plist */; }; 0135F47F1A3E548F005A8F16 /* WebViewTab.m in Sources */ = {isa = PBXBuildFile; fileRef = 0135F47E1A3E548F005A8F16 /* WebViewTab.m */; }; + 016B2FCB1A53466D002D2730 /* hsts_preload.plist in Resources */ = {isa = PBXBuildFile; fileRef = 016B2FCA1A53466D002D2730 /* hsts_preload.plist */; }; 01801E981A32CA2A002B4718 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 01801E971A32CA2A002B4718 /* main.m */; }; 01801E9B1A32CA2A002B4718 /* AppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = 01801E9A1A32CA2A002B4718 /* AppDelegate.m */; }; 01801EA11A32CA2A002B4718 /* WebViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 01801EA01A32CA2A002B4718 /* WebViewController.m */; }; @@ -23,10 +24,13 @@ 018333E91A35746500670CD1 /* https-everywhere_rules.plist in Resources */ = {isa = PBXBuildFile; fileRef = 018333E71A35746500670CD1 /* https-everywhere_rules.plist */; }; 018333EA1A35746500670CD1 /* https-everywhere_targets.plist in Resources */ = {isa = PBXBuildFile; fileRef = 018333E81A35746500670CD1 /* https-everywhere_targets.plist */; }; 01D741281A44DF1C007B7033 /* WebViewMenuController.m in Sources */ = {isa = PBXBuildFile; fileRef = 01D741271A44DF1C007B7033 /* WebViewMenuController.m */; }; - 01D7412A1A45EDD1007B7033 /* CookieWhitelist_Tests.m in Sources */ = {isa = PBXBuildFile; fileRef = 01D741291A45EDD1007B7033 /* CookieWhitelist_Tests.m */; }; + 01D7412A1A45EDD1007B7033 /* CookieJar_Tests.m in Sources */ = {isa = PBXBuildFile; fileRef = 01D741291A45EDD1007B7033 /* CookieJar_Tests.m */; }; 01D7412C1A45F8EB007B7033 /* injected.js in Resources */ = {isa = PBXBuildFile; fileRef = 01D7412B1A45F8EB007B7033 /* injected.js */; }; 01D7412F1A466AF0007B7033 /* NSString+JavascriptEscape.m in Sources */ = {isa = PBXBuildFile; fileRef = 01D7412E1A466AF0007B7033 /* NSString+JavascriptEscape.m */; }; 01D741321A49EA14007B7033 /* HTTPSEverywhereRuleController.m in Sources */ = {isa = PBXBuildFile; fileRef = 01D741311A49EA14007B7033 /* HTTPSEverywhereRuleController.m */; }; + 01F7CB491A5253DD00F42B73 /* HSTSCache.m in Sources */ = {isa = PBXBuildFile; fileRef = 01F7CB481A5253DD00F42B73 /* HSTSCache.m */; }; + 01F7CB4B1A526B9C00F42B73 /* HSTSCache_Tests.m in Sources */ = {isa = PBXBuildFile; fileRef = 01F7CB4A1A526B9C00F42B73 /* HSTSCache_Tests.m */; }; + 01F7CB4E1A52FC4E00F42B73 /* NSString+IPAddress.m in Sources */ = {isa = PBXBuildFile; fileRef = 01F7CB4D1A52FC4E00F42B73 /* NSString+IPAddress.m */; }; 01F8793B1A4108DD00A63654 /* URLBlocker.m in Sources */ = {isa = PBXBuildFile; fileRef = 01F8793A1A4108DD00A63654 /* URLBlocker.m */; }; 01F879411A4112E500A63654 /* URLBlocker_Tests.m in Sources */ = {isa = PBXBuildFile; fileRef = 01F879401A4112E500A63654 /* URLBlocker_Tests.m */; }; 01F879441A41140D00A63654 /* https-everywhere_mock_rules.plist in Resources */ = {isa = PBXBuildFile; fileRef = 01F879421A41140D00A63654 /* https-everywhere_mock_rules.plist */; }; @@ -55,11 +59,12 @@ /* Begin PBXFileReference section */ 010EEA641A43A536001E8B65 /* CookieController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CookieController.h; sourceTree = ""; }; 010EEA651A43A536001E8B65 /* CookieController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = CookieController.m; sourceTree = ""; }; - 010EEA671A43C8CF001E8B65 /* CookieWhitelist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CookieWhitelist.h; sourceTree = ""; }; - 010EEA681A43C8CF001E8B65 /* CookieWhitelist.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = CookieWhitelist.m; sourceTree = ""; }; + 010EEA671A43C8CF001E8B65 /* CookieJar.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CookieJar.h; sourceTree = ""; }; + 010EEA681A43C8CF001E8B65 /* CookieJar.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = CookieJar.m; sourceTree = ""; }; 0135F4751A3D2931005A8F16 /* SearchEngines.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = SearchEngines.plist; path = Endless/Resources/SearchEngines.plist; sourceTree = ""; }; 0135F47D1A3E548F005A8F16 /* WebViewTab.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WebViewTab.h; sourceTree = ""; }; 0135F47E1A3E548F005A8F16 /* WebViewTab.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = WebViewTab.m; sourceTree = ""; }; + 016B2FCA1A53466D002D2730 /* hsts_preload.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; name = hsts_preload.plist; path = Endless/Resources/hsts_preload.plist; sourceTree = ""; }; 01801E921A32CA2A002B4718 /* Endless.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = Endless.app; sourceTree = BUILT_PRODUCTS_DIR; }; 01801E961A32CA2A002B4718 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 01801E971A32CA2A002B4718 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; @@ -84,12 +89,17 @@ 018333EB1A357D8B00670CD1 /* libPods-OCMock.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = "libPods-OCMock.a"; path = "Pods/build/Debug-iphoneos/libPods-OCMock.a"; sourceTree = ""; }; 01D741261A44DF1C007B7033 /* WebViewMenuController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WebViewMenuController.h; sourceTree = ""; }; 01D741271A44DF1C007B7033 /* WebViewMenuController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = WebViewMenuController.m; sourceTree = ""; }; - 01D741291A45EDD1007B7033 /* CookieWhitelist_Tests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = CookieWhitelist_Tests.m; sourceTree = ""; }; + 01D741291A45EDD1007B7033 /* CookieJar_Tests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = CookieJar_Tests.m; sourceTree = ""; }; 01D7412B1A45F8EB007B7033 /* injected.js */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.javascript; name = injected.js; path = Endless/Resources/injected.js; sourceTree = ""; }; 01D7412D1A466AF0007B7033 /* NSString+JavascriptEscape.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSString+JavascriptEscape.h"; sourceTree = ""; }; 01D7412E1A466AF0007B7033 /* NSString+JavascriptEscape.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSString+JavascriptEscape.m"; sourceTree = ""; }; 01D741301A49EA14007B7033 /* HTTPSEverywhereRuleController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HTTPSEverywhereRuleController.h; sourceTree = ""; }; 01D741311A49EA14007B7033 /* HTTPSEverywhereRuleController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = HTTPSEverywhereRuleController.m; sourceTree = ""; }; + 01F7CB471A5253DD00F42B73 /* HSTSCache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HSTSCache.h; sourceTree = ""; }; + 01F7CB481A5253DD00F42B73 /* HSTSCache.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = HSTSCache.m; sourceTree = ""; }; + 01F7CB4A1A526B9C00F42B73 /* HSTSCache_Tests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = HSTSCache_Tests.m; sourceTree = ""; }; + 01F7CB4C1A52FC4E00F42B73 /* NSString+IPAddress.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSString+IPAddress.h"; sourceTree = ""; }; + 01F7CB4D1A52FC4E00F42B73 /* NSString+IPAddress.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSString+IPAddress.m"; sourceTree = ""; }; 01F879391A4108DD00A63654 /* URLBlocker.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = URLBlocker.h; sourceTree = ""; }; 01F8793A1A4108DD00A63654 /* URLBlocker.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = URLBlocker.m; sourceTree = ""; }; 01F879401A4112E500A63654 /* URLBlocker_Tests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = URLBlocker_Tests.m; sourceTree = ""; }; @@ -156,10 +166,12 @@ children = ( 01801E991A32CA2A002B4718 /* AppDelegate.h */, 01801E9A1A32CA2A002B4718 /* AppDelegate.m */, - 010EEA671A43C8CF001E8B65 /* CookieWhitelist.h */, - 010EEA681A43C8CF001E8B65 /* CookieWhitelist.m */, + 010EEA671A43C8CF001E8B65 /* CookieJar.h */, + 010EEA681A43C8CF001E8B65 /* CookieJar.m */, 010EEA641A43A536001E8B65 /* CookieController.h */, 010EEA651A43A536001E8B65 /* CookieController.m */, + 01F7CB471A5253DD00F42B73 /* HSTSCache.h */, + 01F7CB481A5253DD00F42B73 /* HSTSCache.m */, 01D741301A49EA14007B7033 /* HTTPSEverywhereRuleController.h */, 01D741311A49EA14007B7033 /* HTTPSEverywhereRuleController.m */, 018333C81A3505FB00670CD1 /* HTTPSEverywhere.h */, @@ -183,11 +195,13 @@ 01801E951A32CA2A002B4718 /* Supporting Files */ = { isa = PBXGroup; children = ( - 01D7412D1A466AF0007B7033 /* NSString+JavascriptEscape.h */, - 01D7412E1A466AF0007B7033 /* NSString+JavascriptEscape.m */, + 018333CF1A351B3B00670CD1 /* Endless-Prefix.pch */, 01801E961A32CA2A002B4718 /* Info.plist */, 01801E971A32CA2A002B4718 /* main.m */, - 018333CF1A351B3B00670CD1 /* Endless-Prefix.pch */, + 01F7CB4C1A52FC4E00F42B73 /* NSString+IPAddress.h */, + 01F7CB4D1A52FC4E00F42B73 /* NSString+IPAddress.m */, + 01D7412D1A466AF0007B7033 /* NSString+JavascriptEscape.h */, + 01D7412E1A466AF0007B7033 /* NSString+JavascriptEscape.m */, ); name = "Supporting Files"; path = Endless; @@ -199,6 +213,7 @@ 01801EC21A3360F8002B4718 /* InAppSettings.bundle */, 01F8794A1A41232E00A63654 /* credits.html */, 01D7412B1A45F8EB007B7033 /* injected.js */, + 016B2FCA1A53466D002D2730 /* hsts_preload.plist */, 018333E71A35746500670CD1 /* https-everywhere_rules.plist */, 018333E81A35746500670CD1 /* https-everywhere_targets.plist */, 0135F4751A3D2931005A8F16 /* SearchEngines.plist */, @@ -211,9 +226,10 @@ 018333D81A35727C00670CD1 /* Endless Tests */ = { isa = PBXGroup; children = ( + 01D741291A45EDD1007B7033 /* CookieJar_Tests.m */, + 01F7CB4A1A526B9C00F42B73 /* HSTSCache_Tests.m */, 018333DB1A35727C00670CD1 /* HTTPSEverywhere_Tests.m */, 01F879401A4112E500A63654 /* URLBlocker_Tests.m */, - 01D741291A45EDD1007B7033 /* CookieWhitelist_Tests.m */, 018333D91A35727C00670CD1 /* Supporting Files */, ); path = "Endless Tests"; @@ -345,6 +361,7 @@ 01F8794F1A412FA500A63654 /* urlblocker_targets.plist in Resources */, 01801EA61A32CA2A002B4718 /* Images.xcassets in Resources */, 01F8794C1A4124FE00A63654 /* credits.html in Resources */, + 016B2FCB1A53466D002D2730 /* hsts_preload.plist in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -441,9 +458,11 @@ 01F8793B1A4108DD00A63654 /* URLBlocker.m in Sources */, 01801EC01A335BEC002B4718 /* URLInterceptor.m in Sources */, 018333CA1A3505FB00670CD1 /* HTTPSEverywhere.m in Sources */, + 01F7CB491A5253DD00F42B73 /* HSTSCache.m in Sources */, + 01F7CB4E1A52FC4E00F42B73 /* NSString+IPAddress.m in Sources */, 0135F47F1A3E548F005A8F16 /* WebViewTab.m in Sources */, 010EEA661A43A536001E8B65 /* CookieController.m in Sources */, - 010EEA691A43C8CF001E8B65 /* CookieWhitelist.m in Sources */, + 010EEA691A43C8CF001E8B65 /* CookieJar.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -451,8 +470,9 @@ isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( + 01F7CB4B1A526B9C00F42B73 /* HSTSCache_Tests.m in Sources */, 01F879411A4112E500A63654 /* URLBlocker_Tests.m in Sources */, - 01D7412A1A45EDD1007B7033 /* CookieWhitelist_Tests.m in Sources */, + 01D7412A1A45EDD1007B7033 /* CookieJar_Tests.m in Sources */, 018333DC1A35727C00670CD1 /* HTTPSEverywhere_Tests.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; diff --git a/Endless/AppDelegate.h b/Endless/AppDelegate.h index be1dfe4..979cef0 100644 --- a/Endless/AppDelegate.h +++ b/Endless/AppDelegate.h @@ -2,6 +2,7 @@ #import #import "CookieJar.h" +#import "HSTSCache.h" #import "WebViewController.h" @interface AppDelegate : UIResponder @@ -14,6 +15,7 @@ @property (strong, atomic) WebViewController *webViewController; @property (strong, atomic) CookieJar *cookieJar; +@property (strong, atomic) HSTSCache *hstsCache; @property (readonly, strong, nonatomic) NSMutableDictionary *searchEngines; diff --git a/Endless/Endless-Prefix.pch b/Endless/Endless-Prefix.pch index 84cf2d2..6714eed 100644 --- a/Endless/Endless-Prefix.pch +++ b/Endless/Endless-Prefix.pch @@ -18,6 +18,9 @@ /* be verbose about javascript IPC */ //# define TRACE_IPC +/* be verbose about HTTP Strict Transport Security */ +//# define TRACE_HSTS + #endif #endif diff --git a/Endless/HSTSCache.h b/Endless/HSTSCache.h new file mode 100644 index 0000000..451fad1 --- /dev/null +++ b/Endless/HSTSCache.h @@ -0,0 +1,30 @@ +#import + +#define HSTS_HEADER @"Strict-Transport-Security" +#define HSTS_KEY_EXPIRATION @"expiration" +#define HSTS_KEY_ALLOW_SUBDOMAINS @"allowSubdomains" +#define HSTS_KEY_PRELOADED @"preloaded" + +/* subclassing NSMutableDictionary is not easy, so we have to use composition */ + +@interface HSTSCache : NSObject +{ + NSMutableDictionary *_dict; +} + +@property NSMutableDictionary *dict; + ++ (HSTSCache *)retrieve; + +- (void)persist; +- (NSURL *)rewrittenURI:(NSURL *)URL; +- (void)parseHSTSHeader:(NSString *)header forHost:(NSString *)host; + +/* NSMutableDictionary composition pass-throughs */ +- (id)objectForKey:(id)aKey; +- (BOOL)writeToFile:(NSString *)path atomically:(BOOL)useAuxiliaryFile; +- (void)setValue:(id)value forKey:(NSString *)key; +- (void)removeObjectForKey:(id)aKey; +- (NSArray *)allKeys; + +@end diff --git a/Endless/HSTSCache.m b/Endless/HSTSCache.m new file mode 100644 index 0000000..9a988af --- /dev/null +++ b/Endless/HSTSCache.m @@ -0,0 +1,220 @@ +#import "AppDelegate.h" +#import "HSTSCache.h" +#import "NSString+IPAddress.h" + +/* rfc6797 HTTP Strict Transport Security */ + +/* note that UIWebView has its own HSTS cache that comes preloaded with a big plist of hosts, but we can't change it or manually add to it */ + +@implementation HSTSCache + +static NSDictionary *_preloadedHosts; +AppDelegate *appDelegate; + ++ (NSString *)hstsCachePath +{ + NSString *path = [NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) lastObject]; + return [path stringByAppendingPathComponent:@"hsts_cache.plist"]; +} + +- (HSTSCache *)init +{ + self = [super init]; + + _dict = [[NSMutableDictionary alloc] init]; + appDelegate = (AppDelegate *)[[UIApplication sharedApplication] delegate]; + + return self; +} + ++ (HSTSCache *)retrieve +{ + HSTSCache *hc = [[HSTSCache alloc] init]; + NSFileManager *fileManager = [NSFileManager defaultManager]; + if ([fileManager fileExistsAtPath:[[self class] hstsCachePath]]) { + hc.dict = [NSMutableDictionary dictionaryWithContentsOfFile:[[self class] hstsCachePath]]; + } + else { + hc.dict = [[NSMutableDictionary alloc] initWithCapacity:50]; + } + + /* mix in preloaded */ + NSString *path = [[NSBundle mainBundle] pathForResource:@"hsts_preload" ofType:@"plist"]; + if ([[NSFileManager defaultManager] fileExistsAtPath:path]) { + NSDictionary *tmp = [NSDictionary dictionaryWithContentsOfFile:path]; + for (NSString *host in [tmp allKeys]) { + NSDictionary *hostdef = [tmp objectForKey:host]; + NSMutableDictionary *v = [[NSMutableDictionary alloc] init]; + + [v setObject:[NSDate dateWithTimeIntervalSinceNow:(60 * 60 * 24 * 365)] forKey:HSTS_KEY_EXPIRATION]; + [v setObject:@YES forKey:HSTS_KEY_PRELOADED]; + + NSNumber *is = [hostdef objectForKey:@"include_subdomains"]; + if ([is intValue] == 1) { + [v setObject:@YES forKey:HSTS_KEY_ALLOW_SUBDOMAINS]; + } + + [[hc dict] setObject:v forKey:host]; + } + +#ifdef TRACE_HSTS + NSLog(@"[HSTSCache] locked and loaded with %lu preloaded hosts", [tmp count]); +#endif + } + else { + NSLog(@"[HSTSCache] no preload plist at %@", path); + } + + return hc; +} + +- (void)persist +{ + [self writeToFile:[[self class] hstsCachePath] atomically:YES]; +} + +- (NSURL *)rewrittenURI:(NSURL *)URL +{ + if (![[URL scheme] isEqualToString:@"http"]) { + return URL; + } + + NSString *host = [[URL host] lowercaseString]; + NSString *matchHost = [host copy]; + + /* 8.3: ignore when host is a bare ip address */ + if ([host isValidIPAddress]) { + return URL; + } + + NSDictionary *params = [self objectForKey:host]; + if (params == nil) { + /* for a host of x.y.z.example.com, try y.z.example.com, z.example.com, example.com, etc. */ + NSArray *hostp = [host componentsSeparatedByString:@"."]; + for (int i = 1; i < [hostp count]; i++) { + NSString *wc = [[hostp subarrayWithRange:NSMakeRange(i, [hostp count] - i)] componentsJoinedByString:@"."]; + + if (((params = [self objectForKey:wc]) != nil) && [params objectForKey:HSTS_KEY_ALLOW_SUBDOMAINS]) { + matchHost = wc; + break; + } + } + } + + if (params != nil) { + NSDate *exp = [params objectForKey:HSTS_KEY_EXPIRATION]; + if ([exp timeIntervalSince1970] < [[NSDate date] timeIntervalSince1970]) { +#ifdef TRACE_HSTS + NSLog(@"[HSTSCache] entry for %@ expired at %@", matchHost, exp); +#endif + [self removeObjectForKey:matchHost]; + params = nil; + } + } + + if (params == nil) { + return URL; + } + + NSURLComponents *URLc = [NSURLComponents componentsWithURL:URL resolvingAgainstBaseURL:NO]; + + [URLc setScheme:@"https"]; + + /* 8.3.5: nullify port unless it's a non-standard one */ + if ([URLc port] != nil && [[URLc port] intValue] == 80) { + [URLc setPort:nil]; + } + +#ifdef TRACE_HSTS + NSLog(@"[HSTSCache] %@rewrote %@ to %@", ([params objectForKey:HSTS_KEY_PRELOADED] ? @"[preloaded] " : @""), URL, [URLc URL]); +#endif + + return [URLc URL]; +} + +- (void)parseHSTSHeader:(NSString *)header forHost:(NSString *)host +{ + NSMutableDictionary *params = [[NSMutableDictionary alloc] initWithCapacity:3]; + host = [host lowercaseString]; + + /* 8.1.1: reject caching when host is a bare ip address */ + if ([host isValidIPAddress]) + return; + +#ifdef TRACE_HSTS + NSLog(@"[HSTSCache] [%@] %@", host, header); +#endif + + NSArray *kvs = [header componentsSeparatedByString:@";"]; + for (NSString *kv in kvs) { + NSArray *kvparts = [kv componentsSeparatedByString:@"="]; + NSString *key, *value; + + key = [kvparts[0] stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceAndNewlineCharacterSet]]; + + if ([kvparts count] > 1) { + value = [[kvparts[1] stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceAndNewlineCharacterSet]] stringByReplacingOccurrencesOfString:@"\"" withString:@""]; + } + + if ([[key lowercaseString] isEqualToString:@"max-age"]) { + long age = [value longLongValue]; + + if (age == 0) { +#ifdef TRACE_HSTS + NSLog(@"[HSTSCache] [%@] got max-age=0, deleting", host); +#endif + /* TODO: if a preloaded entry exists, cache a negative entry */ + [self removeObjectForKey:host]; + return; + } + else { + NSDate *expire = [[NSDate date] dateByAddingTimeInterval:age]; + [params setObject:expire forKey:HSTS_KEY_EXPIRATION]; + } + } + else if ([[key lowercaseString] isEqualToString:@"includesubdomains"]) { + [params setObject:@YES forKey:HSTS_KEY_ALLOW_SUBDOMAINS]; + } + else if ([[key lowercaseString] isEqualToString:@"preload"]) { + /* ignore */ + } + else { +#ifdef TRACE_HSTS + NSLog(@"[HSTSCache] [%@] unknown parameter %@", host, key); +#endif + } + } + + if ([params objectForKey:HSTS_KEY_EXPIRATION]) { + [self setValue:params forKey:host]; + } +} + +/* NSMutableDictionary composition pass-throughs */ + +- (id)objectForKey:(id)aKey +{ + return [[self dict] objectForKey:aKey]; +} + +- (BOOL)writeToFile:(NSString *)path atomically:(BOOL)useAuxiliaryFile +{ + return [[self dict] writeToFile:path atomically:useAuxiliaryFile]; +} + +- (void)setValue:(id)value forKey:(NSString *)key +{ + [[self dict] setValue:value forKey:key]; +} + +- (void)removeObjectForKey:(id)aKey +{ + [[self dict] removeObjectForKey:aKey]; +} + +- (NSArray *)allKeys +{ + return [[self dict] allKeys]; +} + +@end diff --git a/Endless/HTTPSEverywhere.m b/Endless/HTTPSEverywhere.m index 2ff3aa1..200b300 100644 --- a/Endless/HTTPSEverywhere.m +++ b/Endless/HTTPSEverywhere.m @@ -20,9 +20,8 @@ + (NSString *)disabledRulesPath + (NSDictionary *)rules { if (_rules == nil) { - NSFileManager *fm = [NSFileManager defaultManager]; NSString *path = [[NSBundle mainBundle] pathForResource:@"https-everywhere_rules" ofType:@"plist"]; - if (![fm fileExistsAtPath:path]) { + if (![[NSFileManager defaultManager] fileExistsAtPath:path]) { NSLog(@"[HTTPSEverywhere] no rule plist at %@", path); abort(); } @@ -40,9 +39,8 @@ + (NSDictionary *)rules + (NSMutableDictionary *)disabledRules { if (_disabledRules == nil) { - NSFileManager *fm = [NSFileManager defaultManager]; NSString *path = [[self class] disabledRulesPath]; - if ([fm fileExistsAtPath:path]) { + if ([[NSFileManager defaultManager] fileExistsAtPath:path]) { _disabledRules = [NSMutableDictionary dictionaryWithContentsOfFile:path]; #ifdef TRACE_HTTPS_EVERYWHERE diff --git a/Endless/NSString+IPAddress.h b/Endless/NSString+IPAddress.h new file mode 100644 index 0000000..c016daa --- /dev/null +++ b/Endless/NSString+IPAddress.h @@ -0,0 +1,7 @@ +#import + +@interface NSString (IPAddress) + +- (BOOL)isValidIPAddress; + +@end diff --git a/Endless/NSString+IPAddress.m b/Endless/NSString+IPAddress.m new file mode 100644 index 0000000..87ed277 --- /dev/null +++ b/Endless/NSString+IPAddress.m @@ -0,0 +1,22 @@ +#import + +#include + +@implementation NSString (IPAddress) + +- (BOOL)isValidIPAddress +{ + struct in_addr dst; + int success; + const char *utf8 = [self UTF8String]; + + success = inet_pton(AF_INET, utf8, &dst); + if (success != 1) { + struct in6_addr dst6; + success = inet_pton(AF_INET6, utf8, &dst6); + } + + return (success == 1); +} + +@end diff --git a/Endless/Resources/credits.html b/Endless/Resources/credits.html index 4a12a5b..4acdef6 100644 --- a/Endless/Resources/credits.html +++ b/Endless/Resources/credits.html @@ -177,5 +177,22 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +

+

+

+ +
+Chromium Authors (HSTS Preload List)
+
+Copyright 2014 The Chromium Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+* Neither the name of Google Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
diff --git a/Endless/Resources/hsts_preload.plist b/Endless/Resources/hsts_preload.plist new file mode 100644 index 0000000..4c898f5 --- /dev/null +++ b/Endless/Resources/hsts_preload.plist @@ -0,0 +1,7142 @@ + + + + + + 0x0a.net + + include_subdomains + + + 17hats.com + + include_subdomains + + + 18f.gsa.gov + + include_subdomains + + + 1a-diamantscheiben.de + + include_subdomains + + + 1a-vermessung.at + + include_subdomains + + + 1a-werkstattgeraete.de + + include_subdomains + + + 2mdn.net + + include_subdomains + + + accounts.firefox.com + + include_subdomains + + + accounts.google.com + + include_subdomains + + + aclu.org + + include_subdomains + + + activiti.alfresco.com + + include_subdomains + + + adamkostecki.de + + include_subdomains + + + addvocate.com + + include_subdomains + + + admin.google.com + + include_subdomains + + + adsfund.org + + include_subdomains + + + ahoyconference.com + + include_subdomains + + + aie.de + + include_subdomains + + + airbnb.com + + include_subdomains + + + aiticon.com + + include_subdomains + + + aiticon.de + + include_subdomains + + + aladdinschools.appspot.com + + include_subdomains + + + alainwolf.net + + include_subdomains + + + alecvannoten.be + + include_subdomains + + + alexsexton.com + + include_subdomains + + + alexyang.me + + include_subdomains + + + alpha.irccloud.com + + include_subdomains + + + amigogeek.net + + include_subdomains + + + anadoluefessporkulubu.org + + include_subdomains + + + andreasbreitenlohner.de + + include_subdomains + + + android.com + + include_subdomains + + + anetaben.nl + + include_subdomains + + + angularjs.org + + include_subdomains + + + anime.my + + include_subdomains + + + animurecs.com + + include_subdomains + + + ankarakart.com.tr + + include_subdomains + + + annahmeschluss.de + + include_subdomains + + + annevankesteren.com + + include_subdomains + + + annevankesteren.nl + + include_subdomains + + + annevankesteren.org + + include_subdomains + + + ansdell.net + + include_subdomains + + + anycoin.me + + include_subdomains + + + apadvantage.com + + include_subdomains + + + api.intercom.io + + include_subdomains + + + api.lookout.com + + include_subdomains + + + api.mega.co.nz + + include_subdomains + + + api.recurly.com + + include_subdomains + + + api.simple.com + + include_subdomains + + + api.twitter.com + + include_subdomains + + + api.xero.com + + include_subdomains + + + apis.google.com + + include_subdomains + + + apn-einstellungen.de + + include_subdomains + + + app.lookout.com + + include_subdomains + + + app.manilla.com + + include_subdomains + + + app.recurly.com + + include_subdomains + + + app.simpletax.ca + + include_subdomains + + + app.yinxiang.com + + include_subdomains + + + appengine.google.com + + include_subdomains + + + apps.facebook.com + + include_subdomains + + + appseccalifornia.org + + include_subdomains + + + appspot.com + + include_subdomains + + + aprz.de + + include_subdomains + + + archlinux.de + + include_subdomains + + + arendburgers.nl + + include_subdomains + + + arguggi.co.uk + + include_subdomains + + + arivo.com.br + + include_subdomains + + + arlen.io + + include_subdomains + + + at.search.yahoo.com + + include_subdomains + + + atavio.at + + include_subdomains + + + atavio.ch + + include_subdomains + + + atavio.de + + include_subdomains + + + au.search.yahoo.com + + include_subdomains + + + auf-feindgebiet.de + + include_subdomains + + + az.search.yahoo.com + + include_subdomains + + + azabani.com + + include_subdomains + + + azprep.us + + include_subdomains + + + baer.im + + include_subdomains + + + balcan-underground.net + + include_subdomains + + + baldwinkoo.com + + include_subdomains + + + balikonos.cz + + include_subdomains + + + bank.simple.com + + include_subdomains + + + barcodeberlin.com + + include_subdomains + + + barslecht.com + + include_subdomains + + + barslecht.nl + + include_subdomains + + + baruch.me + + include_subdomains + + + bassh.net + + include_subdomains + + + bautied.de + + include_subdomains + + + bayrisch-fuer-anfaenger.de + + include_subdomains + + + bccx.com + + include_subdomains + + + bcrook.com + + include_subdomains + + + be.search.yahoo.com + + include_subdomains + + + beamitapp.com + + include_subdomains + + + beastowner.com + + include_subdomains + + + beastowner.li + + include_subdomains + + + bedeta.de + + include_subdomains + + + bedreid.dk + + include_subdomains + + + beneathvt.com + + include_subdomains + + + benjamins.com + + include_subdomains + + + best-wedding-quotes.com + + include_subdomains + + + betnet.fr + + include_subdomains + + + bgneuesheim.de + + include_subdomains + + + bhatia.at + + include_subdomains + + + bi.search.yahoo.com + + include_subdomains + + + big-andy.co.uk + + include_subdomains + + + bigbrownpromotions.com.au + + include_subdomains + + + bigshinylock.minazo.net + + include_subdomains + + + bitbucket.org + + include_subdomains + + + bitfactory.ws + + include_subdomains + + + bitfarm-archiv.com + + include_subdomains + + + bitfarm-archiv.de + + include_subdomains + + + bitgo.com + + include_subdomains + + + bitmex.com + + include_subdomains + + + bitmon.net + + include_subdomains + + + bjornjohansen.no + + include_subdomains + + + bl4ckb0x.com + + include_subdomains + + + bl4ckb0x.de + + include_subdomains + + + bl4ckb0x.info + + include_subdomains + + + bl4ckb0x.net + + include_subdomains + + + bl4ckb0x.org + + include_subdomains + + + blacklane.com + + include_subdomains + + + blessnet.jp + + include_subdomains + + + blockchain.info + + include_subdomains + + + blocksatz-medien.de + + include_subdomains + + + blog.cyveillance.com + + include_subdomains + + + blog.gparent.org + + include_subdomains + + + blog.linode.com + + include_subdomains + + + blog.lookout.com + + include_subdomains + + + blog.torproject.org + + include_subdomains + + + blubbablasen.de + + include_subdomains + + + bodo-wolff.de + + include_subdomains + + + bohramt.de + + include_subdomains + + + bonigo.de + + include_subdomains + + + bookingapp.nl + + include_subdomains + + + boxcryptor.com + + include_subdomains + + + br.search.yahoo.com + + include_subdomains + + + brage.info + + include_subdomains + + + braintreegateway.com + + include_subdomains + + + braintreepayments.com + + include_subdomains + + + browserid.org + + include_subdomains + + + brunosouza.org + + include_subdomains + + + buddhistische-weisheiten.org + + include_subdomains + + + bugzil.la + + include_subdomains + + + bugzilla.mozilla.org + + include_subdomains + + + bulktrade.de + + include_subdomains + + + business.facebook.com + + include_subdomains + + + business.lookout.com + + include_subdomains + + + business.medbank.com.mt + + include_subdomains + + + business.twitter.com + + include_subdomains + + + buttercoin.com + + include_subdomains + + + buzzconcert.com + + include_subdomains + + + bytepark.de + + include_subdomains + + + ca.gparent.org + + include_subdomains + + + ca.search.yahoo.com + + include_subdomains + + + cackette.com + + include_subdomains + + + calibreapp.com + + include_subdomains + + + call.me + + include_subdomains + + + calyxinstitute.org + + include_subdomains + + + camolist.com + + include_subdomains + + + caremad.io + + include_subdomains + + + carezone.com + + include_subdomains + + + carlolly.co.uk + + include_subdomains + + + cartouche24.eu + + include_subdomains + + + cartucce24.it + + include_subdomains + + + cd.search.yahoo.com + + include_subdomains + + + cdnb.co + + include_subdomains + + + celltek-server.de + + include_subdomains + + + cert.se + + include_subdomains + + + certible.com + + include_subdomains + + + certly.io + + include_subdomains + + + cg.search.yahoo.com + + include_subdomains + + + ch.search.yahoo.com + + include_subdomains + + + chahub.com + + include_subdomains + + + chainmonitor.com + + include_subdomains + + + chart.apis.google.com + + include_subdomains + + + chatbot.me + + include_subdomains + + + check.torproject.org + + include_subdomains + + + checkout.google.com + + include_subdomains + + + chfr.search.yahoo.com + + include_subdomains + + + chit.search.yahoo.com + + include_subdomains + + + chontalpa.pw + + include_subdomains + + + chrisjean.com + + include_subdomains + + + chrome-devtools-frontend.appspot.com + + include_subdomains + + + chrome.google.com + + include_subdomains + + + chromiumcodereview.appspot.com + + include_subdomains + + + chulado.com + + include_subdomains + + + cimballa.com + + include_subdomains + + + cktennis.com + + include_subdomains + + + cl.search.yahoo.com + + include_subdomains + + + clapping-rhymes.com + + include_subdomains + + + clerkendweller.uk + + include_subdomains + + + clintwilson.technology + + include_subdomains + + + cloud.google.com + + include_subdomains + + + cloudcert.org + + include_subdomains + + + cloudns.com.au + + include_subdomains + + + cloudsecurityalliance.org + + include_subdomains + + + cloudstoragemaus.com + + include_subdomains + + + cloudup.com + + include_subdomains + + + cn.search.yahoo.com + + include_subdomains + + + co.search.yahoo.com + + include_subdomains + + + code-poets.co.uk + + include_subdomains + + + code.facebook.com + + include_subdomains + + + code.google.com + + include_subdomains + + + codepref.com + + include_subdomains + + + codereview.appspot.com + + include_subdomains + + + codereview.chromium.org + + include_subdomains + + + coffeeetc.co.uk + + include_subdomains + + + coinapult.com + + include_subdomains + + + comdurav.com + + include_subdomains + + + comssa.org.au + + include_subdomains + + + config.schokokeks.org + + include_subdomains + + + conformal.com + + include_subdomains + + + conrad-kostecki.de + + include_subdomains + + + console.python.org + + include_subdomains + + + controlcenter.gigahost.dk + + include_subdomains + + + cor-ser.es + + include_subdomains + + + cotonea.de + + include_subdomains + + + coursella.com + + include_subdomains + + + cr.search.yahoo.com + + include_subdomains + + + crate.io + + include_subdomains + + + crbug.com + + include_subdomains + + + crm.onlime.ch + + include_subdomains + + + crowdcurity.com + + include_subdomains + + + crowdjuris.com + + include_subdomains + + + crypto.cat + + include_subdomains + + + crypto.is + + include_subdomains + + + cryptopartyatx.org + + include_subdomains + + + csawctf.poly.edu + + include_subdomains + + + cspbuilder.info + + include_subdomains + + + ct.search.yahoo.com + + include_subdomains + + + cube.de + + include_subdomains + + + cujanovic.com + + include_subdomains + + + cupcake.io + + include_subdomains + + + cupcake.is + + include_subdomains + + + curlybracket.co.uk + + include_subdomains + + + cyanogenmod.xxx + + include_subdomains + + + cybershambles.com + + include_subdomains + + + cybozu.com + + include_subdomains + + + cyon.ch + + include_subdomains + + + cyphertite.com + + include_subdomains + + + czbix.com + + include_subdomains + + + daphne.informatik.uni-freiburg.de + + include_subdomains + + + darchoods.net + + include_subdomains + + + data-abundance.com + + include_subdomains + + + data.qld.gov.au + + include_subdomains + + + datenkeks.de + + include_subdomains + + + davidlyness.com + + include_subdomains + + + daylightcompany.com + + include_subdomains + + + de.search.yahoo.com + + include_subdomains + + + deadbeef.ninja + + include_subdomains + + + dealcruiser.nl + + include_subdomains + + + debtkit.co.uk + + include_subdomains + + + decibelios.li + + include_subdomains + + + dedimax.de + + include_subdomains + + + dee.pe + + include_subdomains + + + denh.am + + include_subdomains + + + depechemode-live.com + + include_subdomains + + + derevtsov.com + + include_subdomains + + + derhil.de + + include_subdomains + + + destinationbijoux.fr + + include_subdomains + + + detectify.com + + include_subdomains + + + dev.twitter.com + + include_subdomains + + + developer.mydigipass.com + + include_subdomains + + + developers.facebook.com + + include_subdomains + + + devh.de + + include_subdomains + + + diamante.ro + + include_subdomains + + + die-besten-weisheiten.de + + include_subdomains + + + digitaldaddy.net + + include_subdomains + + + dillonkorman.com + + include_subdomains + + + dinamoelektrik.com + + include_subdomains + + + discovery.lookout.com + + include_subdomains + + + dist.torproject.org + + include_subdomains + + + dk.search.yahoo.com + + include_subdomains + + + dl.google.com + + include_subdomains + + + dlc.viasinc.com + + include_subdomains + + + dm.lookout.com + + include_subdomains + + + do.search.yahoo.com + + include_subdomains + + + doc.python.org + + include_subdomains + + + docs.google.com + + include_subdomains + + + docs.python.org + + include_subdomains + + + domains.google.com + + include_subdomains + + + domaris.de + + include_subdomains + + + donmez.ws + + include_subdomains + + + doubleclick.net + + include_subdomains + + + download.jitsi.org + + include_subdomains + + + drive.google.com + + include_subdomains + + + dropbox.com + + include_subdomains + + + dropcam.com + + include_subdomains + + + dzlibs.io + + include_subdomains + + + easysimplecrm.com + + include_subdomains + + + ebanking.indovinabank.com.vn + + include_subdomains + + + ecdn.cz + + include_subdomains + + + ecosystem.atlassian.net + + include_subdomains + + + ed.gs + + include_subdomains + + + edit.yahoo.com + + include_subdomains + + + edmodo.com + + include_subdomains + + + edyou.eu + + include_subdomains + + + ef.gy + + include_subdomains + + + eff.org + + include_subdomains + + + electronic-ignition-system.com + + include_subdomains + + + elnutricionista.es + + include_subdomains + + + email.lookout.com + + include_subdomains + + + emailprivacytester.com + + include_subdomains + + + en-maktoob.search.yahoo.com + + include_subdomains + + + encircleapp.com + + include_subdomains + + + encryptallthethings.net + + include_subdomains + + + encrypted.google.com + + include_subdomains + + + energy-drink-magazin.de + + include_subdomains + + + enorekcah.com + + include_subdomains + + + entropia.de + + include_subdomains + + + epoxate.com + + include_subdomains + + + errors.zenpayroll.com + + include_subdomains + + + es.search.yahoo.com + + include_subdomains + + + esec.rs + + include_subdomains + + + espanol.search.yahoo.com + + include_subdomains + + + espra.com + + include_subdomains + + + ethack.org + + include_subdomains + + + ethitter.com + + include_subdomains + + + etsysecure.com + + include_subdomains + + + eurotramp.com + + include_subdomains + + + everhome.de + + include_subdomains + + + evstatus.com + + include_subdomains + + + exiahost.com + + include_subdomains + + + explodie.org + + include_subdomains + + + f-droid.org + + include_subdomains + + + fabhub.io + + include_subdomains + + + fabianfischer.de + + include_subdomains + + + facebook.com + + include_subdomains + + + factor.cc + + include_subdomains + + + fairbill.com + + include_subdomains + + + fakturoid.cz + + include_subdomains + + + fant.dk + + include_subdomains + + + faq.lookout.com + + include_subdomains + + + fastcomcorp.net + + include_subdomains + + + fatzebra.com.au + + include_subdomains + + + fedorapeople.org + + include_subdomains + + + feedbin.com + + include_subdomains + + + ferienhaus-polchow-ruegen.de + + include_subdomains + + + fi.search.yahoo.com + + include_subdomains + + + fiken.no + + include_subdomains + + + filedir.com + + include_subdomains + + + finn.io + + include_subdomains + + + firemail.io + + include_subdomains + + + fischer-its.com + + include_subdomains + + + fixingdns.com + + include_subdomains + + + fj.search.yahoo.com + + include_subdomains + + + fj.simple.com + + include_subdomains + + + flamer-scene.com + + include_subdomains + + + fleximus.org + + include_subdomains + + + floobits.com + + include_subdomains + + + flynn.io + + include_subdomains + + + fm83.nl + + include_subdomains + + + forewordreviews.com + + include_subdomains + + + forodeespanol.com + + include_subdomains + + + forum.linode.com + + include_subdomains + + + fr.search.yahoo.com + + include_subdomains + + + fralef.me + + include_subdomains + + + frederik-braun.com + + include_subdomains + + + freenetproject.org + + include_subdomains + + + freeshell.de + + include_subdomains + + + freethought.org.au + + include_subdomains + + + fronteers.nl + + include_subdomains + + + fundingempire.com + + include_subdomains + + + futos.de + + include_subdomains + + + g.co + + include_subdomains + + + gamercredo.com + + include_subdomains + + + gamesdepartment.co.uk + + include_subdomains + + + garron.net + + include_subdomains + + + gemeinfreie-lieder.de + + include_subdomains + + + gerardozamudio.mx + + include_subdomains + + + gernert-server.de + + include_subdomains + + + get.zenpayroll.com + + include_subdomains + + + getcloak.com + + include_subdomains + + + getdigitized.net + + include_subdomains + + + getlantern.org + + include_subdomains + + + getssl.uz + + include_subdomains + + + giacomopelagatti.it + + include_subdomains + + + github.com + + include_subdomains + + + gizzo.sk + + include_subdomains + + + gl.search.yahoo.com + + include_subdomains + + + glass.google.com + + include_subdomains + + + globuli-info.de + + include_subdomains + + + glossopnorthendafc.co.uk + + include_subdomains + + + gm.search.yahoo.com + + include_subdomains + + + gmail.com + + include_subdomains + + + gmantra.org + + include_subdomains + + + gmcd.co + + include_subdomains + + + go.xero.com + + include_subdomains + + + gocardless.com + + include_subdomains + + + golf-6.com + + include_subdomains + + + golf3.de + + include_subdomains + + + golf4.de + + include_subdomains + + + goo.gl + + include_subdomains + + + google-analytics.com + + include_subdomains + + + google.ac + + include_subdomains + + + google.ad + + include_subdomains + + + google.ae + + include_subdomains + + + google.af + + include_subdomains + + + google.ag + + include_subdomains + + + google.am + + include_subdomains + + + google.as + + include_subdomains + + + google.at + + include_subdomains + + + google.az + + include_subdomains + + + google.ba + + include_subdomains + + + google.be + + include_subdomains + + + google.bf + + include_subdomains + + + google.bg + + include_subdomains + + + google.bi + + include_subdomains + + + google.bj + + include_subdomains + + + google.bs + + include_subdomains + + + google.by + + include_subdomains + + + google.ca + + include_subdomains + + + google.cat + + include_subdomains + + + google.cc + + include_subdomains + + + google.cd + + include_subdomains + + + google.cf + + include_subdomains + + + google.cg + + include_subdomains + + + google.ch + + include_subdomains + + + google.ci + + include_subdomains + + + google.cl + + include_subdomains + + + google.cm + + include_subdomains + + + google.cn + + include_subdomains + + + google.co.ao + + include_subdomains + + + google.co.bw + + include_subdomains + + + google.co.ck + + include_subdomains + + + google.co.cr + + include_subdomains + + + google.co.hu + + include_subdomains + + + google.co.id + + include_subdomains + + + google.co.il + + include_subdomains + + + google.co.im + + include_subdomains + + + google.co.in + + include_subdomains + + + google.co.je + + include_subdomains + + + google.co.jp + + include_subdomains + + + google.co.ke + + include_subdomains + + + google.co.kr + + include_subdomains + + + google.co.ls + + include_subdomains + + + google.co.ma + + include_subdomains + + + google.co.mz + + include_subdomains + + + google.co.nz + + include_subdomains + + + google.co.th + + include_subdomains + + + google.co.tz + + include_subdomains + + + google.co.ug + + include_subdomains + + + google.co.uk + + include_subdomains + + + google.co.uz + + include_subdomains + + + google.co.ve + + include_subdomains + + + google.co.vi + + include_subdomains + + + google.co.za + + include_subdomains + + + google.co.zm + + include_subdomains + + + google.co.zw + + include_subdomains + + + google.com + + include_subdomains + + + google.com.af + + include_subdomains + + + google.com.ag + + include_subdomains + + + google.com.ai + + include_subdomains + + + google.com.ar + + include_subdomains + + + google.com.au + + include_subdomains + + + google.com.bd + + include_subdomains + + + google.com.bh + + include_subdomains + + + google.com.bn + + include_subdomains + + + google.com.bo + + include_subdomains + + + google.com.br + + include_subdomains + + + google.com.by + + include_subdomains + + + google.com.bz + + include_subdomains + + + google.com.cn + + include_subdomains + + + google.com.co + + include_subdomains + + + google.com.cu + + include_subdomains + + + google.com.cy + + include_subdomains + + + google.com.do + + include_subdomains + + + google.com.ec + + include_subdomains + + + google.com.eg + + include_subdomains + + + google.com.et + + include_subdomains + + + google.com.fj + + include_subdomains + + + google.com.ge + + include_subdomains + + + google.com.gh + + include_subdomains + + + google.com.gi + + include_subdomains + + + google.com.gr + + include_subdomains + + + google.com.gt + + include_subdomains + + + google.com.hk + + include_subdomains + + + google.com.iq + + include_subdomains + + + google.com.jm + + include_subdomains + + + google.com.jo + + include_subdomains + + + google.com.kh + + include_subdomains + + + google.com.kw + + include_subdomains + + + google.com.lb + + include_subdomains + + + google.com.ly + + include_subdomains + + + google.com.mt + + include_subdomains + + + google.com.mx + + include_subdomains + + + google.com.my + + include_subdomains + + + google.com.na + + include_subdomains + + + google.com.nf + + include_subdomains + + + google.com.ng + + include_subdomains + + + google.com.ni + + include_subdomains + + + google.com.np + + include_subdomains + + + google.com.nr + + include_subdomains + + + google.com.om + + include_subdomains + + + google.com.pa + + include_subdomains + + + google.com.pe + + include_subdomains + + + google.com.ph + + include_subdomains + + + google.com.pk + + include_subdomains + + + google.com.pl + + include_subdomains + + + google.com.pr + + include_subdomains + + + google.com.py + + include_subdomains + + + google.com.qa + + include_subdomains + + + google.com.ru + + include_subdomains + + + google.com.sa + + include_subdomains + + + google.com.sb + + include_subdomains + + + google.com.sg + + include_subdomains + + + google.com.sl + + include_subdomains + + + google.com.sv + + include_subdomains + + + google.com.tj + + include_subdomains + + + google.com.tn + + include_subdomains + + + google.com.tr + + include_subdomains + + + google.com.tw + + include_subdomains + + + google.com.ua + + include_subdomains + + + google.com.uy + + include_subdomains + + + google.com.vc + + include_subdomains + + + google.com.ve + + include_subdomains + + + google.com.vn + + include_subdomains + + + google.cv + + include_subdomains + + + google.cz + + include_subdomains + + + google.de + + include_subdomains + + + google.dj + + include_subdomains + + + google.dk + + include_subdomains + + + google.dm + + include_subdomains + + + google.dz + + include_subdomains + + + google.ee + + include_subdomains + + + google.es + + include_subdomains + + + google.fi + + include_subdomains + + + google.fm + + include_subdomains + + + google.fr + + include_subdomains + + + google.ga + + include_subdomains + + + google.ge + + include_subdomains + + + google.gg + + include_subdomains + + + google.gl + + include_subdomains + + + google.gm + + include_subdomains + + + google.gp + + include_subdomains + + + google.gr + + include_subdomains + + + google.gy + + include_subdomains + + + google.hk + + include_subdomains + + + google.hn + + include_subdomains + + + google.hr + + include_subdomains + + + google.ht + + include_subdomains + + + google.hu + + include_subdomains + + + google.ie + + include_subdomains + + + google.im + + include_subdomains + + + google.info + + include_subdomains + + + google.iq + + include_subdomains + + + google.is + + include_subdomains + + + google.it + + include_subdomains + + + google.it.ao + + include_subdomains + + + google.je + + include_subdomains + + + google.jo + + include_subdomains + + + google.jobs + + include_subdomains + + + google.jp + + include_subdomains + + + google.kg + + include_subdomains + + + google.ki + + include_subdomains + + + google.kz + + include_subdomains + + + google.la + + include_subdomains + + + google.li + + include_subdomains + + + google.lk + + include_subdomains + + + google.lt + + include_subdomains + + + google.lu + + include_subdomains + + + google.lv + + include_subdomains + + + google.md + + include_subdomains + + + google.me + + include_subdomains + + + google.mg + + include_subdomains + + + google.mk + + include_subdomains + + + google.ml + + include_subdomains + + + google.mn + + include_subdomains + + + google.ms + + include_subdomains + + + google.mu + + include_subdomains + + + google.mv + + include_subdomains + + + google.mw + + include_subdomains + + + google.ne + + include_subdomains + + + google.ne.jp + + include_subdomains + + + google.net + + include_subdomains + + + google.nl + + include_subdomains + + + google.no + + include_subdomains + + + google.nr + + include_subdomains + + + google.nu + + include_subdomains + + + google.off.ai + + include_subdomains + + + google.pk + + include_subdomains + + + google.pl + + include_subdomains + + + google.pn + + include_subdomains + + + google.ps + + include_subdomains + + + google.pt + + include_subdomains + + + google.ro + + include_subdomains + + + google.rs + + include_subdomains + + + google.ru + + include_subdomains + + + google.rw + + include_subdomains + + + google.sc + + include_subdomains + + + google.se + + include_subdomains + + + google.sh + + include_subdomains + + + google.si + + include_subdomains + + + google.sk + + include_subdomains + + + google.sm + + include_subdomains + + + google.sn + + include_subdomains + + + google.so + + include_subdomains + + + google.st + + include_subdomains + + + google.td + + include_subdomains + + + google.tg + + include_subdomains + + + google.tk + + include_subdomains + + + google.tl + + include_subdomains + + + google.tm + + include_subdomains + + + google.tn + + include_subdomains + + + google.to + + include_subdomains + + + google.tt + + include_subdomains + + + google.us + + include_subdomains + + + google.uz + + include_subdomains + + + google.vg + + include_subdomains + + + google.vu + + include_subdomains + + + google.ws + + include_subdomains + + + googleadservices.com + + include_subdomains + + + googleapis.com + + include_subdomains + + + googlecode.com + + include_subdomains + + + googlecommerce.com + + include_subdomains + + + googlegroups.com + + include_subdomains + + + googlemail.com + + include_subdomains + + + googleplex.com + + include_subdomains + + + googlesyndication.com + + include_subdomains + + + googletagmanager.com + + include_subdomains + + + googletagservices.com + + include_subdomains + + + googleusercontent.com + + include_subdomains + + + goto.google.com + + include_subdomains + + + gparent.org + + include_subdomains + + + gplintegratedit.com + + include_subdomains + + + gr.search.yahoo.com + + include_subdomains + + + grandmascookieblog.com + + include_subdomains + + + grc.com + + include_subdomains + + + greensolid.biz + + include_subdomains + + + greplin.com + + include_subdomains + + + grepular.com + + include_subdomains + + + groups.google.com + + include_subdomains + + + gstatic.com + + include_subdomains + + + gtraxapp.com + + include_subdomains + + + gunnarhafdal.com + + include_subdomains + + + guphi.net + + include_subdomains + + + guthabenkarten-billiger.de + + include_subdomains + + + hack.li + + include_subdomains + + + hackerone-user-content.com + + include_subdomains + + + hackerone.com + + include_subdomains + + + hansvaneijsden.com + + include_subdomains + + + harvestapp.com + + include_subdomains + + + hasilocke.de + + include_subdomains + + + haste.ch + + include_subdomains + + + haufschild.de + + include_subdomains + + + hausverbrauch.de + + include_subdomains + + + heha.co + + include_subdomains + + + heid.ws + + include_subdomains + + + heijblok.com + + include_subdomains + + + helichat.de + + include_subdomains + + + help.simpletax.ca + + include_subdomains + + + helpium.de + + include_subdomains + + + henriknoerr.com + + include_subdomains + + + hex2013.com + + include_subdomains + + + hexony.com + + include_subdomains + + + hg.python.org + + include_subdomains + + + history.google.com + + include_subdomains + + + hk.search.yahoo.com + + include_subdomains + + + hn.search.yahoo.com + + include_subdomains + + + hoerbuecher-und-hoerspiele.de + + include_subdomains + + + honeybadger.io + + include_subdomains + + + honeytracks.com + + include_subdomains + + + horosho.in + + include_subdomains + + + horseboners.xxx + + include_subdomains + + + horza.org + + include_subdomains + + + hostedtalkgadget.google.com + + include_subdomains + + + hostinginnederland.nl + + include_subdomains + + + hostix.de + + include_subdomains + + + howrandom.org + + include_subdomains + + + howsmyssl.com + + include_subdomains + + + howsmytls.com + + include_subdomains + + + hpac-portal.com + + include_subdomains + + + hrackydomino.cz + + include_subdomains + + + hsmr.cc + + include_subdomains + + + hstspreload.appspot.com + + include_subdomains + + + html5.org + + include_subdomains + + + hu.search.yahoo.com + + include_subdomains + + + iamcarrico.com + + include_subdomains + + + ian.sh + + include_subdomains + + + iban.is + + include_subdomains + + + id-co.in + + include_subdomains + + + id.atlassian.com + + include_subdomains + + + id.mayfirst.org + + include_subdomains + + + id.search.yahoo.com + + include_subdomains + + + ideaweb.de + + include_subdomains + + + ie.search.yahoo.com + + include_subdomains + + + ihrlotto.de + + include_subdomains + + + ilikerainbows.co.uk + + include_subdomains + + + ilmconpm.de + + include_subdomains + + + imaginary.ca + + include_subdomains + + + imouto.my + + include_subdomains + + + in.search.yahoo.com + + include_subdomains + + + in.xero.com + + include_subdomains + + + inb4.us + + include_subdomains + + + inbox.google.com + + include_subdomains + + + inertianetworks.com + + include_subdomains + + + inkbunny.net + + include_subdomains + + + inleaked.com + + include_subdomains + + + insouciant.org + + include_subdomains + + + instasex.ch + + include_subdomains + + + intercom.io + + include_subdomains + + + iop.intuit.com + + include_subdomains + + + irccloud.com + + include_subdomains + + + irische-segenswuensche.info + + include_subdomains + + + ironfistdesign.com + + include_subdomains + + + isitchristmas.com + + include_subdomains + + + it-schwerin.de + + include_subdomains + + + it.search.yahoo.com + + include_subdomains + + + itriskltd.com + + include_subdomains + + + itsamurai.ru + + include_subdomains + + + itshost.ru + + include_subdomains + + + jackyyf.com + + include_subdomains + + + jakub-boucek.cz + + include_subdomains + + + janoberst.com + + include_subdomains + + + janus-engineering.de + + include_subdomains + + + jelmer.co.uk + + include_subdomains + + + jelmer.uk + + include_subdomains + + + jfreitag.de + + include_subdomains + + + jitsi.org + + include_subdomains + + + jmedved.com + + include_subdomains + + + jonas-keidel.de + + include_subdomains + + + jonaswitmer.ch + + include_subdomains + + + jonnybarnes.uk + + include_subdomains + + + jottit.com + + include_subdomains + + + julian-kipka.de + + include_subdomains + + + jwilsson.com + + include_subdomains + + + jwilsson.me + + include_subdomains + + + k-dev.de + + include_subdomains + + + kaheim.de + + include_subdomains + + + kardize24.pl + + include_subdomains + + + kartonmodellbau.org + + include_subdomains + + + kdex.de + + include_subdomains + + + keepclean.me + + include_subdomains + + + keeperapp.com + + include_subdomains + + + keepersecurity.com + + include_subdomains + + + kernel-error.de + + include_subdomains + + + kevincox.ca + + include_subdomains + + + keycdn.com + + include_subdomains + + + keyerror.com + + include_subdomains + + + keymaster.lookout.com + + include_subdomains + + + khanovaskola.cz + + include_subdomains + + + khmath.com + + include_subdomains + + + ki-on.net + + include_subdomains + + + kinderbuecher-kostenlos.de + + include_subdomains + + + kingmanhall.org + + include_subdomains + + + kinogb.net + + include_subdomains + + + kinsights.com + + include_subdomains + + + kitsta.com + + include_subdomains + + + kiwiirc.com + + include_subdomains + + + klatschreime.de + + include_subdomains + + + klausbrinch.dk + + include_subdomains + + + klaxn.com + + include_subdomains + + + klaxn.org + + include_subdomains + + + kleidertauschpartys.de + + include_subdomains + + + knowledgehook.com + + include_subdomains + + + koenvdheuvel.me + + include_subdomains + + + komandakovalchuk.com + + include_subdomains + + + konklone.com + + include_subdomains + + + koop-bremen.de + + include_subdomains + + + koordinate.net + + include_subdomains + + + kosho.org + + include_subdomains + + + kpebetka.net + + include_subdomains + + + kr.search.yahoo.com + + include_subdomains + + + kraken.io + + include_subdomains + + + kryptera.se + + include_subdomains + + + kura.io + + include_subdomains + + + kz.search.yahoo.com + + include_subdomains + + + labina.com.tr + + include_subdomains + + + lagerauftrag.info + + include_subdomains + + + lasst-uns-beten.de + + include_subdomains + + + lastpass.com + + include_subdomains + + + launchkey.com + + include_subdomains + + + lavalite.de + + include_subdomains + + + lb-toner.de + + include_subdomains + + + leadbook.ru + + include_subdomains + + + learn.doubleclick.net + + include_subdomains + + + ledgerscope.net + + include_subdomains + + + leonardcamacho.me + + include_subdomains + + + li.search.yahoo.com + + include_subdomains + + + liberty.lavabit.com + + include_subdomains + + + library.linode.com + + include_subdomains + + + liebel.org + + include_subdomains + + + lifeguard.aecom.com + + include_subdomains + + + lighting-centres.co.uk + + include_subdomains + + + lilpwny.com + + include_subdomains + + + limpid.nl + + include_subdomains + + + lingolia.com + + include_subdomains + + + linode.com + + include_subdomains + + + linx.net + + include_subdomains + + + lists.mayfirst.org + + include_subdomains + + + ljs.io + + include_subdomains + + + lockify.com + + include_subdomains + + + lodash.com + + include_subdomains + + + loenshotel.de + + include_subdomains + + + loftboard.eu + + include_subdomains + + + logentries.com + + include_subdomains + + + login.corp.google.com + + include_subdomains + + + login.launchpad.net + + include_subdomains + + + login.persona.org + + include_subdomains + + + login.sapo.pt + + include_subdomains + + + login.ubuntu.com + + include_subdomains + + + login.xero.com + + include_subdomains + + + login.yahoo.com + + include_subdomains + + + logotype.se + + include_subdomains + + + lolicore.ch + + include_subdomains + + + lookout.com + + include_subdomains + + + lovelycorral.com + + include_subdomains + + + lt.search.yahoo.com + + include_subdomains + + + lu.search.yahoo.com + + include_subdomains + + + ludwig.im + + include_subdomains + + + lukonet.com + + include_subdomains + + + lumi.do + + include_subdomains + + + luneta.nearbuysystems.com + + include_subdomains + + + luxus-russen.de + + include_subdomains + + + lv.search.yahoo.com + + include_subdomains + + + m.facebook.com + + include_subdomains + + + m.gparent.org + + include_subdomains + + + mach-politik.ch + + include_subdomains + + + mail.de + + include_subdomains + + + mail.google.com + + include_subdomains + + + mail.yahoo.com + + include_subdomains + + + mailbox.org + + include_subdomains + + + makeyourlaws.org + + include_subdomains + + + maktoob.search.yahoo.com + + include_subdomains + + + malaysia.search.yahoo.com + + include_subdomains + + + malnex.de + + include_subdomains + + + man3s.jp + + include_subdomains + + + manage.zenpayroll.com + + include_subdomains + + + manageprojects.com + + include_subdomains + + + manager.linode.com + + include_subdomains + + + mandala-ausmalbilder.de + + include_subdomains + + + market.android.com + + include_subdomains + + + markusueberallassetmanagement.de + + include_subdomains + + + marshut.net + + include_subdomains + + + matatall.com + + include_subdomains + + + mathiasbynens.be + + include_subdomains + + + matteomarescotti.it + + include_subdomains + + + mattmccutchen.net + + include_subdomains + + + mbasic.facebook.com + + include_subdomains + + + mbp.banking.co.at + + include_subdomains + + + md5file.com + + include_subdomains + + + mdfnet.se + + include_subdomains + + + meamod.com + + include_subdomains + + + mediacru.sh + + include_subdomains + + + medium.com + + include_subdomains + + + meetfinch.com + + include_subdomains + + + mega.co.nz + + include_subdomains + + + megashur.se + + include_subdomains + + + megaxchange.com + + include_subdomains + + + meinebo.it + + include_subdomains + + + members.mayfirst.org + + include_subdomains + + + members.nearlyfreespeech.net + + include_subdomains + + + mf.cz + + include_subdomains + + + miasarafina.de + + include_subdomains + + + michalspacek.cz + + include_subdomains + + + mig5.net + + include_subdomains + + + mike-bland.com + + include_subdomains + + + mikewest.org + + include_subdomains + + + miku.hatsune.my + + include_subdomains + + + minez-nightswatch.com + + include_subdomains + + + minikneet.com + + include_subdomains + + + minikneet.nl + + include_subdomains + + + minnesotadata.com + + include_subdomains + + + mirindadomo.ru + + include_subdomains + + + mirrorx.com + + include_subdomains + + + miskatonic.org + + include_subdomains + + + mkcert.org + + include_subdomains + + + mnsure.org + + include_subdomains + + + mobile.twitter.com + + include_subdomains + + + mobile.usaa.com + + include_subdomains + + + mobilethreat.net + + include_subdomains + + + mobilethreatnetwork.net + + include_subdomains + + + mocloud.eu + + include_subdomains + + + mondwandler.de + + include_subdomains + + + moriz.de + + include_subdomains + + + mothereff.in + + include_subdomains + + + mountainmusicpromotions.com + + include_subdomains + + + mountainroseherbs.com + + include_subdomains + + + movelaria.com.br + + include_subdomains + + + movlib.org + + include_subdomains + + + mqas.net + + include_subdomains + + + msc-seereisen.net + + include_subdomains + + + mt.search.yahoo.com + + include_subdomains + + + mths.be + + include_subdomains + + + mtouch.facebook.com + + include_subdomains + + + mu.search.yahoo.com + + include_subdomains + + + mudcrab.us + + include_subdomains + + + munich-rage.de + + include_subdomains + + + musicgamegalaxy.de + + include_subdomains + + + mutantmonkey.in + + include_subdomains + + + mutantmonkey.info + + include_subdomains + + + mutantmonkey.sexy + + include_subdomains + + + mw.search.yahoo.com + + include_subdomains + + + mwe.st + + include_subdomains + + + mx.search.yahoo.com + + include_subdomains + + + my.alfresco.com + + include_subdomains + + + my.onlime.ch + + include_subdomains + + + my.usa.gov + + include_subdomains + + + my.xero.com + + include_subdomains + + + mydigipass.com + + include_subdomains + + + mygadgetguardian.lookout.com + + include_subdomains + + + mykolab.com + + include_subdomains + + + mykreuzfahrt.de + + include_subdomains + + + mylookout.com + + include_subdomains + + + myni.io + + include_subdomains + + + mynigma.org + + include_subdomains + + + myplaceonline.com + + include_subdomains + + + myvirtualserver.com + + include_subdomains + + + nachsenden.info + + include_subdomains + + + nameid.org + + include_subdomains + + + nectarleaf.com + + include_subdomains + + + neftaly.com + + include_subdomains + + + neg9.org + + include_subdomains + + + neilwynne.com + + include_subdomains + + + neonisi.com + + include_subdomains + + + net-safe.info + + include_subdomains + + + netzbit.de + + include_subdomains + + + netzpolitik.org + + include_subdomains + + + newstarnootropics.com + + include_subdomains + + + nexth.de + + include_subdomains + + + nexth.net + + include_subdomains + + + nexth.us + + include_subdomains + + + ng-security.com + + include_subdomains + + + nginxnudes.com + + include_subdomains + + + ni.search.yahoo.com + + include_subdomains + + + nl.search.yahoo.com + + include_subdomains + + + nmctest.net + + include_subdomains + + + no.search.yahoo.com + + include_subdomains + + + noexpect.org + + include_subdomains + + + nos-oignons.net + + include_subdomains + + + nouvelle-vague-saint-cast.fr + + include_subdomains + + + np.search.yahoo.com + + include_subdomains + + + npw.net + + include_subdomains + + + nu3.at + + include_subdomains + + + nu3.ch + + include_subdomains + + + nu3.co.uk + + include_subdomains + + + nu3.com + + include_subdomains + + + nu3.de + + include_subdomains + + + nu3.dk + + include_subdomains + + + nu3.fi + + include_subdomains + + + nu3.fr + + include_subdomains + + + nu3.no + + include_subdomains + + + nu3.se + + include_subdomains + + + nz.search.yahoo.com + + include_subdomains + + + oakslighting.co.uk + + include_subdomains + + + oauth.twitter.com + + include_subdomains + + + okmx.de + + include_subdomains + + + omitech.co.uk + + include_subdomains + + + onedot.nl + + include_subdomains + + + onedrive.com + + include_subdomains + + + onedrive.live.com + + include_subdomains + + + onsitemassageco.com + + include_subdomains + + + opendesk.cc + + include_subdomains + + + openshift.redhat.com + + include_subdomains + + + oplop.appspot.com + + include_subdomains + + + opsmate.com + + include_subdomains + + + optimus.io + + include_subdomains + + + orbograph-hrcm.com + + include_subdomains + + + oscarvk.ch + + include_subdomains + + + osterkraenzchen.de + + include_subdomains + + + otakurepublic.com + + include_subdomains + + + otakuworld.de + + include_subdomains + + + ottospora.nl + + include_subdomains + + + ovenapp.io + + include_subdomains + + + oversight.io + + include_subdomains + + + p.linode.com + + include_subdomains + + + pa.search.yahoo.com + + include_subdomains + + + packagist.org + + include_subdomains + + + pajonzeck.de + + include_subdomains + + + palava.tv + + include_subdomains + + + parent5446.us + + include_subdomains + + + partyvan.eu + + include_subdomains + + + partyvan.it + + include_subdomains + + + partyvan.nl + + include_subdomains + + + partyvan.se + + include_subdomains + + + passport.yandex.by + + include_subdomains + + + passport.yandex.com + + include_subdomains + + + passport.yandex.com.tr + + include_subdomains + + + passport.yandex.kz + + include_subdomains + + + passport.yandex.ru + + include_subdomains + + + passport.yandex.ua + + include_subdomains + + + passwd.io + + include_subdomains + + + password.codes + + include_subdomains + + + passwordbox.com + + include_subdomains + + + passwords.google.com + + include_subdomains + + + paste.linode.com + + include_subdomains + + + pastebin.linode.com + + include_subdomains + + + patt.us + + include_subdomains + + + pay.gigahost.dk + + include_subdomains + + + paymill.com + + include_subdomains + + + paymill.de + + include_subdomains + + + paypal.com + + include_subdomains + + + payroll.xero.com + + include_subdomains + + + pdf.yt + + include_subdomains + + + pe.search.yahoo.com + + include_subdomains + + + peercraft.com + + include_subdomains + + + pentesterlab.com + + include_subdomains + + + pestici.de + + include_subdomains + + + petrolplus.ru + + include_subdomains + + + ph.search.yahoo.com + + include_subdomains + + + phoenixlogan.com + + include_subdomains + + + picksin.club + + include_subdomains + + + pierre-schmitz.com + + include_subdomains + + + pinningtest.appspot.com + + include_subdomains + + + piratenlogin.de + + include_subdomains + + + pisidia.de + + include_subdomains + + + pixel.facebook.com + + include_subdomains + + + pixi.me + + include_subdomains + + + pk.search.yahoo.com + + include_subdomains + + + pl.search.yahoo.com + + include_subdomains + + + platform.lookout.com + + include_subdomains + + + platform.twitter.com + + include_subdomains + + + play.google.com + + include_subdomains + + + plothost.com + + include_subdomains + + + plus.google.com + + include_subdomains + + + plus.sandbox.google.com + + include_subdomains + + + portal.tirol.gv.at + + include_subdomains + + + posteo.de + + include_subdomains + + + powerplannerapp.com + + include_subdomains + + + pr.search.yahoo.com + + include_subdomains + + + prakharprasad.com + + include_subdomains + + + prefontaine.name + + include_subdomains + + + pressfreedomfoundation.org + + include_subdomains + + + prodpad.com + + include_subdomains + + + profiles.google.com + + include_subdomains + + + projektzentrisch.de + + include_subdomains + + + promecon-gmbh.de + + include_subdomains + + + propagandism.org + + include_subdomains + + + prowhisky.de + + include_subdomains + + + proximato.com + + include_subdomains + + + pubkey.is + + include_subdomains + + + publications.qld.gov.au + + include_subdomains + + + pult.co + + include_subdomains + + + py.search.yahoo.com + + include_subdomains + + + pypa.io + + include_subdomains + + + pypi.python.org + + include_subdomains + + + python.org + + include_subdomains + + + qc.search.yahoo.com + + include_subdomains + + + qetesh.de + + include_subdomains + + + quuz.org + + include_subdomains + + + r3s1stanc3.me + + include_subdomains + + + rad-route.de + + include_subdomains + + + raiseyourflag.com + + include_subdomains + + + rapidresearch.me + + include_subdomains + + + ravchat.com + + include_subdomains + + + redlatam.org + + include_subdomains + + + redports.org + + include_subdomains + + + redteam-pentesting.de + + include_subdomains + + + reedloden.com + + include_subdomains + + + regar42.fr + + include_subdomains + + + reishunger.de + + include_subdomains + + + research.facebook.com + + include_subdomains + + + reserve-online.net + + include_subdomains + + + residentsinsurance.co.uk + + include_subdomains + + + reviews.anime.my + + include_subdomains + + + riccy.org + + include_subdomains + + + riesenmagnete.de + + include_subdomains + + + rippleunion.com + + include_subdomains + + + riseup.net + + include_subdomains + + + rlalique.com + + include_subdomains + + + rme.li + + include_subdomains + + + ro.search.yahoo.com + + include_subdomains + + + robteix.com + + include_subdomains + + + roddis.net + + include_subdomains + + + roland.io + + include_subdomains + + + romab.com + + include_subdomains + + + room-checkin24.de + + include_subdomains + + + rosenkeller.org + + include_subdomains + + + roundcube.mayfirst.org + + include_subdomains + + + ru-sprachstudio.ch + + include_subdomains + + + ru.search.yahoo.com + + include_subdomains + + + ruudkoot.nl + + include_subdomains + + + rw.search.yahoo.com + + include_subdomains + + + rws-vertriebsportal.de + + include_subdomains + + + s-c.se + + include_subdomains + + + sah3.net + + include_subdomains + + + sakaki.anime.my + + include_subdomains + + + salaervergleich.com + + include_subdomains + + + sale4ru.ru + + include_subdomains + + + salserocafe.com + + include_subdomains + + + samizdat.cz + + include_subdomains + + + sandbox.mydigipass.com + + include_subdomains + + + saturngames.co.uk + + include_subdomains + + + savetheinternet.eu + + include_subdomains + + + schachburg.de + + include_subdomains + + + schokokeks.org + + include_subdomains + + + schreiber-netzwerk.eu + + include_subdomains + + + schwarzer.it + + include_subdomains + + + sciencex.com + + include_subdomains + + + scotthelme.co.uk + + include_subdomains + + + scrambl.is + + include_subdomains + + + scribe.systems + + include_subdomains + + + script.google.com + + include_subdomains + + + sdsl-speedtest.de + + include_subdomains + + + se.search.yahoo.com + + include_subdomains + + + search.yahoo.com + + include_subdomains + + + secure.facebook.com + + include_subdomains + + + securesuisse.ch + + include_subdomains + + + securify.nl + + include_subdomains + + + security-carpet.com + + include_subdomains + + + security.google.com + + include_subdomains + + + securityheaders.com + + include_subdomains + + + secuvera.de + + include_subdomains + + + segu-info.com.ar + + include_subdomains + + + seifried.org + + include_subdomains + + + semenkovich.com + + include_subdomains + + + seomobo.com + + include_subdomains + + + seowarp.net + + include_subdomains + + + serverdensity.io + + include_subdomains + + + servergno.me + + include_subdomains + + + servethecity-karlsruhe.de + + include_subdomains + + + sg.search.yahoo.com + + include_subdomains + + + shaaaaaaaaaaaaa.com + + include_subdomains + + + shenyuqi.com + + include_subdomains + + + sherbers.de + + include_subdomains + + + shiinko.com + + include_subdomains + + + shipard.com + + include_subdomains + + + shodan.io + + include_subdomains + + + shohruh.uz + + include_subdomains + + + shopontarget.com + + include_subdomains + + + shops.neonisi.com + + include_subdomains + + + shortdiary.me + + include_subdomains + + + siammedia.co + + include_subdomains + + + silentcircle.com + + include_subdomains + + + silentcircle.org + + include_subdomains + + + simbolo.co.uk + + include_subdomains + + + simon.butcher.name + + include_subdomains + + + simple.com + + include_subdomains + + + simpletax.ca + + include_subdomains + + + simplia.cz + + include_subdomains + + + simplyfixit.co.uk + + include_subdomains + + + simplystudio.com + + include_subdomains + + + siraweb.org + + include_subdomains + + + siriad.com + + include_subdomains + + + sites.google.com + + include_subdomains + + + skydrive.live.com + + include_subdomains + + + slack.com + + include_subdomains + + + slattery.co + + include_subdomains + + + slevomat.cz + + include_subdomains + + + slidebatch.com + + include_subdomains + + + smartcoin.com.br + + include_subdomains + + + smartlend.se + + include_subdomains + + + smartship.co.jp + + include_subdomains + + + sol.io + + include_subdomains + + + sour.is + + include_subdomains + + + southside-crew.com + + include_subdomains + + + souvik.me + + include_subdomains + + + souyar.de + + include_subdomains + + + souyar.net + + include_subdomains + + + souyar.us + + include_subdomains + + + spartantheatre.org + + include_subdomains + + + spdysync.com + + include_subdomains + + + spencerbaer.com + + include_subdomains + + + spideroak.com + + include_subdomains + + + spongepowered.org + + include_subdomains + + + spreadsheets.google.com + + include_subdomains + + + sprueche-zum-valentinstag.de + + include_subdomains + + + sprueche-zur-geburt.info + + include_subdomains + + + sprueche-zur-hochzeit.de + + include_subdomains + + + sprueche-zur-konfirmation.de + + include_subdomains + + + square.com + + include_subdomains + + + squareup.com + + include_subdomains + + + sro.center + + include_subdomains + + + ssl.google-analytics.com + + include_subdomains + + + ssl.panoramio.com + + include_subdomains + + + sslmate.com + + include_subdomains + + + stage.wepay.com + + include_subdomains + + + standardssuck.org + + include_subdomains + + + static.wepay.com + + include_subdomains + + + staticanime.net + + include_subdomains + + + stationary-traveller.eu + + include_subdomains + + + steventress.com + + include_subdomains + + + stocktrade.de + + include_subdomains + + + stretchmyan.us + + include_subdomains + + + stripe.com + + include_subdomains + + + strongest-privacy.com + + include_subdomains + + + studydrive.net + + include_subdomains + + + subrosa.io + + include_subdomains + + + suite73.org + + include_subdomains + + + sunjaydhama.com + + include_subdomains + + + sunshinepress.org + + include_subdomains + + + supplies24.at + + include_subdomains + + + supplies24.es + + include_subdomains + + + support.mayfirst.org + + include_subdomains + + + surfeasy.com + + include_subdomains + + + surkatty.org + + include_subdomains + + + sv.search.yahoo.com + + include_subdomains + + + swehack.org + + include_subdomains + + + sylaps.com + + include_subdomains + + + sysctl.se + + include_subdomains + + + syss.de + + include_subdomains + + + t.facebook.com + + include_subdomains + + + tablet.facebook.com + + include_subdomains + + + tadigitalstore.com + + include_subdomains + + + tageau.com + + include_subdomains + + + talk.google.com + + include_subdomains + + + talkgadget.google.com + + include_subdomains + + + tapka.cz + + include_subdomains + + + tatort-fanpage.de + + include_subdomains + + + tauchkater.de + + include_subdomains + + + taxsquirrel.com + + include_subdomains + + + techhipster.net + + include_subdomains + + + tegelsensanitaironline.nl + + include_subdomains + + + tekshrek.com + + include_subdomains + + + tektoria.de + + include_subdomains + + + temehu.com + + include_subdomains + + + tent.io + + include_subdomains + + + terrax.berlin + + include_subdomains + + + testsuite.org + + include_subdomains + + + texte-zur-taufe.de + + include_subdomains + + + th.search.yahoo.com + + include_subdomains + + + thecustomizewindows.com + + include_subdomains + + + thepaymentscompany.com + + include_subdomains + + + therapynotes.com + + include_subdomains + + + theshadestore.com + + include_subdomains + + + thorncreek.net + + include_subdomains + + + thusoy.com + + include_subdomains + + + tickopa.co.uk + + include_subdomains + + + timtaubert.de + + include_subdomains + + + tinfoilsecurity.com + + include_subdomains + + + tinte24.de + + include_subdomains + + + tintenfix.net + + include_subdomains + + + tipps-fuer-den-haushalt.de + + include_subdomains + + + tittelbach.at + + include_subdomains + + + tls.li + + include_subdomains + + + tno.io + + include_subdomains + + + tobias-kluge.de + + include_subdomains + + + tollmanz.com + + include_subdomains + + + tomfisher.eu + + include_subdomains + + + tomvote.com + + include_subdomains + + + toner24.at + + include_subdomains + + + toner24.co.uk + + include_subdomains + + + toner24.es + + include_subdomains + + + toner24.fr + + include_subdomains + + + toner24.it + + include_subdomains + + + toner24.nl + + include_subdomains + + + toner24.pl + + include_subdomains + + + tonerdepot.de + + include_subdomains + + + tonerjet.at + + include_subdomains + + + tonerjet.co.uk + + include_subdomains + + + tonerklick.de + + include_subdomains + + + tonerkurier.de + + include_subdomains + + + tonermaus.de + + include_subdomains + + + tonermonster.de + + include_subdomains + + + tonex.de + + include_subdomains + + + tonex.nl + + include_subdomains + + + topodin.com + + include_subdomains + + + tor2web.org + + include_subdomains + + + torproject.org + + include_subdomains + + + toshnix.com + + include_subdomains + + + touch.facebook.com + + include_subdomains + + + tr.search.yahoo.com + + include_subdomains + + + translate.googleapis.com + + include_subdomains + + + translatoruk.co.uk + + include_subdomains + + + trauertexte.info + + include_subdomains + + + tresorit.com + + include_subdomains + + + tribut.de + + include_subdomains + + + triop.se + + include_subdomains + + + tunebitfm.de + + include_subdomains + + + tv.search.yahoo.com + + include_subdomains + + + tw.search.yahoo.com + + include_subdomains + + + twentymilliseconds.com + + include_subdomains + + + twimg.com + + include_subdomains + + + twitter.com + + include_subdomains + + + typingrevolution.com + + include_subdomains + + + ua.search.yahoo.com + + include_subdomains + + + ub3rk1tten.com + + include_subdomains + + + ubertt.org + + include_subdomains + + + uk.search.yahoo.com + + include_subdomains + + + ukdefencejournal.org.uk + + include_subdomains + + + ukhas.net + + include_subdomains + + + ukrainians.ch + + include_subdomains + + + unison.com + + include_subdomains + + + unterfrankenclan.de + + include_subdomains + + + upload.facebook.com + + include_subdomains + + + uprotect.it + + include_subdomains + + + uptrends.com + + include_subdomains + + + urchin.com + + include_subdomains + + + usaa.com + + include_subdomains + + + uy.search.yahoo.com + + include_subdomains + + + uz.search.yahoo.com + + include_subdomains + + + uzstyle.com + + include_subdomains + + + vaddder.com + + include_subdomains + + + ve.search.yahoo.com + + include_subdomains + + + vhost.co.id + + include_subdomains + + + viasinc.com + + include_subdomains + + + viennan.net + + include_subdomains + + + visionless.me + + include_subdomains + + + vmoagents.com + + include_subdomains + + + vn.search.yahoo.com + + include_subdomains + + + vocaloid.my + + include_subdomains + + + vortexhobbies.com + + include_subdomains + + + vpnzoom.com + + include_subdomains + + + vrobert.fr + + include_subdomains + + + w-spotlight.appspot.com + + include_subdomains + + + wallet.google.com + + include_subdomains + + + warrencreative.com + + include_subdomains + + + watsonhall.uk + + include_subdomains + + + wbg-vs.de + + include_subdomains + + + webandmore.de + + include_subdomains + + + webandwords.com.au + + include_subdomains + + + webcollect.org.uk + + include_subdomains + + + webfilings-eu-mirror.appspot.com + + include_subdomains + + + webfilings-eu.appspot.com + + include_subdomains + + + webfilings-mirror-hrd.appspot.com + + include_subdomains + + + webfilings.appspot.com + + include_subdomains + + + weblogzwolle.nl + + include_subdomains + + + webmail.gigahost.dk + + include_subdomains + + + webmail.mayfirst.org + + include_subdomains + + + webmail.onlime.ch + + include_subdomains + + + webmail.schokokeks.org + + include_subdomains + + + websenat.de + + include_subdomains + + + webtiles.co.uk + + include_subdomains + + + webtrh.cz + + include_subdomains + + + weggeweest.nl + + include_subdomains + + + welches-kinderfahrrad.de + + include_subdomains + + + wepay.com + + include_subdomains + + + wepay.in.th + + include_subdomains + + + wf-bigsky-master.appspot.com + + include_subdomains + + + wf-demo-eu.appspot.com + + include_subdomains + + + wf-demo-hrd.appspot.com + + include_subdomains + + + wf-dogfood-hrd.appspot.com + + include_subdomains + + + wf-pentest.appspot.com + + include_subdomains + + + wf-staging-hr.appspot.com + + include_subdomains + + + wf-training-hrd.appspot.com + + include_subdomains + + + wf-training-master.appspot.com + + include_subdomains + + + wf-trial-hrd.appspot.com + + include_subdomains + + + whatwg.org + + include_subdomains + + + when-release.ru + + include_subdomains + + + whonix.org + + include_subdomains + + + wieninternational.at + + include_subdomains + + + wiki.python.org + + include_subdomains + + + wikidsystems.com + + include_subdomains + + + wildbee.org + + include_subdomains + + + willnorris.com + + include_subdomains + + + winhistory-forum.net + + include_subdomains + + + wiz.biz + + include_subdomains + + + wohnungsbau-ludwigsburg.de + + include_subdomains + + + wpletter.de + + include_subdomains + + + writeapp.me + + include_subdomains + + + wubthecaptain.eu + + include_subdomains + + + wunderlist.com + + include_subdomains + + + www.aclu.org + + include_subdomains + + + www.airbnb.com + + include_subdomains + + + www.apollo-auto.com + + include_subdomains + + + www.banking.co.at + + include_subdomains + + + www.braintreepayments.com + + include_subdomains + + + www.calyxinstitute.org + + include_subdomains + + + www.capitainetrain.com + + include_subdomains + + + www.cueup.com + + include_subdomains + + + www.cyveillance.com + + include_subdomains + + + www.developer.mydigipass.com + + include_subdomains + + + www.dropbox.com + + include_subdomains + + + www.dropcam.com + + include_subdomains + + + www.elanex.biz + + include_subdomains + + + www.entropia.de + + include_subdomains + + + www.eternalgoth.co.uk + + include_subdomains + + + www.etsy.com + + include_subdomains + + + www.evernote.com + + include_subdomains + + + www.facebook.com + + include_subdomains + + + www.gamesdepartment.co.uk + + include_subdomains + + + www.getcloak.com + + include_subdomains + + + www.gmail.com + + include_subdomains + + + www.googlemail.com + + include_subdomains + + + www.gov.uk + + include_subdomains + + + www.grc.com + + include_subdomains + + + www.greplin.com + + include_subdomains + + + www.heliosnet.com + + include_subdomains + + + www.honeybadger.io + + include_subdomains + + + www.intercom.io + + include_subdomains + + + www.irccloud.com + + include_subdomains + + + www.jitsi.org + + include_subdomains + + + www.lastpass.com + + include_subdomains + + + www.ledgerscope.net + + include_subdomains + + + www.linode.com + + include_subdomains + + + www.logentries.com + + include_subdomains + + + www.lookout.com + + include_subdomains + + + www.makeyourlaws.org + + include_subdomains + + + www.moneybookers.com + + include_subdomains + + + www.mydigipass.com + + include_subdomains + + + www.mylookout.com + + include_subdomains + + + www.neonisi.com + + include_subdomains + + + www.noisebridge.net + + include_subdomains + + + www.opsmate.com + + include_subdomains + + + www.paycheckrecords.com + + include_subdomains + + + www.paypal.com + + include_subdomains + + + www.python.org + + include_subdomains + + + www.rme.li + + include_subdomains + + + www.roddis.net + + include_subdomains + + + www.sandbox.mydigipass.com + + include_subdomains + + + www.schokokeks.org + + include_subdomains + + + www.simbolo.co.uk + + include_subdomains + + + www.simple.com + + include_subdomains + + + www.surfeasy.com + + include_subdomains + + + www.therapynotes.com + + include_subdomains + + + www.tinfoilsecurity.com + + include_subdomains + + + www.torproject.org + + include_subdomains + + + www.twitter.com + + include_subdomains + + + www.usaa.com + + include_subdomains + + + www.viasinc.com + + include_subdomains + + + www.wepay.com + + include_subdomains + + + www.zenpayroll.com + + include_subdomains + + + xa.search.yahoo.com + + include_subdomains + + + xbrlsuccess.appspot.com + + include_subdomains + + + xn--maraa-rta.org + + include_subdomains + + + xps2pdf.co.uk + + include_subdomains + + + xtream-hosting.com + + include_subdomains + + + xtream-hosting.de + + include_subdomains + + + xtream-hosting.eu + + include_subdomains + + + xtreamhosting.eu + + include_subdomains + + + y-o-w.com + + include_subdomains + + + yahvehyireh.com + + include_subdomains + + + yetii.net + + include_subdomains + + + yoursecondphone.co + + include_subdomains + + + youtu.be + + include_subdomains + + + youtube-nocookie.com + + include_subdomains + + + youtube.com + + include_subdomains + + + ypart.eu + + include_subdomains + + + ytimg.com + + include_subdomains + + + z.ai + + include_subdomains + + + za.search.yahoo.com + + include_subdomains + + + zenpayroll.com + + include_subdomains + + + zeplin.io + + include_subdomains + + + zeropush.com + + include_subdomains + + + zh.search.yahoo.com + + include_subdomains + + + zixiao.wang + + include_subdomains + + + zlavomat.sk + + include_subdomains + + + zoo24.de + + include_subdomains + + + zotero.org + + include_subdomains + + + + diff --git a/Endless/URLBlocker.m b/Endless/URLBlocker.m index b1c581e..8f1f168 100644 --- a/Endless/URLBlocker.m +++ b/Endless/URLBlocker.m @@ -10,9 +10,8 @@ @implementation URLBlocker + (NSDictionary *)targets { if (_targets == nil) { - NSFileManager *fm = [NSFileManager defaultManager]; NSString *path = [[NSBundle mainBundle] pathForResource:@"urlblocker_targets" ofType:@"plist"]; - if (![fm fileExistsAtPath:path]) { + if (![[NSFileManager defaultManager] fileExistsAtPath:path]) { NSLog(@"[URLBlocker] no target plist at %@", path); abort(); } diff --git a/Endless/URLInterceptor.m b/Endless/URLInterceptor.m index 3f52881..a331cd6 100644 --- a/Endless/URLInterceptor.m +++ b/Endless/URLInterceptor.m @@ -1,4 +1,5 @@ #import "AppDelegate.h" +#import "HSTSCache.h" #import "HTTPSEverywhere.h" #import "URLBlocker.h" #import "URLInterceptor.h" @@ -101,7 +102,11 @@ - (void)startLoading return; } } + + /* check HSTS cache first to see if scheme needs upgraded */ + [newRequest setURL:[[appDelegate hstsCache] rewrittenURI:[[self request] URL]]]; + /* then check HTTPS Everywhere (must pass all URLs since some rules are not just scheme changes */ NSArray *HTErules = [HTTPSEverywhere potentiallyApplicableRulesForHost:[[[self request] URL] host]]; if (HTErules != nil && [HTErules count] > 0) { [newRequest setURL:[HTTPSEverywhere rewrittenURI:[[self request] URL] withRules:HTErules]]; @@ -204,6 +209,13 @@ - (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLRespon { [self extractCookiesFromResponse:response forURL:[self.request URL] fromMainDocument:[wvt url]]; + if ([[[self.request URL] scheme] isEqualToString:@"https"]) { + NSString *hsts = [[(NSHTTPURLResponse *)response allHeaderFields] objectForKey:HSTS_HEADER]; + if (hsts != nil && ![hsts isEqualToString:@""]) { + [[appDelegate hstsCache] parseHSTSHeader:hsts forHost:[[self.request URL] host]]; + } + } + if (self.isOrigin) { if ([[[[self.request URL] scheme] lowercaseString] isEqualToString:@"https"]) { /* initial request was over https, start considering us secure */ diff --git a/LICENSE b/LICENSE index 3544d3a..0ee30f1 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -endless +Endless Copyright (c) 2014 joshua stein (NOTE: This is not a BSD/ISC/MIT license. You are permitted to use this diff --git a/README.md b/README.md index 27d5949..a33a751 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,9 @@ course) with a design goal of increased security and privacy. requests over SSL where supported, including setting the secure bit on received cookies and auto-detection of redirection loops +- HTTP Strict Transport Security (RFC6797) implementation (in addition to + WebKit's mystery built-in one) with Chromium's large preload list + - Integrated URL blocker with a small included ruleset of behavior-tracking advertising, analytics, and social networking widgets (this list is intended for enhancing privacy and not to be an AdBlock-style comprehensive ad-blocking @@ -47,8 +50,6 @@ course) with a design goal of increased security and privacy. - Auto-destroy session cookies *n* seconds after closing last tab using those cookies -- HTTP Strict Transport Security cache - - Bookmarks, probably a home-screen table layout like Safari #####Some nice-to-haves: diff --git a/convert_rules.rb b/convert_rules.rb index 578b77c..930ffc2 100644 --- a/convert_rules.rb +++ b/convert_rules.rb @@ -3,23 +3,32 @@ require "active_support/core_ext/hash/conversions" require "plist" require "json" +require "net/https" +require "uri" HTTPS_E_TARGETS_PLIST = "Endless/Resources/https-everywhere_targets.plist" +HTTPS_E_RULES_PLIST = "Endless/Resources/https-everywhere_rules.plist" HTTPS_E_GIT_COMMIT = File.read("https-everywhere/.git/refs/heads/master"). strip[0, 12] -skip_https_e = false - -if File.exists?(HTTPS_E_TARGETS_PLIST) - if m = File.open(HTTPS_E_TARGETS_PLIST).gets.to_s.match(/Everywhere (.+) - /) - skip_https_e = (m[1] == HTTPS_E_GIT_COMMIT) +URLBLOCKER_JSON = "urlblocker.json" +URLBLOCKER_TARGETS_PLIST = "Endless/Resources/urlblocker_targets.plist" + +# in b64 for some reason +HSTS_PRELOAD_LIST = "https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json?format=TEXT" +HSTS_PRELOAD_HOSTS_PLIST = "Endless/Resources/hsts_preload.plist" + +# convert all HTTPS Everywhere XML rule files into one big rules hash and write +# it out as a plist, as well as a standalone hash of target URLs -> rule names +# to another plist +def convert_https_e + if File.exists?(HTTPS_E_TARGETS_PLIST) + if m = File.open(HTTPS_E_TARGETS_PLIST).gets.to_s.match(/Everywhere (.+) - /) + if (m[1] == HTTPS_E_GIT_COMMIT) + return + end + end end -end - -if !skip_https_e - # convert all HTTPS Everywhere XML rule files into one big rules hash and - # write it out as a plist, as well as a standalone hash of target URLs -> - # rule names to another plist rules = {} targets = {} @@ -58,29 +67,49 @@ end File.write(HTTPS_E_TARGETS_PLIST, - "\n" + + "\n" + targets.to_plist) - File.write("Endless/Resources/https-everywhere_rules.plist", - "\n" + + File.write(HTTPS_E_RULES_PLIST, + "\n" + rules.to_plist) end -# do similar for URL blocking rules, converting JSON ruleset into a list of -# target domains and a list of rulesets with information URLs +# convert JSON ruleset into a list of target domains and a list of rulesets +# with information URLs +def convert_urlblocker + targets = {} -targets = {} + JSON.parse(File.read(URLBLOCKER_JSON)).each do |company,domains| + domains.each do |dom| + targets[dom] = company + end + end + + File.write(URLBLOCKER_TARGETS_PLIST, + "\n" + + targets.to_plist) +end + +def convert_hsts_preload + domains = {} -JSON.parse(File.read("urlblocker.json")).each do |company,domains| - domains.each do |dom| - targets[dom] = company + json = JSON.parse(Net::HTTP.get(URI(HSTS_PRELOAD_LIST)).unpack("m0").first) + json["entries"].each do |entry| + domains[entry["name"]] = { + "include_subdomains" => !!entry["include_subdomains"] + } end + + File.write(HSTS_PRELOAD_HOSTS_PLIST, + "\n" + + domains.to_plist) end -File.write("Endless/Resources/urlblocker_targets.plist", - "\n" + - targets.to_plist) +convert_https_e +convert_urlblocker +convert_hsts_preload