Skip to content

Commit

Permalink
ver:2.0.13 (#28)
Browse files Browse the repository at this point in the history 
## [2.0.13]-2023-03-07
感谢 osxtest 为本项目贡献代码
感谢 冰茶、 明月清风、 不悲、 1nfosec、 潜龙在渊 等师傅对来源提示和超链接功能的建议
感谢 独自等待、 Wild Code Developer 对登录异常的反馈
### 添加
- 新增了插件图标处有几种类型被匹配到的数字提示,此功能为 osxtest 开发。
- 新增了域名白名单,通过配置常用的域名,避免目标站点登录时csrf_token失效。
- 新增了提取到的信息来源提示和超链接,现在你可以通过“ctrl+左键”或“右键-在新标签页中打开链接”来打开该信息的来源链接。
### 修复
- 修复一些体验上的bug。
  • Loading branch information
@ResidualLaugh
ResidualLaugh authored Mar 7, 2023
1 parent 31cee95 commit b9a0c35
Show file tree
Hide file tree
Showing 7 changed files with 178 additions and 89 deletions.
11 changes: 11 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,16 @@
# 变更日志
此项目的所有显著更改将记录在此文件中。
## [2.0.13]-2023-03-07
感谢 osxtest 为本项目贡献代码
感谢 冰茶、 明月清风、 不悲、 1nfosec、 潜龙在渊 等师傅对来源提示和超链接功能的建议
感谢 独自等待、 Wild Code Developer 对登录异常的反馈
### 添加
- 新增了插件图标处有几种类型被匹配到的数字提示,此功能为 osxtest 开发。
- 新增了域名白名单,通过配置常用的域名,避免目标站点登录时csrf_token失效。
- 新增了提取到的信息来源提示和超链接,现在你可以通过“ctrl+左键”或“右键-在新标签页中打开链接”来打开该信息的来源链接。
### 修复
- 修复一些体验上的bug。

## [2.0.12]-2023-02-14
感谢 小笼包 提出bug。
### 修复
Expand Down
106 changes: 58 additions & 48 deletions background.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -827,7 +827,7 @@ function webhook(data) {
data = JSON.stringify(search_data[data]);
// console.log(data);
chrome.storage.local.get(["webhook_setting"], function(settings){
if(settings["webhook_setting"] == {} || settings["webhook_setting"] ==undefined){
if(!settings || !settings["webhook_setting"] || settings["webhook_setting"] == {} || settings["webhook_setting"] ==undefined){
// console.log('获取webhook_setting失败');
return;
}
Expand Down Expand Up @@ -902,14 +902,14 @@ chrome.runtime.onMessage.addListener(
search_data[request.current]['tasklist'] = [];
search_data[request.current]['donetasklist'] = [];
}else{
search_data[request.current] = {'current':request.current, 'tasklist': [], 'donetasklist': []};
search_data[request.current] = {'current':request.current, 'tasklist': [], 'donetasklist': [], 'source': {}};
}
let promiseTask = [];
for (var i = request.data.length - 1; i >= 0; i--) {
request.data.map((req_url)=>{
try{
var myRequest = new Request(request.data[i], myInit);
search_data[request.current]['tasklist'].push(0);
var myRequest = new Request(req_url, myInit);
let p = fetch(myRequest,myInit).then(function(response) {
search_data[request.current]['tasklist'].push(0);
// console.log(response);
response.text().then(function(text) {
// console.log(text);
Expand All @@ -919,54 +919,62 @@ chrome.runtime.onMessage.addListener(

//遍历所有数据类型
for (var i = 0; i < key.length; i++) {
//如果传入的数据没有这个类型,就看下一个
if (tmp_data[key[i]] == null){
continue;
}
// 把前端的处理放到这里避免重复
if (not_sub_key.indexOf(key[i])<0){
tmp_data[key[i]] = sub_1(tmp_data[key[i]])
}
//如果search_data有历史数据,进行检查
if (tmp_data['current'] in search_data){
for (var j = 0; j < key.length; j++) {
if (search_data[tmp_data['current']][key[j]]!=null){
tmp_data[key[i]] = jiaoji(unique(tmp_data[key[i]]),find(unique(tmp_data[key[i]]),search_data[tmp_data['current']][key[j]]))
//如果传入的数据没有这个类型,就看下一个
if (tmp_data[key[i]] == null){
continue;
}
// 把前端的处理放到这里避免重复
if (not_sub_key.indexOf(key[i])<0){
tmp_data[key[i]] = sub_1(tmp_data[key[i]])
}
tmp_data[key[i]].map((item)=>{
search_data[tmp_data['current']]['source'][item] = req_url
})
//如果search_data有历史数据,进行检查
if (tmp_data['current'] in search_data){
for (var j = 0; j < key.length; j++) {
if (search_data[tmp_data['current']][key[j]]!=null){
tmp_data[key[i]] = jiaoji(unique(tmp_data[key[i]]),find(unique(tmp_data[key[i]]),search_data[tmp_data['current']][key[j]]))
}
}
}
if (tmp_data['current'] in search_data && search_data[tmp_data['current']][key[i]]!=null ){
var search_data_value = unique(add(search_data[tmp_data['current']][key[i]],tmp_data[key[i]])).sort()
if ('static' in search_data[tmp_data['current']]){
var res = collect_static(search_data_value,search_data[tmp_data['current']]['static'])
}else{
var res = collect_static(search_data_value,[])
}
search_data[tmp_data['current']][key[i]] = res['arr1']
search_data[tmp_data['current']]['static'] = res['static']
}else{
var search_data_value = unique(tmp_data[key[i]]).sort()
if ('static' in search_data[tmp_data['current']]){
var res = collect_static(search_data_value,search_data[tmp_data['current']]['static'])
}else{
var res = collect_static(search_data_value,[])
}
search_data[tmp_data['current']]['static'] = res['static']
search_data[tmp_data['current']][key[i]] = res['arr1']
}
}
}
if (tmp_data['current'] in search_data && search_data[tmp_data['current']][key[i]]!=null ){
var search_data_value = unique(add(search_data[tmp_data['current']][key[i]],tmp_data[key[i]])).sort()
if ('static' in search_data[tmp_data['current']]){
var res = collect_static(search_data_value,search_data[tmp_data['current']]['static'])
}else{
var res = collect_static(search_data_value,[])
}
search_data[tmp_data['current']][key[i]] = res['arr1']
search_data[tmp_data['current']]['static'] = res['static']
}else{
var search_data_value = unique(tmp_data[key[i]]).sort()
if ('static' in search_data[tmp_data['current']]){
var res = collect_static(search_data_value,search_data[tmp_data['current']]['static'])
}else{
var res = collect_static(search_data_value,[])
}
search_data[tmp_data['current']]['static'] = res['static']
search_data[tmp_data['current']][key[i]] = res['arr1']
}
}
search_data[request.current]['donetasklist'].push(0);
tab_url[sender.tab.id] = request.current;
refresh_count();
chrome.storage.local.set({["findsomething_result_"+request.current]: search_data[request.current]}, function(){});
});
}).catch(err=>{ console.log("fetch error",err)});
}).catch(err=>{
console.log("fetch error",err);
search_data[request.current]['donetasklist'].push(0);
refresh_count();
chrome.storage.local.set({["findsomething_result_"+request.current]: search_data[request.current]}, function(){});
});
promiseTask.push(p);
}
catch (e){
continue;
// console.log(e);
}
}
});
chrome.storage.local.get(["fetch_timeout"], function(settings){
if(settings["fetch_timeout"] == true){

Expand Down Expand Up @@ -1007,16 +1015,18 @@ chrome.runtime.onMessage.addListener(
});

chrome.tabs.onUpdated.addListener(function (tabId, props) {
if (props.status == "complete" && tabId == selected_id)
refresh_count();
if (props.status == "complete" && tabId == selected_id)
refresh_count();
});

chrome.tabs.onActivated.addListener(function (activeInfo) {
selected_id = activeInfo.tabId;
refresh_count();
selected_id = activeInfo.tabId;
refresh_count();
});

chrome.tabs.query({ active: true, currentWindow: true }, function (tabs) {
selected_id = tabs[0].id;
refresh_count();
if(tabs && tabs[0]){
selected_id = tabs[0].id;
refresh_count();
}
});
69 changes: 40 additions & 29 deletions content.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,38 +7,44 @@
var source = document.getElementsByTagName('html')[0].innerHTML;
var hostPath;
var urlPath;
var urlWhiteList = ['google.com'];
var urlWhiteList = ['.google.com','.amazon.com','portswigger.net'];
var target_list = [];
for(var i = 0;i < urlWhiteList.length;i++){
if(host.indexOf(urlWhiteList[i]) != -1){
return false;
}
}
target_list.push(window.location.href);

var source_href = source.match(/href=['"].*?['"]/g);
var source_src = source.match(/src=['"].*?['"]/g);
var script_src = source.match(/<script [^><]*?src=['"].*?['"]/g);
// console.log(source_href,source_src,script_src)
if(source_href){
for(var i=0;i<source_href.length;i++){
var u = deal_url(source_href[i].substring(6,source_href[i].length-1));
if(u){
target_list.push(u);
chrome.storage.local.get(["allowlist"], function(settings){
// console.log(settings , settings['allowlist'])
if(settings && settings['allowlist']){
urlWhiteList = settings['allowlist'];
}
for(var i = 0;i < urlWhiteList.length;i++){
if(host.endsWith(urlWhiteList[i])){
console.log('域名在白名单中,跳过当前页')
return ;
}
}
}
if(source_src){
for(var i=0;i<source_src.length;i++){
var u = deal_url(source_src[i].substring(5,source_src[i].length-1));
if(u){
target_list.push(u);
target_list.push(window.location.href);

// console.log(source_href,source_src,script_src)
if(source_href){
for(var i=0;i<source_href.length;i++){
var u = deal_url(source_href[i].substring(6,source_href[i].length-1));
if(u){
target_list.push(u);
}
}
}
}

chrome.runtime.sendMessage({greeting: "find",data: target_list, current: href}, function(response) { });

if(source_src){
for(var i=0;i<source_src.length;i++){
var u = deal_url(source_src[i].substring(5,source_src[i].length-1));
if(u){
target_list.push(u);
}
}
}

chrome.runtime.sendMessage({greeting: "find",data: target_list, current: href});
});
function is_script(u){
if(script_src){
for(var i=0;i<script_src.length;i++){
Expand Down Expand Up @@ -311,19 +317,24 @@ function show_info(result_data) {
}
function get_info() {
chrome.runtime.sendMessage({greeting: "get", current: window.location.href}, function(result_data) {
if(result_data == undefined || result_data['done']!='done' || result_data==null){
let taskstatus = document.getElementById('taskstatus');
if(!taskstatus){
return;
}
if(!result_data|| result_data['done']!='done'){
// console.log('还未提取完成');
if(result_data != undefined || result_data!=null ){
if(result_data){
show_info(result_data);
document.getElementById('taskstatus').textContent = "处理中.."+result_data['donetasklist'].length+"/"+result_data['tasklist'].length;

taskstatus.textContent = "处理中.."+result_data['donetasklist'].length+"/"+result_data['tasklist'].length;
}else{
document.getElementById('taskstatus').textContent = "处理中..";
taskstatus.textContent = "处理中..";
}
sleep(100);
get_info();
return;
}
document.getElementById('taskstatus').textContent = "处理完成:"+result_data['donetasklist'].length+"/"+result_data['tasklist'].length;
taskstatus.textContent = "处理完成:"+result_data['donetasklist'].length+"/"+result_data['tasklist'].length;
show_info(result_data);
// 结果不一致继续刷新
if(result_data['donetasklist'].length!=result_data['tasklist'].length){
Expand Down
2 changes: 1 addition & 1 deletion manifest.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "FindSomething",
"version": "2.0.12",
"version": "2.0.13",
"manifest_version": 3,
"description": "在网页的源代码或js中找到一些有趣的东西",
"permissions": [
Expand Down
47 changes: 38 additions & 9 deletions popup.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,35 +58,63 @@ function sleep (time) {
return new Promise((resolve) => setTimeout(resolve, time));
}

// 实体编码,防止xss
function htmlEncodeByRegExp(str) {
var s = '';
if(str.length === 0) {
return '';
}
s = str.replace(/&/g,'&amp;');
s = s.replace(/</g,'&lt;');
s = s.replace(/>/g,'&gt;');
s = s.replace(/ /g,'&nbsp;');
s = s.replace(/\'/g,'&#39;');
s= s.replace(/\"/g,'&quot;');
return s;
}

function show_info(result_data) {
for (var k in key){
if (result_data[key[k]]){
// console.log(result_data[key[k]])
let p="";
for(var i in result_data[key[k]]){
p = p + result_data[key[k]][i] +'\n'
let container = document.getElementById(key[k]);
while((ele = container.firstChild)){
ele.remove();
}
container.style.whiteSpace = "pre";
for (var i in result_data[key[k]]){
let link = document.createElement("a");
link.textContent = result_data[key[k]][i]+'\n';
let source = result_data['source'][result_data[key[k]][i]];
if (source) {
//虽然无法避免被xss,但插件默认提供了正确的CSP,这意味着我们即使不特殊处理,javascript也不会被执行。
// source = 'javascript:console.log`1`'
link.setAttribute("href", source);
link.setAttribute("title", source);
}
let span = document.createElement("span");
span.appendChild(link);
container.appendChild(span);
}
document.getElementById(key[k]).style.whiteSpace="pre";
document.getElementById(key[k]).textContent=p;
}
}
}

getCurrentTab().then(function get_info(tab) {
// console.log("findsomething_result_"+tab.url)
chrome.storage.local.get(["findsomething_result_"+tab.url], function(result_data) {
if (result_data==undefined){
if (!result_data){
sleep(100);
get_info(tab);
return;
}
result_data = result_data["findsomething_result_"+tab.url]
// console.log(result_data)
if(result_data == undefined || result_data['done']!='done'){
if(!result_data || result_data['done']!='done'){
// console.log('还未提取完成');
if(result_data && result_data.donetasklist){
// console.log("findsomething_result_"+tab.url)
chrome.storage.local.get(["findsomething_result_"+tab.url], show_info(result_data));
chrome.storage.local.get(["findsomething_result_"+tab.url], function(result){show_info(result["findsomething_result_"+tab.url]);});
// show_info(result_data);
document.getElementById('taskstatus').textContent = "处理中.."+result_data['donetasklist'].length+"/"+result_data['tasklist'].length;
}else{
Expand All @@ -96,8 +124,9 @@ getCurrentTab().then(function get_info(tab) {
get_info(tab);
return;
}
// console.log(result_data)
document.getElementById('taskstatus').textContent = "处理完成:"+result_data['donetasklist'].length+"/"+result_data['tasklist'].length;
chrome.storage.local.get(["findsomething_result_"+tab.url], show_info(result_data));
chrome.storage.local.get(["findsomething_result_"+tab.url], function(result){show_info(result["findsomething_result_"+tab.url]);});
// show_info(result_data);
// 结果不一致继续刷新
// if(result_data['donetasklist'].length!=result_data['tasklist'].length){
Expand Down
12 changes: 12 additions & 0 deletions settings.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,21 @@
"auth":"auth_key"
}'></textarea></div>
</div>

<a href="#"><div style="width: 90px; height: 28px; float: left; text-align: center; line-height: 28px; font-size: 14px; background: #ffffff; color: #000000; border: 1px solid black;border-radius: 2px 2px 2px 2px; margin-top: 10px;" id="reset">置空并保存</div></a>
<a href="#"><div style="width: 40px; height: 28px; float: left; text-align: center; line-height: 28px; font-size: 14px; background: #000000; color: #ffffff; border: 1px solid black;border-radius: 2px 2px 2px 2px; margin-left: 10px; margin-top: 10px;" id="save">保存</div></a>
<div style="width: 300px; float: left; margin-top: 20px;">
<div class="findsomething_title" style="margin-bottom:10px;">域名白名单</div>
<div style="float: left; width: 198px; margin-top:6px;"><textarea id="allowlist" style="width: 198px; padding: 0 0 0 0; border-color: #e8e8e8; min-height: 200px;" placeholder='输入域名的结尾部分,以换行分隔,若不配置默认使用.google.com,.amazon.com,portswigger.net'>.google.com
.amazon.com
portswigger.net
</textarea></div>
</div>
<div style="width: 300px; float: left; margin-top: 20px;">
<a href="#"><div style="width: 90px; height: 28px; float: left; text-align: center; line-height: 28px; font-size: 14px; background: #ffffff; color: #000000; border: 1px solid black;border-radius: 2px 2px 2px 2px; margin-top: 10px;" id="reset_allowlist">置空并保存</div></a>
<a href="#"><div style="width: 40px; height: 28px; float: left; text-align: center; line-height: 28px; font-size: 14px; background: #000000; color: #ffffff; border: 1px solid black;border-radius: 2px 2px 2px 2px; margin-left: 10px; margin-top: 10px;" id="save_allowlist">保存</div></a>
</div>

<div style="width: 600px; height: 800px; float: left;">

</div>
Expand Down
Loading

0 comments on commit b9a0c35

Please sign in to comment.